Customers of LiteBit enjoy a state-of-the-art security when it comes down to their accounts and their cryptocurrencies trusted with our service. However, there are specific steps that we cannot take on behalf of our customers and they are responsible to act according to security best practices. Responsibility requires awareness and knowledge; with this article we like to empower you to understand how to protect yourself and why this is so important.
Pay attention! There are currently several phishing emails circulating, specifically about updating accounts. The look and feel of these phishing e-mails have drastically improved, which makes it even harder to recognize. Therefore, please be careful. These are not emails from LiteBit. We never ask you to go to your account via links in an email. Below you will find examples of phishing emails, do not engage with this. Do you want to know if you need to update something in your account? Then always go directly to the website or app. This is always automatically indicated after logging into your account page. So never randomly click on links and always go directly to the site or app.
Cyber security is always evolving
Technologies are evolving in an incredible speed and offer a lot of possibilities to companies as well as retail consumers. With new products and more and more complexity there is also more attack surface for cyber criminals. Most articles in the media will features the individuals behind cyber attacks as hackers. It is worth to mention that there is a difference between hackers and criminals. Not everybody concerned with penetrating cyber security is a criminal and so hacking is a complete legitimate thing to do.
Messing with other people’s data, money or well being is not. And this is why every internet user has to protect himself up to the best of his capabilities. Since most users don’t have the education to become a security specialist the best option they have is to minimize the attack surface for those who exploit, steal or cheat.
Even with technology ever evolving, if you close as many attack vectors as possible, then you enjoy more security.
Secure ALL your accounts
There are a few simple steps that you can do in order to protect your account with LiteBit. A couple of them are already mandatory to sign-up with our service to enhance customer security. But you still rely on other services that we don’t control. This is what you should do with any account if possible:
- Use a good, strong and especially unique password
- Secure your account with two-factor authentication (2FA)
- Use a unique email address that is only used for certain activities
Passwords should be managed with a reliable password manager. Examples are Bitwarden and KeePass, but other options are also viable. The manager will allow you to use a generator to create random passwords that are not easy to guess. A rule of thumb for a good password is:
- At least 12 digits or more
- Uses upper and lower case
- As well as numbers and special characters
With each account you will have a unique password. If one should fail, all others are still fine. Reusing passwords is a very common mistake and offer cyber criminals a lot of options. They can simply try to login into other accounts using the same credentials.
Same goes for unique e-mail addresses. Of course, it is not necessary to create an address for each service. One address for each category should suffice for everyday use. So, have one account for social media, another for online shopping and so on. All of these accounts can be managed with your password manager. Most of them even on different devices.
Cryptocurrencies have a higher risk profile, so they are an exception when it comes down to e-mail addresses. We recommend to use for every crypto related service a unique e-mail address and that includes LiteBit as well.
Last but not least there is 2-factor authentication. The most common authenticator is from Google, but there is also the option for Authy and YubiKey among others and the simple method of using SMS codes. If a provider or a service offers 2FA always opt for it. Again, you can manage the keys and 2FA secrets comfortably with your password manager and you should always keep a backup of the recovery data. If your 2FA device is lost or destroyed you will rely on the ability to setup a new device.
Keep your eyes open for phishing attempts
Phishing is very common and there are two basic methods used to phish for user data. The first one is by e-mail. Once cyber criminals get their hands on a list of e-mail addresses, they will try to contact the unsuspecting victims and lure them onto fake websites or make them respond to get access to their data or their money. These e-mails are often faked, but look very professional:
- Always check the address sending the e-mail
- Mails often claim that urgent action is required
- They require you to enter personal data or even mnemonic seeds to resolve issues
- They require you to open data in the e-mail’s attachments
- Mail claims that you received money that needs to be redeemed
If you cannot identify an e-mail as phishing attempt, but you’re still unsure don’t reply to it and don’t take immediate action. Try to contact the customer support of the service in question through a different channel. Always keep in mind that LiteBit support will never ask for your login credentials, 2FA secrets or mnemonic seeds.
The second-best option for cyber criminals is to create fake websites based on a URL that looks similar to the original. It could be something like this:
While the first option seems to be obvious, the second uses the upper-case letter “i” instead of “L”. These fake websites often look like the original and are used to catch traffic through exploitation of typos. Therefore, the method is also called typosquatting.
To make sure that you are visiting the correct website, please check for any typos and even more importantly the certificate of the website you are visiting. This can be easily done by clicking on the icon that looks like a lock next to the field for the url in your browser. Another thing to keep in mind is not to use search engines for typing the url. Always type the url directly in your browser. Criminals even advertise their fake website with search engines.