Phishing scams involve malicious actors trying to deceive users into giving away sensitive information such as private keys, passwords, or mnemonic phrases by pretending to be a trustworthy entity. This can be via emails, fake websites, or direct messages.
Common Phishing Tactics:
1. Fake Websites: These look almost identical to the official Avalanche or related dApp websites but have slightly different URLs. Always check the domain name when accessing dApps to avoid malicious sites and contracts.
2. Social Media DMs: Beware of random direct messages or unsolicited advice.
3. Fake Support Tickets: Scammers may pretend to be support agents and ask you to provide personal details or private keys.
NOTE: Official Avalanche team members will NEVER ask for your private keys or personal details.
4. Emails: Always be cautious of emails that ask you to click on a link or download an attachment. Verify the sender's email and never enter your credentials unless you are absolutely sure it's legitimate.
5. Fake Airdrops: Be wary of promises of free tokens or coins. Always verify through official channels before participating in any airdrops.
6. Downloads: Scammers will often try to get users to download malicious software disguised as useful tools or updates. Only download software from verified, official sources.
7. Too Good To Be True: If an offer sounds too good to be true, it’s probably a scam. Always approach with skepticism.
8. Unknown dApps and Contracts: Be cautious when interacting with dApps or contracts that aren't widely recognized or endorsed by trusted figures in the community.
How to Protect Yourself:
1. Bookmark Important URLs: Always access Avalanche-affiliated sites and other trusted platforms through bookmarks to ensure you aren't tricked by fake sites.
2. Use Hardware Wallets: Whenever possible, use hardware wallets. These devices make it difficult for phishers to access your funds even if they obtain your mnemonic phrase.
3. Double-check URLs: Always scrutinize the website URL, especially before entering any sensitive information.
4. Stay Updated: Join the official Avalanche channels on Telegram, Twitter, Discord, and other social platforms. Stay informed about potential threats and announcements from these trusted sources.
5. Educate Yourself: Understand common phishing tactics so you can recognize them immediately. When in doubt, consult the community or a trusted source. To learn more about other forms of scams, check out our Transaction Hygiene article.
If You Suspect a Phishing Attempt:
Do Not Engage: If you're unsure about something, avoid clicking on links, downloading attachments, or providing any information.
Report: Alert the Avalanche team if you encounter suspicious activity on one of their platforms, like Discord or Twitter. Helping identify threats can prevent others from falling victim.
Always remember: Your security is in your hands.
For any additional questions, please view our other knowledge base articles or contact a support team member via the chat button. Examples are for illustrative purposes only.