How to Identify and Prevent SMS Phishing
The Bitget security team has recently noticed several SMS phishing scams in the industry. Fraud rings use specialized software to manipulate the sender's ID, making phishing SMS messages appear as if they are sent by Bitget, often grouped into the same inbox. To protect your funds, carefully evaluate the content of any received SMS messages.
Identify and Prevent SMS Phishing
● Be cautious: SMS messages from the same sender ID can still be fake. Fraud rings can forge sender IDs using hacking software.
● Avoid suspicious links: Do not click on suspicious links. If you are uncertain about the authenticity of a website, use our Official Verification Channel for verification.
● Verify SMS content: Consider the purpose of each SMS. For example, if a website prompts you to cancel a withdrawal but the SMS suggests you are making a withdrawal, you may be dealing with a phishing website.
● Contact customer service: If you receive a phishing SMS, contact our customer service immediately for prompt assistance.
Typical Fraud Cases
1. Fraud via fake ongoing withdrawals
Hackers counterfeit the Bitget sender ID and send SMS messages claiming "You have an ongoing withdrawal, visit the website to cancel." The website mentioned is a phishing site. Once the user enters their login credentials, the hacker steals their data in the background. Hackers trick users into performing a "cancel withdrawal" operation on a phishing page, which instead completes a withdrawal.
2. Inducement to create or modify APIs
API keys can enable automation features, including trading and withdrawals. Hackers encourage users to create new APIs through phishing SMS or phishing websites, then use the APIs to withdraw funds.
3. Fraud under the pretext of system and account upgrades
Hackers send phishing SMS messages claiming that "the website system is being updated, and you need to log in to the website to modify your password" or "your account has been upgraded, and you must log in to the website, or your funds will be frozen." Logging in through the phishing link allows hackers to steal your login credentials.