It is important to stay vigilant against attempts to trick you into revealing confidential information, such as your seed phrases, or performing actions like completing KYC for an airdrop via email or other forms of communication. To protect yourself, please follow these steps:
- Do Not Respond: Do not reply to the message, click on any links, or download any attachments.
- Report It: Forward the suspicious email or message to our security team at security@dfinity.org.
- Delete the Message: Remove the email or message from your inbox to prevent accidental interaction.
What is Phishing?
Phishing is a cybercrime where attackers impersonate legitimate institutions to trick you into providing sensitive information such as private keys, passwords, or financial details. These attacks often occur via email, forums, social media, or other communication platforms.
How to Identify Phishing Attempts
1. Suspicious Emails or Messages
- Be cautious of unsolicited emails or messages claiming to be from the DFINITY Foundation. Phishers often copy logos and language that mimic legitimate communications.
2. Urgent Requests for Information
- Fraudulent messages may create a sense of urgency, asking you to verify your account, go through a KYC procedure, claim a prize or an airdrop, or respond to a security alert immediately. We never ask for sensitive information in this manner.
3. Unfamiliar Links or Attachments
- Do not click on links or download attachments from unknown or unexpected sources. These could lead to malicious websites designed to steal your information.
4. Inconsistent Email Addresses
- Carefully examine the sender's email address. Phishing emails often come from addresses that look similar to but are not the same as, those of legitimate companies.
How to Protect Yourself
- Verify Before You Act: If unsure, verify the authenticity of any communication by contacting us directly through the official channel at https://support.dfinity.org. Do not use the contact information provided in the suspicious message.
- Keep Your Software Updated: Ensure your computer and mobile devices have the latest security updates and antivirus software installed.
- Never Share Private Keys: Your private keys are the gateway to your blockchain assets. Never share them with anyone, even if they claim to be from a reputable source.
- Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA to add an extra layer of security to your accounts.
What to Do If You Suspect Phishing
If you suspect that you have received a phishing email or message, take the following steps:
- Do Not Respond: Do not reply to the message, click on any links, or download any attachments.
- Report It: Forward the suspicious email or message to our security team at security@dfinity.org.
- Delete the Message: Remove the email or message from your inbox to prevent accidental interaction.
By staying vigilant and informed, you can help protect yourself and others from phishing scams.