A few hours ago, I received an email, allegedly from TrustWallet, requesting my immediate action on an “urgent matter”. Apparently, I had to undergo their Know Your Customer (KYC) process. The email had all the signs of a phishing email, so I thought it would be good to discuss those red flags here. It’s currently 2:16 AM my side of the planet, so I’ll make this brief for now. I’ll just update this post when I can some time in the future.
Red Flag #1: An excessive sense of urgency
Phishing attempts are designed to exploit human emotion, so they usually express a sense of urgency. While some legitimate business emails can sometimes have a sense of urgency, phishing emails tend to be more exaggerated. For example, the email I got contained several statements that underlined the sense of urgency:
- several attempts to contact you
- about an urgent matter
- your last chance
- assets may be frozen
- please take immediate action
First of all, Trust never contacted me before. So the email’s claim of having contacted me on “several attempts” wasn’t true. But more than that, the presence of so many urgent statements just didn’t seem quite right.
Red Flag #2: From email address doesn’t match the sender
The email is supposed to come from Trust Wallet, whose site’s domain name is trustwallet.com. So, I’m expecting the email address domain to be trustwallet.com as well. Surprisingly, it’s not. This email’s domain name is nas.io, which, after a quick search, doesn’t seem to be associated with Trust.
Yes, some companies do use different domains for their email and website. That said, this practice is more of an exception than a rule. So you can consider it a red flag if you see an email domain that doesn’t match the alleged sender’s website domain.
Red Flag #3: Call to action (CTA) with a link
Lastly, the email had a call-to-action with a link. That yellow button labeled “Complete Your Process Now” is actually a link. You can see the link’s URL by hovering over the button and viewing the URL at the bottom-left of your web browser.
Many financial institutions no longer include CTA links in their emails when they require user action. Instead, they usually ask users to visit their official website and perform the required action there. This is done to distinguish legitimate emails from phishing emails.
So, yes, if you see an email, especially one that involves your funds or digital assets, that asks you to click a link, don’t comply. If you want, you can double check by logging into your account on the sender’s official website. If the notice is legit and it’s really urgent, you should receive a similar alert/notice when you log on.
There are several other red flags that are indicative of a phishing email, but these three are the most obvious ones. I’ll add more when I update this post. In the meantime, I hope this helps you avoid getting victimized by a phishing attack.