The Cybersecurity Checklist: A Quick Guide to Protecting Your Account

Apr 094 min read

Since launching in 2018, Nexo has upheld a state-of-the-art infrastructure for digital asset security, impeccably safeguarding our operations and clients. In 2023, Chainalysis observed a decline in illicit cryptocurrency transactions, with criminal receipts falling to $24.2 billion. This downturn underscores the effectiveness of advancements in DeFi security protocols and the growing cybersecurity awareness among users.

Today, in the 2024 landscape, it is imperative we continue enhancing our infrastructure and providing you with detailed information on fraud prevention is key. Your active participation in this security paradigm is indispensable, which is why we’ve created a checklist to go by when ensuring the safety of your account, plus a comprehensive resource on the most common threats in the industry today. 👇

Your Security Checklist

Be Informed & Be Skeptical: Learn to identify phishing and common security threats. Remain cautious of unsolicited communications, links, and attachments from unknown sources, always questioning their motives.

Do Not Trust, Verify: Before responding to unexpected communications, verify the sender by contacting the organization or individual through an official, recognized channel. Always check the sender's address before reading the email’s contents or opening any links within it. All official Nexo communication is sent from the domain @nexo.com. In case of uncertainty, contact our Customer Support team to verify the legitimacy of the email in question.

Use 2FA, Anti-Phishing Code, Unique Passwords & Whitelisting: Use a password manager for complex, unique, and secure passwords. Activate 2FA (we recommend avoiding SMS-based options), set up an anti-phishing code, and enable whitelisting features to limit access to pre-saved addresses.

Protect Your Information: Treat your personal data with the utmost care, as if it were your most valued secret. Keep in mind that Nexo employees will never ask you to provide your password/2FA code or authorize transactions.

Be Cautious with Links & Attachments: Avoid clicking on links or downloading attachments from unsolicited messages. These could potentially harbor malware. Additionally, scammers often use similar URLs in fraudulent ads, web pages, and articles, so make sure you are on nexo.com before typing in your login information.

Report Suspicious Activity: If you encounter a message that seems to impersonatе a company or organization, report it to the original entity at once. Such organizations usually have specialized security teams focused on dealing with scam attempts.

Update Software & Devices: Keep your operating and security software fully up to date to defend against new threats.

Awareness is your first line of defense. 

Familiarize yourself with the warning signs of fraudulent activities to avoid falling prey to these tactics.

Common Crypto Scams & How to Avoid Them

Types of Phishing

Good old-fashioned phishing is a social engineering attack used to steal user data (e.g. login credentials and card numbers). The key signs of phishing messages include emails or other types of messages from public, misspelled (e.g. go0gle.com), unknown, and/or suspicious domain names; suspicious attachments/links; poor writing; and a sense of urgency. Phishing can come in many forms, including:

  • Email and social media phishing involve impostors pretending to be notable figures or Nexo employees, offering deals that seem too good to be true, primarily through messages or comments. It's essential not to share personal details or passwords. 

  • Smishing: Smishing is phishing executed using a text message. The smisher might pose as someone you know or someone who is authorized to ask for sensitive information. Do not reply, call the number, or click on any links. Never provide passwords or recovery codes via text. Note that Nexo will never prompt you to log into your account via a text or a link.

  • Seed-phrase scams and fake websites where fraudsters create lookalike websites of popular platforms. Users are cautioned to carefully check URLs and to keep their seed phrases confidential.

  • Fraudulent mobile apps where scammers disguise malicious apps as popular wallet applications to steal cryptocurrency. It's advised to download apps only from verified sources and to check their legitimacy.

  • Malware in downloads was highlighted by the incident involving CoinsPaid, where malware from a deceptive download led to a $37 million theft.

Other Common Threats

Beyond phishing, here are some of the other types of common attacks in the industry you should be aware of:

  • Pig butchering scams: The fraudster builds a relationship with the victim under the pretense of friendship or romance before persuading them to invest in a non-existent platform with promises of significant returns. The scam is named after the tactic of progressively deceiving the victim into giving more assets before the scammer vanishes with the accumulated wealth.

  • Remittance scams: Victims are approached by individuals posing as legitimate investment firms, urging them to invest a small amount of cryptocurrency with the promise of a much larger return. Further payments may be requested to cover fictional taxes or fees, but the promised returns never materialize.

Always add extra protection to your online activities to avoid scammers. For more tips on how to protect your Nexo account specifically, read this dedicated article on our Help Center.

The safety of your funds ultimately depends on Nexo’s stellar security infrastructure in combination with the good practices of our clients. This is why we strongly encourage you to remain vigilant and take these measures to secure your accounts.

Your security is our priority, and we thank you for joining us in this vital joint effort.