> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Phishing

> Learn how crypto phishing attacks steal funds through fake websites, malicious airdrops, social engineering, and impersonator support scams.

## Overview

**Phishing** in cryptocurrency involves deceptive attempts to steal funds or credentials by impersonating legitimate projects, people, or services. Crypto phishing is particularly dangerous because transactions are irreversible.

<Warning>
  Phishing is the most common attack vector in crypto. Always verify URLs, check official announcements, and never share seed phrases.
</Warning>

## Types of Crypto Phishing

### Website Phishing

* Fake websites mimicking legitimate projects
* Often use similar domain names (typosquatting)
* Clone the UI of popular dApps

### Social Engineering

* Impersonating team members or support staff
* Fake "verification" or "account issues"
* Urgency tactics to pressure quick action

### Airdrop Scams

* Unsolicited tokens appearing in wallets
* Links to "claim" more tokens
* Interacting triggers malicious contracts

### DNS Hijacking

* Attackers compromise DNS records
* Legitimate domain points to malicious site
* Very difficult to detect

## Detection Indicators

| Tag                   | Severity | Description                             |
| --------------------- | -------- | --------------------------------------- |
| `phishing_activities` | High     | Address involved in phishing operations |
| `is_airdrop_scam`     | High     | Fake airdrop attempting to steal funds  |
| `spam_domain`         | Medium   | Associated with known spam domains      |
| `is_scam`             | High     | Confirmed scam activity                 |
| `spam`                | Low      | Spam activity detected                  |

## Red Flags

### URL Warning Signs

* Misspelled domain names (uniswap → un1swap)
* Extra characters (opensea-claim.com)
* Different TLD (.io instead of .com)
* Subdomains used deceptively (uniswap.malicious.com)

### Communication Red Flags

* Unsolicited DMs about "opportunities"
* Requests for seed phrases or private keys
* "Limited time" urgency pressure
* Requests to "verify" your wallet

### Transaction Red Flags

* Unexpected approvals requested
* Transactions to unfamiliar contracts
* Higher gas fees than normal
* Multiple transactions bundled together

## API Example

```bash theme={null}
# Check an address for phishing activity
curl -X GET "https://api.webacy.com/addresses/0x123...?chain=eth" \
  -H "x-api-key: YOUR_API_KEY"

# Check a URL for phishing
curl -X POST "https://api.webacy.com/url" \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://suspicious-site.com"}'
```

Response indicating phishing:

```json theme={null}
{
  "overallRisk": 90.0,
  "issues": [
    {
      "tag": "phishing_activities",
      "severity": "high",
      "description": "Address involved in phishing activities. Proceed with extreme caution."
    }
  ]
}
```

## Protection Strategies

1. **Bookmark official sites** - Never click links from messages
2. **Verify announcements** - Check official Twitter/Discord for news
3. **Use URL checkers** - Our [URL Risks](/api-reference/url-risks/project-url-risk-analysis) endpoint
4. **Enable 2FA** - On all exchange and service accounts
5. **Never share seeds** - No legitimate service will ever ask
6. **Check contract addresses** - Verify against official documentation
