Check the sender's email address This is one of the quickest ways to identify a suspicious email, OKX uses a set of official email domains. You can view all official contact channels here. If the address looks similar but not exactly the same (for example, “okx.com” changed to “oikx.com” or an unrelated domain), treat the email as suspicious.2. Review the content carefully Even if an email looks polished, there are signs that often give away a phishing attempt.

If the address is valid but the email content appears suspicious (e.g., contains instructions to withdraw funds, scan QR codes, or click links), proceed to 2.2. Verify the email's authenticity using the EML file If the verification result shows the address is official, but the content appears suspicious: Proceed to use the EML file to verify the authenticity of the email.

High-risk behavior: Messages containing suspicious links or requests to call a specific phone number.Why are these messages so convincing? Due to limitations in SMS technology, sender names can be easily spoofed.

On the app: head to Menu > Profile & Settings > Security > Community safety > Report scam or suspicious activity Example of where you can report the scam on the app On the web: go to Security → Community Safety → Report scam or suspicious activity. Example of where you can report the scam on the web Or you can easily reach out to our customer service via our Help bot on the Support center page.

Random restarts or other suspicious activity.If your account is being taken over, signs include: Logins from unknown devices or locations. Being locked out of your own account. Changes to your recovery email or phone number. Receiving password reset emails you didn’t request. Unusual sent messages or suspicious activity New third-party access or app passwords you didn’t authorize. Multi- or two-factor authentication (MFA/2FA) disabled unexpectedly.

Whenever you find an SMS or email is suspicious, you're always welcome to contact our support center that's available 24/7 to verify the authenticity of the message.

Some common reasons include: Suspicious account activity Past campaign abuse (for example, creating multiple accounts to claim rewards) Failure to meet minimum deposit, trading volume, or verification level required by the campaign Restrictions based on regional regulations or specific campaign termsWhat can I do next? You can: Review the campaign terms on the campaign page to make sure you meet the specific requirements. Wait for the system's review.

Raise a dispute immediately if you find any suspicious activities or scammers during the transaction process. Our customer support team will look into it and contact you. Learn how to raise a dispute here.3. How can I further safeguard myself if I'm a seller? Always check your bank/electronic wallet/payment method of choice to confirm if you've received the full payment. Don't solely rely on payment proof provided by the buyer.

Don’t spend suspicious dust. Spending it links your wallets together. Use separate wallets for exchange deposits (identity verification) and for private holdings. Monitor transactions. Unexpected tiny deposits should be treated as suspicious. Don’t interact with unknown tokens. Malicious airdrops can be tied to smart-contract scams. Use privacy tools carefully. hierarchical deterministic wallets or privacy-focused wallets can help, but they have trade-offs.Can a VPN help?

You’ve recently installed software or plugins from unknown sources, run suspicious installers, or opened suspicious attachments. Can verify first, then handle (but don’t delay long-term) The risk level is medium, and you can clearly associate it with legitimate software components you installed. It’s still recommended to verify: Process path Source Whether there’s abnormal auto-start behaviorHow do I handle risks? Please prioritize “clean / uninstall” actions.

If suspicious applications are running on your device, scanning and removing malware is recommended. Trojan horse viruses are likely to be present in browsers and input method applications.What should I do if my account is automatically logged out on the PC (requires device time calibration)? For the security of your account, we recommend calibrating your device time and then trying to log in again. If the issue persists, please check and adjust your device’s time settings.

Don't hesitate to walk away from deals if they're appearing suspiciously. Avoid transacting outside of our P2P platform: P2P crypto scams occur when scammers bypass a platform's escrow system and transact externally. Limit your P2P transactions to our P2P platform to add an additional layer of security to your P2P trades. Our P2P escrow system holds the traded crypto on our platform and releases them to the buyer only when transactions are authorized.

Currently, the following OKX email suffixes are supported: @okx.com @mailer1.okx.com @mailer2.okx.com @service2.okx.com @turkiye.okx.com When the email address looks correct but the content feels suspicious Even if the sender address appears to be official, you should be cautious if the email content includes unusual instructions such as clicking links or providing personal information. In such cases, you should further verify the email's authenticity.