Indonesian Political, Business & Finance News

Beware of Phishing and Fake Customer Service Modes on Crypto Platforms

| | Source: MEDIA_INDONESIA Translated from Indonesian | Finance
Beware of Phishing and Fake Customer Service Modes on Crypto Platforms
Image: MEDIA_INDONESIA

The growing interest in crypto assets has been accompanied by the development of various cybercrime modes targeting users. According to a Web3 security report from Hacken, a blockchain security firm, more than 63% of total losses from security incidents in the first quarter of 2026 stemmed from phishing and social engineering, surpassing wallet scams, smart contract exploits, and other technical attacks. Total losses from Web3 security incidents between January and March 2026 reached approximately US$482 million, with around US$306 million coming from phishing and social engineering. This indicates that cybercriminals are now exploiting the user side more than attempting to breach technological systems. Indodax Chief Marketing Officer Aloysia Dian said the shift in attack patterns is reflected in the increasing prevalence of fraud modes impersonating the company’s customer support. According to her, perpetrators exploit user trust to obtain passwords, PINs, OTP codes, and other sensitive information. “Currently, cybercriminals are no longer just looking for gaps in the system, but also gaps in humans. The fake CS mode is a form of social engineering that exploits users’ panic and trust so they voluntarily give access to their accounts,” said Aloysia. Aloysia added that the development of artificial intelligence (AI) makes phishing CS modes increasingly difficult to recognise. Perpetrators can now produce emails, instant messages, and communications that appear professional through technologies such as generative AI, making it harder for victims to distinguish between official communications and fraud. “If in the past fraudulent messages were relatively easy to recognise due to many writing errors, now perpetrators can create communications that closely resemble official company messages. Therefore, we always remind users to verify before providing any information related to their accounts,” she continued. Besides leveraging AI, Microsoft Threat Intelligence also noted that QR phishing became one of the fastest-growing cyberattack methods in the first quarter of 2026. Its attack volume increased by approximately 146%, from 7.6 million in January to 18.7 million in March. This mode directs victims to fake login pages via QR codes embedded in emails or documents that appear legitimate. As a protective measure, Indodax urges users to always contact customer support through the company’s official channels, double-check the website addresses they access, and enable multi-factor authentication. Users are also reminded not to share personal account information with any party without going through a verification process. The company emphasised that the official customer support team never asks for passwords, PINs, recovery codes, or OTP codes, and never asks users to transfer funds to personal accounts under any circumstances. Additionally, the company does not have an official WhatsApp Customer Support number. If any party contacts users via WhatsApp claiming to be Indodax CS, users are advised to immediately end the communication and verify through the company’s official channels.

View JSON | Print