Top five tips to protect yourself from social engineering

• Be careful with unexpected messages. Think before clicking links or opening attachments.

• Watch what you post online. Limit sharing personal information.

• Avoid public Wi-Fi for sensitive activities. Use secure networks or a VPN instead.

• Enable 2FA to protect your accounts and reduce the risk of unauthorized access.

• Stay informed and learn to spot and report social engineering tactics.

1. Question the unexpected

Bad actors thrive on surprise and familiarity, often posing as trusted entities such as colleagues, banks, or even OKX itself. They employ tactics designed to elicit immediate responses, like claiming account issues or urging urgent action to avoid penalties. To counter this:

• Verify first, respond later: When you get messages, emails, or calls asking for sensitive information, check who sent them first.

• Examine links and attachments: Hover over links to check the actual URL before clicking. Malicious links often mimic legitimate ones with subtle changes, like replacing letters with similar-looking characters.

• Avoid emotional decisions: Fraudsters rely on urgency to cloud your judgment. Take a moment to pause and analyze before taking action. Trust your initial intuition. If it doesn't feel right, it probably isn't.

2. Think Before You Share

• Limit social media exposure: Avoid posting sensitive information, such as your address, travel plans, or workplace activities. Even something as harmless as a “day-in-the-life” post can provide valuable clues to an attacker.

• Use privacy settings: Regularly review and update privacy settings on social platforms to control who can view your information.

• Think Twice About Requests: Be careful of quizzes or innocent surveys that ask for personal details—they may be ploys to collect data for attacks.

3. Avoid public Wi-Fi

• Stick to Secure Networks: Always use private Wi-Fi or your mobile data connection for such activities.

• Use a VPN: Virtual Private Networks (VPNs) encrypt your internet traffic, making it significantly harder for attackers to intercept your data. Choose a trusted provider and use it whenever you connect to public networks.

• Disable Auto-Connect: Prevent your devices from automatically connecting to nearby Wi-Fi networks, as this can expose you to risks unknowingly.

4. Enable Two-Factor Authentication (2FA)

• Choose App-Based 2FA/MFA: Authenticator apps generate time-sensitive codes, providing stronger protection compared to SMS-based 2FA, which can be vulnerable to SIM-swap attacks.

• Use Unique Passwords: Never reuse passwords across accounts. A password manager can help you generate and store complex, unique passwords securely.

• Enable 2FA/MFA Everywhere: Apply 2FA/MFA to all accounts where it’s available — not just your OKX account. This reduces the risk of a domino effect if one account is compromised.

Learn More

5. Stay Informed and Report Suspicious Behavior

• Urgency scams: Messages or calls pressuring you to act immediately to avoid a penalty or claim a reward.

• Impersonation attempts: Fraudsters pretending to be OKX representatives or other trusted entities.

• Baiting tactics: Offering free giveaways or opportunities that sound too good to be true.

When you notice anything suspicious

• Report promptly: Alert OKX’s customer support team or your organization’s security team immediately. Early reporting can help contain potential threats and protect others from falling victim.

• Document details: Retain any communication records, such as emails or screenshots, to aid investigation efforts.

Learn More

The final word