Founded in 2018, VirgoCX is committed to making crypto trading safe, easy, and affordable for Canadians. We are Canada's trusted cryptocurrency trading platform and dedicated to streamlining our trading experience and empowering clients with advanced technology, superior liquidity, and best-in-class security. In this article, we provide various tips for you to secure your account, along with general best practices when using our platform. Just like you, it is in our interest to keep your account safe in the fast, every growing crypto market.
Here are some practical measures you can take to secure your assets and prevent unauthorized access to your account.
1. Adopt a robust password that cannot be easily guessed and modify it frequently.
While this may seem obvious, it is a crucial step in securing your Virgo account. Never let anyone else, including family or friends, create an account or access your account on your behalf. Your password should be strong and contain a mix of letters, numbers, and symbols, with a minimum length of eight characters. Make sure this password is unique to your Virgo account and different from other passwords you may use. Regularly changing your password is also a good practice.
Avoid writing your password down, saving it in a text file, or using your web browser's "remember password" feature. Do not share your password via email or any other electronic communication. If you find it difficult to remember your password, consider using a reliable and trustworthy password management software that stores your passwords in encrypted form within a secure vault.
2. Activate Google or Microsoft Authenticator
When creating a Virgo account, it is essential to have email and SMS verification in place. Additionally, we strongly suggest using either Google Authenticator or Microsoft Authenticator for added security. These platforms are considered more secure compared to SMS verification and provide protection against SIM swap attacks.
3. Beware of Impersonators
We only communicate with our clients through two channels. Firstly, we may send an email from our official domain ‘@virgocx.ca’ to your registered email address. Ensure that the sender is using an email address ending with ‘@virgocx.ca’ when communicating through email. Secondly, we may try to reach you through the phone number you used to register your Virgo account, either by call or SMS text message. It is important to note that we will never request your password. Never give out your login information to anyone.
We will never ask for your password, additional fees, or provide investment advice through any form of communication. Additionally, be cautious of accounts pretending to be Virgo or its employees. If you are unsure if someone is a genuine Virgo employee, feel free to reach out to us through live chat or email, available Monday to Friday.
4. Protect your email
The email associated with your Virgo account is crucial for maintaining a secure connection. It is used for verifying new devices, sending alerts, and communicating with support. Ensure its security by checking if it has been compromised in any data breaches at https://haveibeenpwned.com/. In case of a breach, change passwords associated with the email and enable two-factor authentication.
For added security, it's also advisable to regularly conduct a review of your email account and settings. Here's what to look out for:
- Verify if there are any unexpected rules, filters, or forwarding addresses in your email account.
- Confirm if your email account settings list any unknown authorized devices.
- Make sure that no unauthorized recovery emails or phone numbers have been added to your account.
If you suspect that your account may be targeted for takeover, consider enrolling in Google's Advanced Protection Program for added security.
5. Secure Your Mobile Account
A SIM-swap or phone port attack happens when a malicious actor successfully transfers your phone number to their own device. This can happen through identity theft or by tricking customer support representatives of your mobile carrier. Such attacks pose a risk to all accounts relying on SMS-based two-factor authentication or those that can be recovered through phone-based authentication.
To safeguard yourself against SIM-swap or phone port attacks, consider taking the following steps:
- Contact your mobile service provider and request to implement a port freeze and SIM lock on your account.
- Request that they create an account note mandating in-person verification with a photo ID for any porting or transfer of your phone number to a new device.
- Ask them to set up or enable a PIN number for changes to your account.
- Inquire about any additional security measures available for your mobile account to prevent unauthorized changes.
6. Maintain Your Devices by Keeping Them Clean and up to date
Malware comes in various forms, but some types can pose a significant threat. For example, keyloggers, remote access trojans (RATs), and malware that steals cookies can all be used to steal your login information and grant unauthorized access to your accounts.
To defend your devices against these types of malwares, take the following measures:
- Use anti-virus software and perform regular scans. Keep your virus signatures up to date to stay protected from new threats.
- Make sure your device is updated with the latest operating system and security updates.
- Keep your web browser and all other software updated to their latest versions.
- Uninstall any questionable or unnecessary software, especially those that allow remote access.
