To better protect our growing user base from potential phishing attacks, IDEX has teamed up with PhishFort to actively seek out and put an end to those trying to impersonate the IDEX trading platform.

PhishFort is an anti-phishing company specializing in the blockchain industry, using a combination of cutting-edge techniques to detect, blacklist, and ultimately take down phishing websites, apps, chat bots, and more across the web.

Current Anti-Phishing Results

Copycat Sites

In the last month alone, we’ve identified and taken down over 50 phishing websites that were impersonating IDEX. These include homograph attacks, as well as attacks which were simply typos of our domain.

Examples of various homograph/typo phishing domains

Once identified, phishing websites are blacklisted almost instantly in some of the most widely used browser extensions in the crypto space such as EtherAddressLookup, MetaMask and the MyEtherWallet browser plugin. After the website is blacklisted, the takedown process begins. This involves alerting the hosting provider and the domain registrar that illegal activity is taking place on the website and domain in question and taking steps toward shutting it down permanently.

Google Play and iOS App Store

In addition to monitoring attacks against our domain, PhishFort is also monitoring both the Google Play Store and iOS App Store for fake apps impersonating the IDEX brand.

Example of a fake IDEX phishing app on Google Play

Tips on Trading Safely

The safety of our users’ funds is of the highest priority at IDEX. By leveraging the expertise of the PhishFort team, we are able to get ahead of many of the increasingly-complex phishing attacks being developed today.

However, we recommend looking at one or more of the following open-source tools and resources to help you maximize your safety when dealing with cryptocurrencies:

Browser Plugins

EtherAddressLookup — EtherAddressLookup is an open source security plugin aimed at protecting users from unsafe websites, twitter accounts and cryptocurrency addresses.

MetaMask — Metamask provides a user interface to manage your identities on different sites and sign blockchain transactions. Metamask has a blacklist which protects users against known phishing websites.

MEW — The MyEtherWallet browser plugin also contains a blacklist which protects end users from known phishing websites.

Report Phishing Attacks

EtherscamDB — An open-source collection of known Ethereum-based scams. You can report suspicious sites to be included here.

PhishFort — you can also report phishing attacks to PhishFort’s telegram bot.

Further Reading

As always, happy (and safe) trading!

~The Aurora (IDEX) Team