In DeFi, hackers often create fake websites or social media profiles that mimic popular DeFi platforms or wallets to trick users into giving away their private keys or passphrase using phishing attacks.

<aside> 💡 Phishing attacks are fraudulent emails or websites that imitate legitimate companies to steal personal information or money from victims.

</aside>

Users should be extremely cautious of unsolicited messages or links and always double check the URL before entering sensitive information. Never click links or download attachments from unknown or unverified senders. Legitimate companies will not ask for your private keys, mnemonics or password in an email.

DeFi users are frequent targets of phishing attacks because they often hold large amounts of cryptocurrency. Some common signs of phishing attacks include:

• Urgency: Messages trying to create a sense of urgency to make you act quickly without thinking. Never rush into a transaction or click a link before verifying the source.
• Poor grammar/spelling: Many scammers are not native English speakers, so phishing emails often contain basic grammar or spelling mistakes.
• Requests for personal info: Never provide private keys, mnemonics, passwords, or other sensitive data in response to an unsolicited message.
• "Too good to be true" offers: Be wary of messages promising free money, bonuses, or unrealistic returns. If something sounds too good to be true, it probably is.
• Spoofed URLs: Carefully check the website or link in the message to ensure it matches the legitimate company's URL. Hackers often register URLs that are misspelled or differ by only one letter.
• Requests to verify/update account: Legitimate companies will not ask you to "verify" or "update" your account by providing sensitive login details or keys. Ignore and report any such messages.