SECURITY
CONTENT
You need to be proactive in safeguarding yourself when accessing and using our systems and platforms. We have set out in this security page, tips to help you mitigate cybersecurity risks and also identified common security risks you need to be alert to.
TIPS TO MITIGATE AND REDUCE YOUR SECURITY RISKS
1. IDENTIFYING PHISHING WEBSITES OR EMAILS
It is important for you to identify and avoid potential phishing websites and e-mails. When you seek to access our website, you should always check that our official website URL (https://gcox.com) is correctly reflected in your browser.
In particular, you should check and verify that:
(a) you are securely connected to our website, with the URL beginning with https://rather than http://, and
(b) when you check the website security settings (usually by clicking the “padlock” sign in the address bar), it indicates that the site certificate is valid and issued to GCOX.
If you are using a mobile device, we recommend that you download and use our official GCOX mobile application (instead of a browser) to mitigate the risk of encountering a phishing website.
What to do if you receive a suspicious email:
(a) If you receive unsolicited emails, treat these emails with caution especially if the source or sender is unverified.
(b) Exercise additional caution when opening email attachments, and look out for suspicious attachment names and file types, such as executable files (usually with .exe filename extensions).
(c) We do not have the practice of sending unsolicited emails to you containing executable files as attachments.
In the event that you are aware of any potential phishing campaign and/or website, and/or if you are unsure as to whether a particular website and/or e-mail belongs to (or originates from) us, please contact us immediately so that we can assist you.
2. PROCTECTING YOUR SECURITY CREDENTIALS
While you need to comply with our password requirements during your account creation process, we additionally recommend that you use a strong password that is long and random, and hence not easy to crack.
A useful tip for choosing a strong password is to string together a phrase pertaining to something unique to yourself, and incorporate both uppercase and lowercase letters, numbers and symbols in your password. For example: Gc0x!stHew@yf0rwarD.
In the event that your user account has been compromised, please contact us immediately and take steps to change your security credentials.
3. SECURING YOUR DEVICE
Keep your operating systems, browsers, and our mobile applications (if you are using it) updated to the most current release versions, to ensure that known vulnerabilities and fixes (for such vulnerabilities) are patched.
Where possible, use anti-virus or anti-malware software on your various devices (and keep them updated the most current release versions) to help prevent malware infection.
4. PROTECTING YOUR CRYPTOCURRENCIES
Keep multiple backups. Consider keeping multiple backups of your cryptocurrencies in both “cold wallets” and “hot wallets” to protect against computer failures, human mistakes or external threats such as cyber-attacks. Large cryptocurrency sums should be stored in “cold wallets” such as USB sticks or external hard drives not connected to the internet or even on paper. These are safer as they are less vulnerable to cyber-attacks.
Securing your private key. Where you are issued with a private key to your digital wallet, you should keep the private key secure by storing it in a secure cryptographic hardware device. As the key is generated on the hardware itself, it never leaves the device. This makes your wallet less vulnerable to attack as it is difficult for attackers to gain access to and compromise your account.
Alternatively, you may also wish to store your private key on other hardware (e.g. an external hard drive or USB stick).
COMMON SECURITY RISKS THAT YOU SHOULD BE ALERT TO
5. WEBSITES PURPORTING TO BE RELATED TO GCOX
Our official website is https://www.gcox.com, and links to the official websites of our affiliates can be found on our official website.
There may be other third party websites which purport to be related to us, by using similar web addresses (e.g. by incorporating our GCOX trade mark into the web address), or incorporating content similar to that on our website. These third party websites are not related to us. They may be designed by third parties specifically to phish for your data (e.g. your personal data, or your security credentials to our systems and platforms), or contain malware that is harmful to your device and systems.
6. TOKENS PURPORTING TO BE RELATED TO GCOX
We operate a cryptocurrency token ecosystem that is powered by our proprietary blockchain technology, and built on the Acclaim Blockchain, which is in turn based on the NEO Blockchain.
Our ecosystem currently only supports our ACCLAIM Tokens and our Applause Tokens (which are gas tokens that control the utilisation of GCOX Platform resources). Tokens developed on other blockchains or based on other technologies are not affiliated to us, and are not supported on our ecosystem.
When you deal or transact with tokens that purport to be our tokens, particularly when outside of our official website, system or platforms, you need to be alert as to the nature of these tokens and take appropriate steps to verify and secure your transaction.
7. UNSOLICITED EMAILS THAT PHISH FOR YOUR INFORMATION
We will only send you emails from an “@gcox.com” address. We also do not have the practice of sending unsolicited emails that require you to provide your personal data and/or security credentials to our systems and platforms.
Beware of attachments in such emails as they may contain harmful malware that can infect your device. Malware can infect your devices, which can delete and/or corrupt your files, and even allow cyber criminals to gain access to your devices and personal data.
Social engineering techniques are commonly used to phish information from you. These techniques include sending you e-mails that resemble those sent by us (e.g. emails from an email address closely resembling our “@gcox.com” address and/or bear our “GCOX” trade mark, logos and get-ups. Such e-mails may be engineered to obtain your personal data and/or your security credentials to our systems and platforms (e.g. by requiring you to respond to the email with your personal data, or directing you to a website containing harming malware).
8. LOSS OR COMPROMISE OF YOUR SECURITY CREDENTIALS
It is an important personal responsibility for you to secure security credentials to our systems and platforms. Your security credentials to our systems and platforms can be used to access personal data on your user account, and to perform transactions on your user account (e.g your digital wallet).
When your security credentials to our systems and platforms are compromised (e.g. through successful phishing or harmful malware on your devices), your personal data and your tokens / cryptocurrencies associated with your user account and digital wallet may also be compromised. It may not also be possible for us to recover your data, tokens, and cryptocurrencies, or to reverse any transactions conducted on your user account and digital wallet.
When your security credentials to our systems and platforms are lost, it may not be possible for us to recover or reset your security credentials, or if possible we may require substantial time (including to conduct necessary verifications) to do so. This may cause you to lose access (either permanently or temporarily) to your user account and digital wallet (including associated tokens and cryptocurrencies).
WAYS WE PROCTECT YOU
We have in place appropriate cyber security infrastructure, technologies and processes to protect our systems and platforms, to reduce your cyber security risks when you use, access and rely on these systems and platforms.
However, with the inherent nature of technology, it is impossible or impractical to have complete protection against all cyber security risks. e.g. the nature of internet communications renders it susceptible to interference and interception by third parties. Accordingly, we do not guarantee that our systems and platforms are free of cyber security risks and cannot be responsible for cyber security risks and breaches beyond our control.
It is therefore important for you to be aware of certain risks involved in your access and use of our systems and platforms, and the steps that you can take to mitigate and reduce these risks.