some exchange markets have implemented anti-phishing codes with email notifications, if you log in on a fake exchange site, this code will not appear in the right corner of the incoming email received by the user, or the code turns out different than you noted. if it's like that, the user can change the password as soon as possible.