A
Check the full address
Compare every character. Familiar branding and a polished design are not proof that a page is authentic.
Safety checklist
Pause, verify, then proceed
Simple habits can reduce exposure to phishing, impersonation, credential theft, and misleading claims.
Essential practices
No checklist guarantees safety, but these baseline habits address common avoidable risks.
K
Verify signed updates
Use a previously trusted public key and treat unexpected key changes as a reason to stop.
P
Protect credentials
Use unique passphrases and never provide a password, private key, or recovery phrase to support staff.
2
Use a second factor
Enable a strong second factor where available and securely retain any recovery information.
M
Distrust urgent messages
Pressure, countdowns, surprise fees, and forced address changes are common manipulation signals.
X
Know when to stop
Leave immediately when requests or behavior differ from what you independently verified.
Warning signs
- An unsolicited message asks you to follow a new address.
- A page requests a private key, recovery phrase, or reused password.
- A supposed support agent asks for payment or remote access.
- A signed announcement cannot be verified with the expected key.
- The page discourages independent verification or creates artificial urgency.
If you suspect credential theft, stop using the affected credentials. Do not confront or continue interacting with the suspected impersonator.