Recently, a phishing trend that’s attempting to mimic our wallet authorization emails has been making the rounds. To help users distinguish between what’s legitimate and what’s not, this post will serve as a primer on wallet login attempts, how the process works, and how to outsmart phishers.
The recent phishing trend
Phishing emails may look deceivingly authentic at first glance, but regardless of appearance their intention remains the same: to trick you into revealing your login credentials and providing a direct line to your personal information.
This recent phishing trend affecting Blockchain users appears to resemble our wallet authorization emails, which users receive as part of the wallet login process.
Legitimate authorization emails
All correspondence to our users is delivered from @blockchain.info or @blockchain.com domains. Currently, firstname.lastname@example.org is the origin of authorization emails, which are only sent if a login attempt was made with your wallet ID.
When you’re in the process of logging in and see “Please check your email to approve this login attempt”, that’s your cue to expect an authorization email (like the one below) from us.
Malicious login attempts
If you receive the above email from email@example.com and are not attempting to log in, the next possibility is that someone else is attempting to gain access to your wallet. This is one of the reasons we implemented authorization emails: to notify rightful wallet owners of potentially malicious login attempts. In such a case, do not approve the login attempt, and visit our wallet security center guide to make sure you’ve completed all three levels. As for your password, an instance such as this does not mean the third party knows it, but for peace of mind we recommend changing it.
Phishing emails and red flags
Knowing how our wallet authorization process works can also help you identify a phishing trend. Phishing red flags can be uncovered by examining details like the sender’s information and email contents, like time of login, IP address, and browser details. If the sender’s email is any different (an oddly-spelled variation, like firstname.lastname@example.org), there’s your first sign it’s not legit. In this instance, grab a screenshot, send it directly to us, and we’ll take it from there.
We hope this was a helpful walkthrough about this phishing trend and the ins and outs of wallet login attempts. As always, reach out if you still have questions!