Following a fraudulent connection in the tool we use for mailing, Coinhouse was subject to a phishing attempt. This tool being external to our overall system, our platform was not attacked and all funds are in total security.
The attack took place yesterday, consisting in sending out emails to our clients and prospects in an attempt to obtain their login credentials. It started 6:47 PM, Paris time, when an email with the following title “Action required: Verify your Data”, inviting its recipients’ to click on “Verify” was sent. Users that clicked on this link were redirected to a fake website copying the Coinhouse page and its 2 Factor Authentication (2FA) process. Here, they were asked to identify themselves by submitting their mail, passwords, (and 2FA codes for those that had set it up). .
Immediate reaction of our team
Our teams were put on alert immediately and the fake website “app.colnnhouse.” (with an “L” in place of “i) was stated as fraudulent within less than an hour, and considered a dangerous website thanks to our rapid intervention. Coinhouse blocked all access to accounts on the platform for a period of 6 hours, precisely from 7PM to 1AM, Paris time as precautionary procedure. No one could access to the platform nor any of its accounts.
Our platform was not attacked and all funds are in total security. All cryptoasset delivery services are operational. We have however stopped all cryptoasset withdrawals for all assets stored on our platform
OUR RECOMMENDATIONS
1/ If you have only opened the mail and clicked on the"Verify" button, but did not fill any identification credentials on the fraudulent website, you have nothing to worry about.
However:
1.1. Do not answer the fraudulent mail, delete it and empty your trash mail section.
1.2. If you hope to do so, you can change your password on the Coinhouse log in section page.
1.3 Remain vigilant with regards to all future emails that you may receive. Whenever you click on a link embedded in an email, systematically verify that you are indeed redirected towards an official website. Put extreme precaution on the URL that you are redirected to, and the email address format of the email you have received. If you have any doubt, the most secure way to access our service is to log on https://vincentr24.sg-host.com and click on “Sign In”
1.4 Similarly to any sensible information, just like that of your bank account, we have put in place a system allowing you to increase the security of your account thanks to Google Authenticator. You can find a tutorial on how to activate your 2FA for your Coinhouse account here. This will allow you to protect yourself from hacks, as no one will be able to access your Coinhouse account without subsequently submitting a code generated by your own personal phone.
2/ If you have received the fraudulent mail, clicked on the Verify button and submitted your login credential information, then
2.1 Contact our support: support@coinhouse.com
2.2 Do not answer the fraudulent mail, delete it and empty your trash mail section.
2.3 Modify your password on all websites that share the same password that you used for your Coinhouse account.
2.4 For security reasons, our teams have already changed the passwords of all users that have clicked on the Verify button. Your old password will no longer function and you can change your password.
2.5 Similarly to any sensible information, just like that of your bank account, we have put in place a system allowing you to increase the security of your account thanks to Google Authenticator. You can find a tutorial on how to activate your 2FA for your Coinhouse account here. This will allow you to protect yourself from hacks, as no one will be able to access your Coinhouse account without subsequently submitting a code generated by your own personal phone.
2.5. Comme tout site à caractère sensible (comme celui de votre banque), nous avons mis en place un système vous permettant d’augmenter la sécurité de votre compte grâce à la technologie de Google Authenticator. Voici un tutoriel sur la manière d’activer 2FA sur Coinhouse. Cela vous permettra de vous protéger des pirates, personne ne pourra accéder à votre compte Coinhouse sans fournir un code généré par une application de votre téléphone mobile personnel.
| IMPORTANT TIPS ON SECURING YOUR COINHOUSE ACCOUNT: |
- Use the two factor authenticator application
- Download Google Authenticator on your mobile
- Using Google Authenticator for increased secure access to your Coinhouse account. This will allow you to protect yourself from hacks, as no one will be able to access your Coinhouse account without subsequently submitting a code generated by your own personal phone.
2) Use a robust password
Never use an existing password. Your password must be unique and complex, and consist of a mix of characters, letters and symbols on each site that you may use (gmail, hotmail, amazon, etc). Consider using solutions such as Dashlane to generate and securely store your passwords. Your email account is particularly sensitive. Never use this password for other services.
3) Be vigilant towards all emails you receive
Remain vigilant with regards to all future emails that you may receive. Whenever you click on a link embedded in an email, systematically verify that you are indeed redirected towards an official website. Put extreme precaution on the URL that you are redirected to, and the email address format of the mail you have received
If you have any additional questions, please contact your support by mail: support@coinhouse.com or by phone at +33 1 53 00 92 60.
