Introduction of Personalized Image Solution for Anti-phishing

Hello, Orbit Chain Community!

This post covers the phishing prevention personalized image solution introduced on the Orbit Bridge website. The usage of personalized image service is to distinguish Orbit Bridge and similar phishing websites. Personalized image information is known only to the user and not displayed on phishing websites.

1. Background of providing a personalized image solution for anti-phishing

Ozys is a leader in DeFi Autonomous Finance. We are expanding the Ozys ecosystem by establishing multi-chain-based decentralized exchanges (DEX) on major mainnets such as Klaytn, Polygon, TON, etc., and transplanting various financial infrastructures, focusing on Orbit Bridge, the core infrastructure for cross-chain liquidity trading. We provide users with a wide range of financial services based on our high technology and experience in the research and development of several DApps and the commercialization of services. At last, we have been continuously conducting smart contract code vulnerabilities and security audits by global security companies such as Theori, CertiK, HAECHI labs, and SOOHO to secure users’ deposited assets from hacking risks.

However, despite our efforts, DeFi users are still exposed to various risks due to the approach of directly communicating with each smart contract through the website (front-end). The structure has caused users should pay more attention when managing private keys, and various phishing scams aimed at stealing private keys or mnemonic phrases are becoming more intelligent.

Web security vulnerabilities cause individual property loss damages but also cause economic losses throughout the industry. As this eventually significantly disrupts industrial growth, Ozys is working hard on research and development to prepare supplementary measures. “Personalized Image for Anti-Phishing” is one of these efforts, and we will introduce it to each service built by Ozys. This solution has completed a security audit by ChainLight of Theori, Ozys’s security partner. Personalized image solution for anti-phishing is widely used in the traditional financial sector to prevent electronic financial fraud, so many users are familiar with them. This solution can be an effective preventative measure to secure and manage the digital assets deposited by users.

2. Main Concepts

✅ Phishing

Phishing is a compound word that means fishing for private data. It is a non-face-to-face transaction using telecommunication means such as phone, text message, messenger, and fake websites to defraud and blackmail victims to obtain users’ personal information or information. It refers to a fraudulent method of stealing financial information and extorting the property of others.

✅ Phishing Website

A phishing website refers to a fraudulent technique that causes various attacks, especially financial damage, after requesting users’ personal and financial information through a homepage similar to the real one.

✅ Personalized Image

The personalized image is a combination of the image selected by the user and the personally recognized character entered by the user and is a security service to distinguish each website from Ozys apart from phishing websites. Since the personalized image set by the user is the information only the user can know. It can be hard to secure that information or implement it in the same form on phishing sites. Therefore, it helps users prevent phishing damage.

The personalized image set by the user can be registered and checked regardless of the wallet connection and is applied for each browser, not stored on the service site or remote server. Therefore, if you reinstalled the browser, deleted the browser cache/data, or used the browser in incognito mode, you may reset the registered personalized image.

If the registered personalized image is not initialized and displayed even though there are no those reasons, there is a potential risk of phishing damage. We recommend registering your personalized image after checking whether the site address you accessed is correct. Afterward, check the image is displayed on the website.

There may be phishing via pop-up with messages below.
“The personalized image has been initialized due to server maintenance. Please set again.”
Technically, the server cannot delete your local storage, so we ask that you pay special attention to the above pop-up or message. If you see a pop-up with messages asking you to reset your personalized image, please check the domain you are currently accessing and the latest announcement from the Orbit Chain official community.

You can find the registered personalized images at the top of the website. If the image is not displayed on the page or is shown differently from the registered information you have chosen, never proceed with information input, wallet approval, and transactions on the page. Please use it after sufficiently verifying the site, including the above reconfirmation measures. You can change personalized images an unlimited number of times.

3. Personalized Image Registration Guide

1. Select [Set Anti-phishing] at the top right of the service.

2. After reading the personalized image registration guide, select the [Continue] button.

3. Enter three pieces of information to register: (1) image, (2) color, and (3) personal recognition characters (Korean/English/number, up to 5 digits). After checking my final personalized image at the bottom of the pop-up, select the [Register Personalized Image] button.

4. When registration is complete, the image you set is displayed on the top right of the service website.

Please Note

1. The personalized image set by the user can be registered and checked regardless of the wallet connection and is applied for each browser, not stored on the service site or remote server. Therefore, if you reinstalled the browser, deleted the browser cache/data, or used the browser in incognito mode, you may reset the registered personalized image.
2. If the registered personalized image is not initialized and displayed even though there are no those reasons, there is a potential risk of phishing damage. We recommend registering your personalized image after checking whether the site address you accessed is correct. Afterward, check the image is displayed on the website.
3. There may be phishing via pop-up with messages below.
   “The personalized image has been initialized due to server maintenance. Please set again.” Technically, the server cannot delete your local storage, so we ask that you pay special attention to the above pop-up or message.
4. You can find the registered personalized images at the top of the website. If the image is not displayed on the page or is shown differently from the registered information you have chosen, never proceed with information input, wallet approval, and transactions on the page. Please use it after sufficiently verifying the site, including the above reconfirmation measures.
5. You can change personalized images an unlimited number of times.

[Official Websites & communities]

• Orbit Chain: https://orbitchain.io
• Orbit Bridge: https://bridge.orbitchain.io
• NFT Bridge: https://bridge.orbitchain.io/nft
• XRP Bridge: https://xrpbridge.app
• Orbit Chain Explorer: https://explorer.orbitchain.io
• Orbit Chain Global Telegram: https://t.me/OrbitChainGlobal
• Orbit Chain Twitter: https://twitter.com/Orbit_Chain
• Orbit Chain Discord: https://discord.gg/orbit-chain
• Belt Finance: https://belt.fi
• KLAYstation: https://klaystation.io
• KLAYswap: https://klayswap.com
• Meshswap: https://meshswap.fi
• Megaton Finance: https://megaton.fi
• TON ↔ WTON Gateway: https://wton.dev