The protection of customer data and digital assets is particularly important for Inlock. In the last few days, we have launched several new account security features.
Their main purpose is to ensure that even in case an account compromise happens, you do not lose control of your Inlock account and most importantly, the assets you have access to. There are more and more attacks that target dedicated customers and by obtaining certain information (phishing and/or malware), attackers can cause significant financial damage to the unsuspecting customer.
As a continually improving service provider, we consider it extremely important to help our customers effectively defend against such attacks.
Since the summer of 2020, it has been mandatory to use 2FA (two-factor identification) within Inlock to capture the withdrawal addresses.
Inlock has introduced the following account security changes:
➡️ Newly recorded withdrawal addresses will be locked for 24 hours.
This way, even if an attacker gains access to your account and obtains your 2fa code, they will not be able to immediately transfer anything out of it.
➡️ Changes that affect the security of the account will block withdrawals for 24 hours.
For any changes affecting account security (password reset, 2fa reset, 2fa on/off switch, etc.), ALL withdrawal address will be locked for 24 hours. All emails concerning account security contain an “Account Lock” button which can be pressed to immediately lock your account completely and sign out all clients who are logged in. After that, you can only re-open your account via Support.
➡️ Extra email confirmation is required.
All withdrawal requests from now on must also be confirmed via e-mail. The email will contain all important details (transfer address, amount, etc.), so if your computer is attacked by crypto-specific malware, you will still have control to prevent a hijacked transfer.❗️IMPORTANT: If you can, please authorize the transfer on another device. If you are initiating from a desktop computer, for example, it could be your mobile phone. This will increase the effectiveness of your protection.
➡️ Withdrawals can be recalled!
Every withdrawal notification email includes a cancel button next to the approval. If you receive email notification of a withdrawal that you did not initiate, you should immediately press the undo button.❗️ IMPORTANT: This button can be pressed even after the withdrawal has been approved. The withdrawal is possible until the actual transaction is completed at the latest until the transaction is executed on the blockchain.
All crypto assets are stored in a so-called cold wallet. These are multi-signature wallets, meaning that several people need to approve the wallet for access. This bank-wide security solution prevents unauthorized use of cryptocurrency.
❗️IMPORTANT: In the vast majority of attacks on customers, the customer’s email account is the primary attack surface. If you can, use an automatic email forwarding rule if your email client supports it. For example: you can find the necessary steps for Gmail customers here.
❗️For your secondary email address, use an address that is not directly accessible from the device that you would otherwise use as your primary email address.