Beware of Phishing and Fake CS Modus of Crypto Platforms, Here's the Modus

JAKARTA - The increasing interest in crypto assets is also followed by the development of various cybercrime modes targeting users. Based on the Web3 security report from Hacken, a blockchain security company, more than 63 percent of the total losses due to security incidents in the first quarter of 2026 came from phishing and social engineering, surpassing wallet scams and smart contract exploits as well as other technical attacks.

The total losses due to Web3 security incidents from January to March 2026 reached around 482 million US dollars, with around 306 million US dollars coming from phishing and social engineering. This shows that cyber criminals are now exploiting more from the user side than trying to penetrate technology systems.

Chief Marketing Officer of INDODAX, Aloysia Dian, said the change in the pattern of attacks was reflected in the increasing prevalence of fraudulent methods in the name of INDODAX Customer Support (CS). According to him, perpetrators take advantage of user trust to obtain passwords, PINs, OTP codes, and other sensitive information.

"Currently, cyber criminals are no longer only looking for gaps in the system, but also looking for gaps in humans. The fake CS mode is one form of social engineering that uses the user's panic and trust to voluntarily provide access to their accounts," said Aloysia, in a statement, Thursday, June 25.

Aloysia added that the development of Artificial Intelligence (AI) makes the CS phishing mode increasingly difficult to recognize. The perpetrators are now able to generate emails, instant messages, and professional-looking communications through technologies such as generative AI, making it increasingly difficult for victims to distinguish between official communications and which are scams.

"If in the past, fraudulent messages were relatively easy to recognize because of many writing errors, now the perpetrators are able to create communications that are very similar to official company messages. Therefore, we always remind users to verify before providing any information related to their accounts," he continued.

In addition to utilizing AI, Microsoft Threat Intelligence also noted that QR phishing is one of the fastest growing cyber attack methods in the first quarter of 2026. The volume of attacks increased by about 146 percent, from 7.6 million in January to 18.7 million in March. This mode directs victims to fake login pages through QR codes inserted in emails and documents that appear legitimate.

As a protective measure, INDODAX urges users to always contact Customer Support through the company's official channels, double check the address of the website accessed, and enable layered authentication. Users are also reminded not to share personal information related to the account to any party without going through the verification process.

INDODAX emphasizes that the official Customer Support team never asks for passwords, PINs, recovery codes, or OTP codes, and never asks users to transfer funds to personal accounts under any circumstances. In addition, INDODAX does not have an official Customer Support WhatsApp number, if there is a party who contacts you via WhatsApp and represents CS INDODAX, users are urged to immediately end the communication and verify it through the official company channel.