1. Official login steps (official site only)
Always reach the exchange via a bookmark you created yourself or by typing the official domain into the address bar. Avoid clicking links from unknown emails, social media DMs, or search results you don't trust.
2. Two-factor authentication (2FA)
Enable 2FA (use an authenticator app like Google Authenticator or Authy). SMS-based 2FA is better than nothing but less secure than app-based or hardware keys (U2F / WebAuthn).
3. How to spot phishing
Watch for subtle typos in URLs (e.g., co1nbase.com vs coinbase.com), mismatched SSL/TLS certificate warnings, and pages that ask for unusual information (like your full 2FA codes repeatedly).
- Check the lock icon and certificate details in the browser address bar.
- Confirm the domain exactly matches the official exchange domain.
- Never enter your credentials on a page that opened from an email link unless you verified the email's authenticity.
4. What to do if you suspect your account is compromised
Immediately change your password from a secure device, revoke API keys you don't recognize, remove unknown devices from account sessions, and contact official support via the exchange's help center. Consider moving funds to a trusted wallet if you can.
5. Resources & further reading
Follow official support pages and security advisories from the exchange. Keep your OS and browser up to date, and use a good password manager to create and store unique passwords.