As you know, MEW does not collect user data. We don’t gather any of your information and we don’t track where you are. We don’t have statistics on demographics, preferences or on how you navigate our website.
However, we do hold ourselves to a high standard of protecting our users from phishing, and we do keep track of security statistics provided to us by our partners Segasec and PhishFort, as well as Postmark DMARC monitoring tool.
Team MEW always reminds users to stay vigilant and remember best security practices. In the crypto space, safety is highest when it’s a collaborative effort between the user and the service provider. We make sure to weed out as many phishing websites and emails as we can, and do our best educate users on the ways to avoid falling prey to the scams that do get through.
Also, we appreciate when users let us know about fake sites and emails — it really helps us direct our efforts where they are most needed, as soon as possible. From our side, we are happy to provide updates on the way our security team protects you from attacks before they even reach you. Here is the report for the month of June!
Our partners Segasec and PhishFort continuously scan the web for signs of impersonation on domains, certificates and social channels. The lists of suspicious sites are kept updated, making sure that most attacks are handled preemptively, just as the phishing infrastructure is being set up.
When active phishing websites or emails are detected by the security team, they are blocked and then taken down completely, usually within hours of discovery. When users send tips about scams via support or social channels, they are forwarded to the security team and there is always someone on duty to investigate the attack immediately.
MEW never emails users first. Team MEW only returns emails sent to firstname.lastname@example.org. Our news and announcements are only via official channels on Twitter, Facebook, Reddit, Youtube, Instagram and Medium. We don’t have an email list or newsletter.
To filter out scam attempts that impersonate MEW in email, we use Postmark DMARC monitoring tool which authenticates email messages via DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework). DKIM creates a signature for every email, not unlike the public-private key pair, and SPF is a type of DNS. Messages that fail these checks are blocked. Only the emails that are sent between members of team MEW and from our official support channel are allowed to go through.
Stay tuned for monthly reports
In our dedication to improving crypto security and furthering crypto education, we believe that keeping our community up to date and getting valuable feedback is essential. Keep an eye out for our monthly security reports, and let us know what you think!