OKX Web3最新发布：链上防钓鱼安全交易指南

Introduction The first user in the exploration chain should keep in mind this safety rule. Don't fill in the mnemonic private key on any webpage. Carefully click the confirm button on the wallet transaction interface and the link obtained by the Twitter search engine may be a phishing link entering a new cycle chain. With the increase of user activity, the risk of interaction is increasingly exposed. Fishermen usually use fake wallet websites to steal social media accounts, create malicious browser plug-ins to send phishing emails and information, and publish fake applications. Causes users to disclose sensitive information, resulting in asset losses. The forms and scenes of phishing are characterized by diversity, complexity and concealment. For example, anglers generally induce users to enter their private keys or mnemonics by creating fake websites with similar appearance to regular wallet websites. These fake websites usually use social media e-mails or advertisements to promote and mislead users into thinking that they are accessing regular wallet services, thus stealing users' assets. In addition, anglers may use social media platforms and forums. Or instant messaging applications disguised as wallet customer service or community administrators sent false messages to users asking them to provide wallet information or private keys, which used users' trust in the government to induce them to disclose private information, etc. In short, these cases highlighted the threat of phishing to wallet users. In order to help users improve their awareness of wallet use safety and protect assets from losses, they conducted in-depth community research and collected many phishing incidents encountered by wallet users, thus extracting the most common ones for users. Typical fishing scenes encountered, and the latest guide on how users can conduct safe transactions by combining graphic cases in different scenarios is written for your reference. The source of malicious information: Twitter reply through popular projects is one of the main ways of malicious information. The phishing Twitter account can be exactly the same as the official number in terms of name authentication and logo, and even the number can be dozens. The only thing that can distinguish the two is that Twitter pays attention to similarity. Please keep your eyes open. In addition, in many cases, fake accounts will deliberately reply under official tweets, but the reply content contains phishing links, which can easily make users think it is an official link and thus be deceived. At present, some official accounts will add tweets in tweets to remind users to guard against the risk of phishing links in subsequent replies. In order to increase credibility, phishers will also steal the project party or official tweets to post phishing links in the official name, so many users are very worried. Easy to be fooled, such as Twitter account and official Twitter of the project, have been stolen, and anglers have taken the opportunity to post false information or phishing links. Google search advertisements are sometimes used by anglers to post malicious links. Users look at the name displayed in the browser as official domain names, but the links they jump to after clicking are phishing links. False applications will also induce users to use false applications. For example, when users download and install fake wallets published by anglers, their private keys will be leaked and assets will be caused. The loss of the installation package modified by the fisherman has changed the chain address for receiving and sending tokens, resulting in the loss of user assets. Countermeasures: The wallet supports phishing link detection and risk warning. The current wallet supports phishing link detection and risk warning to help users better cope with the above problems. For example, if the domain name is a known malicious domain name when users use the browser through the plug-in wallet, they will receive an alarm warning at the first time. In addition, if users use the interface to access the first. The wallet will automatically carry out risk detection for the domain name. If it is a malicious domain name, it will intercept and remind users not to access the private key of the wallet for safe project interaction or qualification verification. The fisherman will pretend to be a plug-in wallet pop-up page or any other web page when the user is engaged in project interaction or qualification verification, and ask the user to fill in the mnemonic private key. These are generally malicious websites. Users should be vigilant and pretend to be customer service or administrators of the project. Fishermen often. Will pretend to be the customer service or administrator of the project party and provide the website for the user to enter the mnemonic or private key, which means that the other party is a fisherman. Other mnemonic private keys may leak. There are many common paths for the user's mnemonic and private key to leak, including the computer being implanted with Trojan virus software, the computer using a fingerprint browser, the computer using a remote control or proxy tool, the private key screenshot of the mnemonic saved the photo album, but it was maliciously uploaded and backed up to the cloud, but the cloud platform was invaded to enter the mnemonic. The private key process is monitored, people around us physically get the mnemonic private key file paper, and developers push the private key code to it, etc. In short, users need to safely store and use the mnemonic private key to better ensure the security of wallet assets. For example, at present, as a decentralized self-managed wallet, the wallet is online and cloud-based manual hardware and other mnemonic private key backup methods have grown into wallets that support private key backup methods in the market and provide users with safer private key storage methods. On the issue of stolen private key, the wallet has supported the mainstream hardware wallet functions. The private key of the hardware wallet is stored in the hardware wallet device and mastered by the user, thus ensuring the security of the assets. That is, the wallet allows the user to safely manage the assets through the hardware wallet while freely participating in the online token trading market and various item interactions. In addition, the wallet is now online, and the wallet without private key and the smart contract wallet help the user to further simplify the private key problem. Token anglers often give the malicious contract function an induced name, but the actual function logic is empty, thus only transferring the user's main chain token. The pre-execution function shows the changes of assets and authorization after the transaction is wound up, thus further reminding the user to pay attention to safety. In addition, if the interactive contract or authorization address is a known malicious address, a red security reminder scenario will be carried out. When a large amount of transfer is detected, the angler will generate and receive it through address collision. The same address in the first few digits of the receiving address pollutes the user's transaction history by transferring money or transferring a certain amount of money by fraud. It is expected that the user will copy the wrong address from the transaction history to complete the fraud scene chain. The authorized angler will usually induce the user to sign the transaction and upgrade the use to generate a pre-calculated new address to bypass the security detection, thus defrauding the user to authorize the relevant wallet. Please pay attention to the risks of the authorized transaction. In addition, if the authorized address of the transaction is a known malicious address, a red message will be reminded to avoid the user being deceived. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=53574