Dilation Effect, the security research institute, detected SMS Spoofing targeting crypto users. Attackers use SMS spoofing technology to send scam messages into the official SMS dialog box of the leading exchanges. By deceiving users into thinking these messages are from reliable sources, they induce users to click on malicious links or call scam phone numbers, thus committing fraud.
According to the Dilation Effect report, the target investors are in the Hong Kong SAR. Common scam messages include “Your account has logged in on a new device” or “Your account has security risks,” with malicious phone numbers or websites, luring users to enter account information or make transfers.
To avoid the above security risks, Matrixport now provides detailed analysis and preventive measures to help you defend against such attacks.
What is SMS Spoofing?
SMS Spoofing is a common form of social engineering attack. Attackers modify the sender information of text messages, making them appear to come from trusted institutions such as exchanges, banks, or other official platforms. Due to the lack of strict regulation on this type of technology in some regions, these attacks are highly deceptive and difficult to detect.
Common Attack Methods
- Impersonating official institutions: SMS displays the names of official institutions, enhancing deception.
- Creating a sense of urgency: Claiming an abnormal login or security risk in the account induces users to take immediate action.
- Guiding sensitive operations: SMS messages may contain malicious links or scam phone numbers, directing users to enter account passwords or directly transfer funds.
How to Prevent SMS Spoofing?
1. Do not easily believe the content of the SMS, be alert to social engineering attacks
If someone in the SMS or phone calls claims to be from Matrixport and proactively asks for your account or personal information, please be vigilant. Matrixport will never ask you to transfer money or provide account passwords, 2FA, or real-name information in any form.
If you receive similar information, please log in to the “Official Verification Channel” or consult the Matrixport APP customer service for verification. Do not directly click on any links or information collection authorizations provided. The Matrixport customer service team is happy to assist you.
Customer Service: Go to the Matrixport official website – Click on the “Message” icon in the lower right corner; or go to the Matrixport App home page – Click on the “Message” icon in the upper right corner.
2. Protect Your Personal Information and Prevent Information Leakage
- Avoid disclosing personal information on social media or forums, including registration emails, phone numbers, etc., to prevent attackers from exploiting it.
- Use dedicated email addresses and phone numbers for crypto accounts to minimize the impact of information leakage.
3. Importance of Two-Factor Authentication (2FA):
Attackers can easily intercept SMS verification codes. Matrixport recommends using TOTP (Time-Based One-Time Password) solutions, such as Google Authenticator (GA), for two-factor authentication.
Guidelines for Safe Use of TOTP Authenticators:
- Properly keep the binding key of the 2FA application:
The key can be used to verify account recovery. Save it by handwriting or store it in password management software like 1Password. Do not store it in the cloud.
- Disable cloud backup features
This ensures that verification codes are only stored on your device, preventing hackers from obtaining them through cloud leaks.
- Only use reliable TOTP applications:
Recommended TOTP authenticators include Google Authenticator, Microsoft Authenticator, Duo Mobile, or Okta Verify. Ensure they are downloaded from mainstream app markets like Google Play.
- Avoid using PC-based or browser plugins
PC-based TOTP authenticators (such as Authy Desktop, WinAuth, Authenticator.cc) pose higher security risks and are not recommended.
- Enable privacy protection in 2FA applications
Enable Face ID or fingerprint unlock in the settings of 2FA applications to prevent security incidents in case of phone theft.
- If possible, use dedicated offline devices to run TOTP authenticators
TOTP authenticators rely on device time settings. Regularly calibrate device time to prevent authentication failures.
Get information from the Matrixport official website and the Matrixport APP: Do not easily believe any third-party promotions or security reminders. If you receive suspicious SMS or emails, report them to the Matrixport customer service team immediately. Do not quickly enter account information or execute transfer operations.
SMS phishing attacks are not new hacking techniques, but they still have strong deceptive qualities because they exploit users’ trust. In the face of ever-changing security threats, users need to enhance security awareness and adopt more rigorous account security measures, including not readily believing SMS content, enhancing personal information protection, using more secure two-factor authentication methods, and following official channels.
The Matrixport security team will continue to monitor market trends. If you encounter any suspicious activity, please immediately contact the official Matrixport customer service team.
Download Matrixport Official APP: https://invest.matrixport.com/downloadPage/en
Matrixport Official X: https://x.com/Matrixport_EN
Matrixport Official Community: https://t.me/Matrixport_EN