We want to let you know that our security team has recently detected a series of phishing attacks and some of our users have already been affected. During these attacks, malicious sites impersonating Xapo’s platforms, requested crucial security information such as login credentials from our users.
At first glance, it is extremely hard to tell the difference between some attackers and a real site. This comparison below shows how difficult this can be.
Our security team also discovered advertising campaigns claiming to be from Xapo and redirecting to a malicious site.
The security of your account is a priority to us! That is why we’ve come up with a list of measures that you can take to protect yourself from this kind of attacks.
1. Never enter your 6 digit SMS code on a website. The only safe place to enter it is your Xapo Mobile App.
2. Look for the secure HTTPS certificate in your address bar.
3. Make sure you are at https://account.xapo.com/ when logging into Xapo and asked for your credentials.
4. If you are using the Xapo Web App please bookmark the correct url and make sure to always log in from there.
5. Be suspicious of any email claiming to be from Xapo, especially those providing a link for you to log in and failing in this process.
6. Keep in mind that Xapo will never ask for your credentials in an email.
If you ever feel worried about your account’s safety after a specific communication received in the name of Xapo, don’t hesitate to contact us! We will be more than happy to assist you!