- Use an ad blocker in your browser to protect against malicious ads.
- Adopt safe web browsing habits and avoid clicking on suspicious links or downloading suspicious programs.
- Avoid installing browser plug-ins or add-ons from unknown third-party sources.
- Enable screen lock and password protection to secure access to your device.
7. Secure Your Cloud Storage Accounts
Many smartphone users rely on cloud storage services, such as Google Drive or iCloud, to backup their mobile device data, which can include messages, contacts, email, apps, photos, and more. If a malicious actor gains access to your cloud storage account and restores the backup onto their device, they will have a wealth of information to help them compromise your online accounts. The consequences of having this information in the wrong hands should not be underestimated.
However, you can safeguard your cloud storage accounts by implementing a few basic security measures that have already been mentioned:
- Establish a robust password and consider using a password manager.
- Enhance security with the most advanced form of two-factor authentication available.
- Take measures to secure your email account.
Alternatively, to eliminate the risk of a backup of your mobile device data falling into the wrong hands, you can turn off backups entirely in your cloud storage account settings.
8. Add Virgo as a bookmark
Make a bookmark of https://virgocx.ca in your browser and only use this link to access your Virgo account. Whenever you receive any mails regarding your Virgo account, always use the bookmark to reach your Virgo account.
9. Be cautious of phishing attempts
If you are unfamiliar with phishing, please spend a few minutes reading our phishing article.
In case you receive a message that appears to be sent by Virgo and you suspect it to be a phishing attempt, you can send it to email@example.com for verification.
10. Monitor your account activity
Go to the “Login History” page in your Virgo account to view all your login sessions, including authorized mobile system, sessions, locations, and times. You may also login from our Web app to check your account activities, including deposits and withdrawals.
If you encounter an unauthorized login or activities to your account that you are not familiar with, immediately change both your Virgo and email passwords. Additionally, you can file a customer support ticket to inform our security team of the issue, and they will investigate your account and assist you in ensuring its security.
11. Make use of the Address Book and Whitelisting Feature
Whitelisting is a feature of the Address Book that enables users to store an unlimited number of cryptocurrency addresses, making it more convenient and secure to send cryptocurrency to those addresses that are trusted. With the Address Book, you can:
- Add a cryptocurrency address for any supported cryptocurrency.
- Add a label to the address.
- Quickly select the saved addresses when withdrawing funds.
- Store new addresses in the Address Book after withdrawing cryptocurrency to an unfamiliar address.
Whitelisting is a security feature in the Address Book that restricts cryptocurrency withdrawals to only go to addresses that are already designated in the Address Book (either external or Virgo addresses). With the requirement of 2-step verification to activate or deactivate the feature, users are able to more securely withdraw to trusted addresses. The feature allows users to:
- Enable or disable the feature within the Address Book.
- Continue to add new addresses to the Address Book.
- Withdraw cryptocurrency only to addresses saved in the Address Book.
12. Exercise caution
When downloading software or apps on the device that you use for accessing your Virgo account, always exercise caution. Also, be thorough in your research before granting access to your account to any third-party applications. Stay clear of installing software from untrusted or suspicious sources, including "free" or cracked versions of commercial software. Be wary of browser plugins as well, and make sure to only install plugins from the official browser plugin repository for your browser.
It is common for scammers to impersonate Virgo and Virgo support on social media platforms. Before engaging with anyone claiming to be from Virgo team on social media, please verify if it is one of our official accounts. In case it's not, kindly forward the link to the impersonating account to firstname.lastname@example.org right away.
13. Reach out to Virgo Support
If at any point you have security-related questions or concerns regarding your account, don't hesitate to reach out to Virgo Support. Make sure to only utilize the contact information listed in this support article. Beware of fake customer support numbers and websites, which are a common tactic used by scammers. Be cautious of any information found through forums, social media, and Google Ads.
Please keep in mind that Virgo staff will never:
- Request your password, 2-step verification codes, or access to your email
- Ask you to install remote sign-in or support software on your computer
- Demand payment for resolving account issues
If someone claiming to be from Virgo Support requests this information, end all communication and immediately reach out to us.
We hope this information helps you enhance the security of your account.