Malicious sites may pretend to be stellar.org or launch.stellar.org in order to obtain your account information and password. This process is known as “phishing,” and it’s important to be aware of it online.
Phishing attempts frequently come in the form of invitations to claim free lumens, often via email or social media. Think twice before you click on links for free lumens, and do not enter your password or secret key into ANY site that is not legitimate.
Here's how you can protect yourself:
- Never click to follow a link to a website from an e-mail—always enter the URL manually or save it as a bookmark.
- Check for “https”: If you’re using Google Chrome or Firefox as your browser, look for a little green lock (and “https” symbols) in the upper lefthand corner, in front of the url. Click the lock to reveal the identify of the site. If you’re on the official Stellar site, it will say “www.stellar.org” or “launch.stellar.org” and “Identity verified” in green.
- Examine the URL in your browser. Phishers use links that look like the “real” site in order to trick users. For example, http-//launch.stellar.org.inv.io begins with a familiar path, but is not a legitimate site. The phishing site also lacks an SSL certificate (http instead of https).
- Look at who the email is from. Phishers will create emails that look like legitimate addresses, such as “email@example.com” or “firstname.lastname@example.org”, etc. Emails from us will come from email@example.com
- Enable two-factor authentication on your account for an added layer of security.
"Spear phishing" is a type of targeted attack where the phisher uses information about you to trick you into thinking they are trustworthy. Just because a phisher may know your name or account name doesn’t mean that they’re legitimate.
If a malicious user gets your password and makes an unauthorized transaction from your account, you will not be able to recover those lumens as transactions can only be reversed by the person receiving them. In the future, companies and financial institutions may provide services to provide more choice and protection to consumers.
If a malicious user gains access to your account, they may also have access to your secret key which means you should create a new account and move all lumens to your new account.