CoinSmart® Phishing & Scam Detection — Login Safety (Unofficial)
This independent page explains how to spot phishing attempts that target account login and recovery processes and gives a playbook for safe response.
Common phishing formats
Phishing arrives by email, SMS, social media DM, or fraudulent web pages. Attackers often spoof legitimate senders and create convincing login pages. Typical lure lines include urgent “account suspension” notices or fake “security alerts” prompting immediate action.
How to inspect suspicious messages
- Hover over links (or long-press on mobile) to check the destination domain.
- Look for mismatched sender addresses, poor spelling, or inconsistent branding.
- Never provide passwords, recovery codes, or private keys in response to messages.
What to do if targeted
If you suspect a phishing attempt, do not click links. Instead, go directly to the service's verified site and inspect your account from there. Change passwords, revoke sessions, and enable additional 2FA methods if you notice suspicious activity.
Quick checklist
- Confirm the sender and URL;
- Do not provide credentials;
- Report the message to the platform;
- Perform an immediate account audit if you clicked links or entered credentials.
Recognizing phishing effectively comes down to skepticism and deliberate verification: copy vs. click, confirm domains, and prefer known channels. These habits prevent most credential-theft attacks and keep your sign-in process safe.