How we checked this
We reviewed the linked sources and keep this page updated when the record changes. Use the source list below to verify the details.
Short answer
Do not trust branding on its own. A message can use a real exchange name, logo, and familiar-looking domain fragments and still be an impersonation attempt. Safer practice is to avoid replying, clicking links, installing software, sharing one-time codes, or sending money until you verify the contact through the exchange's official site or app that you opened independently.
Date check: This guidance was reviewed against the listed public cyber-safety sources for publication readiness, but support channels and platform security features can change. Re-check the exchange's current help or security pages before acting.
Why this happens
Phishing and impersonation rely on copied appearance and pressure. Public cyber-safety guidance warns that suspicious messages may imitate trusted organizations, use convincing language, and push the target to act quickly. That is why the message's look is a weak trust signal by itself.
Weak signals people often overvalueA copied logo, a display name that matches a real company, a reference number, or a web address that includes the brand name may make a message look familiar. Those details do not, by themselves, confirm who controls the sender address, the reply path, or the site behind the link.
Stronger signals to prioritizeA safer check is to leave the message and reach the exchange through a path you already trust, such as a saved bookmark, a manually typed address, or the official app already installed on your device. Then compare what the message claims with what you can verify inside your account or on the platform's published support and security pages.
What to verify next
Start with how the message reached you: email, text, social media, chat app, or phone. If the contact method is unexpected, or does not match the exchange's published support information, treat that mismatch as a warning sign and slow down.
2. Check the full sender detailsDo not rely only on the visible sender name. Look at the full email address or account identity if your platform shows it. A familiar brand name in bold is not the same as a verified sender.
3. Inspect the destination, not just the link textA message can show reassuring button text while sending you somewhere else. Public cyber guidance favors navigating manually to a known destination instead of using links embedded in a suspicious message. If a link asks you to log in urgently, treat that as a reason to verify outside the message.
4. Check the requested actionThe most important clue is often what the sender wants you to do. Requests to share one-time codes, move to a private chat, install software, send a payment, or reveal seed phrases or private keys are high risk. Wallet secrets should not be shared with support contacts.
5. Re-enter the exchange independentlyOpen the exchange directly using your trusted route. Then check whether the same warning, ticket, restriction, or account notice appears inside your signed-in account. A claim that exists only inside the message is weaker than a claim you can verify on the official platform yourself.
6. Review your account from the official platform onlyIf the message claims there is a freeze, suspicious login, or urgent review, inspect your account from the official site or app only. Review the security information the platform makes available to you, such as recent activity, current sessions, password status, or other visible account protections. Specific features vary by platform.
Which facts need verification?
Before you treat the message as genuine, verify these points through an independent route:
- Whether the exchange actually uses that contact channel for support or security notices.
- Whether the full sender identity matches official published information.
- Whether the exact web address is one you already trust, rather than one that only contains the brand name.
- Whether the same ticket, alert, or restriction appears inside your real account.
- Whether the requested action matches normal security practice, rather than pushing you to share codes, wallet secrets, install tools, or pay.
Quick verification table
| Signal in the message | What it may mean | What it does not prove | Safer next check |
|---|---|---|---|
| Real exchange name or logo | Public branding was copied | That the message came from the exchange | Open the official site or app independently and compare support information |
| Web address contains the brand name | The sender wants the address to look familiar | That the domain is official | Compare the exact address with the route you already trust |
| Ticket number or case ID | The message imitates a support process | That a real case exists | Sign in independently and look for the same case or notice |
| Urgent warning about account access or withdrawals | The sender is using pressure | That your account is actually restricted | Check your account directly on the official platform |
| Request to continue in a private chat or off-platform channel | The sender is moving you away from normal checks | That this is an approved support path | Compare with published support guidance |
| Login page that looks correct | The page may copy the real interface | That the site is genuine or safe | Leave the page and navigate manually instead |
Practical checklist before you respond
- Do not click the link or use the reply button yet.
- Open the exchange through a bookmark, typed address, or official app you already trust.
- Check whether the contact channel appears on the exchange's public support or security pages.
- Compare the full sender details with what you can verify independently.
- Look inside your account for the same alert, ticket, or restriction.
- Refuse any request for one-time codes, seed phrases, private keys, remote access, or payment.
- Save evidence such as screenshots, timestamps, sender details, and web addresses.
- Report the suspected impersonation through the exchange's official reporting path or your local cyber-reporting route, where available.
If you already clicked or replied
Move from verification to containment. Stop engaging with the sender. Return to the official platform directly, review your account security from there, and preserve records of the message, links, and any identifiers used. If you exposed wallet-sensitive information, treat the risk as higher and act through official account and device-security steps only. Because platform tools differ, re-check the exchange's current help and security documentation for the exact options available to you.
Bottom line
When a support message looks convincing but the trust signals are mixed, do not let the branding decide for you. Verify the channel, sender, destination, and requested action through a route you opened yourself. If you cannot confirm those basics independently, do not proceed.
Sources
- CERT Polska — official public cybersecurity warnings and phishing guidance.
- NASK — official cybersecurity and internet-safety resources.
- Gov.pl: Cyberbezpieczeństwo — official public cyber-safety guidance.
Update log
- 9 Jul 2026Published with source tracking and reader-safety context.
- CorrectionsIf a source changes or a claim needs clarification, this page can be updated from the editorial desk.