All posts

Be Alert, Phishing! Kanga Exchange Fake Pages

Be Alert, Phishing! Kanga Exchange Fake Pages

Written by


Published on

orded over 6 thousand scams, with more than a half of them being web attacks. Phishing is also the most commonly used form of extortion of personal data and money.

What is phishing?

The name ”phishing” comes from the combination of English words ”password” and ”fishing” forming a phrase which means ”fishing for passwords”. It is the most common type of web attacks used by frauds, where the criminals pretend to be another person, institution or a trusted domain. Their objective is to trick a victim into disclosing private information such as login credentials, e-mail passwords or credit card numbers, leading to funds acquisition.

How to recognise a fake website?

The most effective way to prevent phishing is to be cautious and careful when logging in on Internet platforms. The name of the website you enter sensitive information on or the domain name from which an important e-mail was received should be verified every time.

Phishing websites are created by cybercriminals in such a way to appear most authentic. Typically, the difference can only be found in the domain address. To create such a page, frauds will often buy a domain which name differs only in one character from the authentic one, hoping no-one would notice.

Scammers create the websites that mirror legitimate sites, where the users log in using e-mail address or online banking. Logging into a fake webpage wil result in fraudsters intercepting personal or financial information.

Examples of phishing – a fake Kanga Exchange website

Recently, Kanga Exchange market has been struggling with website spoofing. After entering ”kanga exchange” phrase into the Google browser the first search result redirects you to a supposedly legitimate exchange website. It should however be noted that it is a featured ad with a suspicious www address – the genuine platform domain is kanga.exchange.

Unfortunately, many users do not pay attention to such details and unintentionally follow the first link. After clicking it appears a login panel that requires account login details – e-mail and password to log in to the exchange, that under no circumstances should be entered there. If, however, this data is carelessly handed over to the hackers, they will obtain the victim’s mailbox credentials. This in turn will enable them to take over the account and the funds stored there from the authentic exchange website.

It is worth noting that the fake domain contains texts available only in Engish.

Every day phishing domains are reported through Report an ad/listing form however, the fraudsters, despite blocking ads, keep creating new, similar-looking websites.

How to verify Internet pages yourself?

  • Check the spelling of the site content or domain name – each mistake, even the smallest typo, can indicate falsity.
  • Carefully verify the content and design of the page – pay attention to even the smallest details in the text displayed on the website.
  • Do not trust the first search results the browser produced – phishing sites buy advertisements in Google Ads to get top positioning in search results.
  • Type the name of the domain in the browser to ensure connecting to the page you intend to enter.
  • Pay attention to the visual features of the website – images and banner colours. Do they look the same as on the genuine web page?

What may happen if I open a phishing site?

Just entering the website does not usually result in the loss of funds. Only having your details entered in the specific field and accepting false regulations may bring negative results, such as money loss.

Remember, that you should set up a different, unique passwords for all accounts on Internet platforms, so that no hacker is able to steal them.

If you ever receive a phishing e-mail containing a suspicious link – where you are required to enter your PESEL number, credit card number, your mother’s maiden name or birth date – do not answer it under any circumstances! The platforms where you have created your accounts will not request such data and will not contact you first. Such a message is an illegal attempt to retrieve your personal information.

Where to report phishing?

If you become a victim of phishing, immediately report the incident to the police. Report untrustwrthy websites through CERT.PL. If such a website appears in the Google browser as an ad – report it to support.

In Kanga Exchange we are committed to preserving our users’ safety informing about cyber-based fraud and about money laundering prevention, running a public campaign ”Nie pie(p)rz”. On the exchange blog you can find numerous educational articles about scams and how to avoid them.

Keep educating yourself about online security and do not trust everything you can find there. Apply different safeguards to all accounts and passwords you own in Internet (two-factor authentication 2FA, security keys U2F). And above all, remember that a moment of inattention can have serious consequences.