Good device and personal information hygiene significantly reduces the risk of an attacker being able to access your BTC Markets account or other financial accounts. Most attacks rely on a combination of outdated software, exposed personal information, and inattention to suspicious messages.
Keep your software up to date
Software updates frequently include fixes for security vulnerabilities. When software is not updated, attackers can exploit known weaknesses to gain access to your device without you doing anything obviously wrong.
Enable automatic updates on your operating system, browser, and apps where possible. This is one of the most effective and lowest-effort security steps you can take.
Choose strong passwords and keep them safe
Avoid using easy-to-guess passwords or passwords based on your personal information such as your last name or login name. Use a mixture of lower- and uppercase letters as well as numbers. Select especially strong, unique passwords for protecting activities like online banking. BTC Markets recommends using a password safe with generated passwords.
Protect your personal information
Exercise caution when sharing your name, home address, phone number, or date of birth online. Attackers can combine information gathered from multiple sources to impersonate you, reset your account credentials, or answer your security questions.
Before sharing personal information with any website or service, check its privacy policy to understand how your information will be stored and used.
You can check whether your data, including email address and/or passwords, have appeared in a known data breach using websites such as, Have I Been Pwned (haveibeenpwned.com). If your address has been exposed, assume that any associated passwords are also compromised and change them immediately - starting with your email account and any financial accounts.
Be careful with emails and attachments
If you receive an email with a link or file attachment you were not expecting - even from someone you know - do not click or download it. Delete the email.
If you are unsure whether a message is genuine, contact the sender directly using a phone number or website address you already know. Do not use the contact details provided in the suspicious email.
Malicious attachments can silently install software that gives attackers access to your device and everything on it.
Recognise a phishing email
Phishing emails are designed to trick you into handing over your credentials or clicking malicious links. Common signs include:
- Urgent language ("your account will be suspended unless you act immediately")
- Spelling mistakes, unusual phrasing, or odd formatting
- Email addresses or website links that look almost correct but are slightly wrong (e.g. "btcmarket.net" instead of "btcmarkets.net")
- Requests to confirm your password, 2FA code, or personal details
When in doubt, do not click. Go directly to the website by typing the address yourself or contact the organisation's support team.
Guard your email address
Be careful about where you share your email address online. Posting it on public forums, social media, or online communities can result in it being collected by spammers and phishers.
Responding to spam - or even opening images in spam emails - can confirm to the sender that your address is active, resulting in more spam. If you regularly participate in online communities, consider using a separate email address for those activities.
Many email providers also support address tagging using the "+" character. For example, if your address is first.last@domain.com, you can register with a service using first.last+btcmarkets@domain.com - all mail still arrives in your inbox, but the tag identifies exactly which service the email was sent to. If you start receiving spam or phishing emails addressed to a tagged address, you know that address has been exposed or sold.
Use two-factor authentication everywhere
Enable 2FA on your BTC Markets account, your email, and any other financial accounts you hold. Even if your password is compromised, 2FA prevents an attacker from accessing your account without a second code from your phone.
See our Two-Factor Authentication Set-up Guide for instructions on enabling 2FA on your BTC Markets Account.
Avoid conducting financial activity on public Wi-Fi
Public Wi-Fi networks - in cafes, airports, hotels, and libraries - can be monitored by other users on the same network. Avoid logging in to your BTC Markets account or any financial services on public Wi-Fi. If you must use a public network, a reputable VPN adds a layer of protection.
Useful links
Below are some useful resources about protecting yourself online:
- ScamWatch - is run by the Australian Competition and Consumer Commission (ACCC) and provides information to consumers and small businesses about how to recognise, avoid and report scams.
- Have I been Pwned - free tool to check if your email address has been exposed in a data breach.
- Report | Cyber.gov.au - is where to go if you have been a victim of a scam or fraud online and want to report it to police.
- IDCARE - is Australia and New Zealand’s National Identity and Cyber Security Support Service and provides free phone consultants, support and advice for the community.
- ACCC Little Book of Scams – is an important tool for consumers and small businesses to learn about scams.
For more information about any of the topics mentioned above, feel free to contact support.