How phishing looks
Phishing attempts impersonate official communications and try to trick you into entering credentials or approving transactions. They often use urgent language and links to lookalike domains.
Do not: ever provide passwords, 2FA codes, or account recovery information to anyone over email or chat. Officially verified support will not request secrets.
Verification checklist
- Confirm domain spelling and HTTPS lock before signing in.
- Avoid clicking links in unsolicited messages—use bookmarks or official apps.
- Check email sender headers if suspicious and save evidence.
If you clicked a suspicious link
From a secure device, change your password, revoke sessions, and notify verified support. Move funds if you suspect the worst and collect screenshots and timestamps for the investigation.