What Is Phishing?
Phishing is when attackers create fake emails, websites, or social media accounts that impersonate XamanProtocol to trick you into revealing your login credentials, 2FA codes, or private keys. Once they have these, they can access your account and steal your funds.
Common Phishing Tactics
- Fake login pages: A website that looks identical to XamanProtocol but is on a slightly different domain (e.g., xamanprotocol-login.com, v1tstake.com, xamanprotocol.xyz)
- Fake support emails: Emails claiming there is a problem with your account and asking you to 'verify' by clicking a link
- Social media impersonation: Fake Twitter/Discord accounts claiming to be XamanProtocol support
- 'Urgent' security alerts: Emails saying your account will be suspended unless you log in immediately
- Investment promises: DMs or posts offering unrealistic returns if you 'connect' your wallet
How to Protect Yourself
- Always type the URL directly into your browser. Never click links in emails to log in.
- Bookmark the real domain and only use the bookmark.
- Check the URL bar before entering any credentials.
- XamanProtocol will never ask for your password, 2FA code, or seed phrase via email or support chat.
- Enable 2FA — even if a phisher gets your password, they can't log in without your 2FA code.
- Do not engage with unsolicited DMs on Telegram, Discord, or Twitter claiming to offer help or investment opportunities.
If You Clicked a Phishing Link
If you believe you've clicked a phishing link or entered credentials on a fake site:
- Do NOT log in anywhere else with the same password.
- Immediately change your XamanProtocol password.
- Revoke all active sessions in Settings → Security.
- Contact support to report the incident.
- Change your email account password too.