Falling for a phishing attack is a common way to get hacked. In fact, most of the large data breaches in recent years have been due to phishing.

In this article, we’ll explain the most common phishing methods and give you tips on how to protect yourself against them. 

To start off, let us clarify what phishing is. The definition of phishing is: “the practice of sending fraudulent communications that appear to come from a reputable source.”

Link phishing - what is it?

While phishing scams come in many forms, the most common scenario occurs when using a search engine to search for the word "Finoa" and clicking on a link without checking the URL. 

In such a case, the goal of the attacker is to get users to enter their sign-in credentials into a fraudulent site that imitates the actual Finoa website. Phishing websites look almost identical to the official site. However, the most telling difference is that the website address is noticeably different from the official URL which, in the case of Finoa, is https://login.finoa.io/.

Email phishing 

Another phishing method occurs when you receive an unsolicited email or text that asks you to click a link or sign in to your account. This could be a scammer impersonating Finoa or another exchange or wallet provider. The links will lead to a website almost identical to the actual exchange or wallet that the sender purports to represent.

These links are malicious and will request that you enter your username and password. Any information you enter will be recorded, sent to scammers, and used against you to gain access to your accounts and steal your cryptocurrency.

Other common phishing techniques 

1. Installing a Trojan via a malicious email attachment or ad, which allows the intruder to exploit loopholes and obtain sensitive information.

2. Spoofing the sender's address in an email to appear as a reputable source and requesting sensitive information.

3. Attempting to obtain company information over the phone by impersonating a known company vendor or IT department.

How to protect yourself

Here are our top tips for improving your security and protecting against phishing when surfing the internet:

  • Bookmark the legitimate websites you visit often. Bookmark https://login.finoa.io to avoid using search engines to navigate to our site.
  • Ensure the website’s URL begins with “HTTPS”. Look for the closed lock icon 🔒 in the address bar.
  • Consider setting up an email account that you only use for Finoa.
  • Check the website address to ensure it is the actual site. Carefully look for spelling errors in the business name.
  • Always verify the email addresses that you receive emails from.
  • Never click on the links found inside emails or texts if you are not sure about the sender.
  • Do not reuse old passwords. Use a password manager and make sure you use a long password that contains both alpha-numeric and special characters.
  • Do not save passwords in your browser as these can get leaked.

We will never ask you for:

  • Your username. Keep your username secret.
  • Your passwords. Never give out your passwords to anyone.
  • Removing two-factor authentication (2FA).
  • Access to your devices via remote desktop access software like Teamviewer or AnyDesk. (Never give support staff (or anyone else for that matter) remote access to your machine. This effectively gives the scammer full access to your computer, online financial accounts, and digital life.)
  • Never accept calls asking for your confidential personal information. Be aware that scammers can spoof legitimate phone numbers and use voice-modifying software to impersonate real people.

Report phishing

Please report any Finoa phishing sites you encounter. If you are a victim of a phishing attack, please immediately take action to secure your account by changing your email and Finoa password.

When you have a doubt as to whether an email is legitimate, make sure to double-check with the person who supposedly sent it. Always report spam emails and phishing attempts – this can help the mailer filter better detect malicious inbound messages.

For any further questions, write us at security@finoa.io and our security team will be happy to advise you.