While phishing scams come in many forms, the most common scenario occurs when a client uses a search engine to search the word “Kraken”, clicks on the first link they see and unknowingly enters their sign-in credentials into a fraudulent site imitating the real Kraken website. These sites will often look almost identical to the official Kraken site, with the most telling difference being that the website address is noticeably different from the official URL, which is https://www.kraken.com/sign-in.
Another method of phishing occurs when you receive an unsolicited email or text that asks you to click a link or sign-in to your account. This could be a scammer whom is impersonating Kraken or another exchange or wallet provider. The links will lead to a website that looks almost identical to the actual exchange or wallet.
These links are malicious and will request that you enter your username and password or, in the case of a wallet, your 12 or 24 word seed phrase. Any information that you enter will be recorded, sent to the scammers and be used against you to gain access to your accounts and steal your cryptocurrency.
It is important to be very careful and practice good habits to avoid falling victim to these scams.
How to protect yourself:
- Bookmark www.kraken.com/sign-in to avoid using search engines to navigate to our site.
- Check the address of the website you’re visiting to ensure it is the actual site. Ask yourself if the name of the business is spelled correctly.
- Ensure the website’s URL begins with “https“.
- Look for the closed lock icon 🔒 in the address bar.
- Never click on the link found inside the email or text.
- Never disclose your 12 or 24 wallet seed phrase online.
- Bookmark the legitimate websites you visit often.
- Use PGP email encryption to verify the legitimacy of our emails.
- Consider setting up an email account that you only use for Kraken.
We will never ask you for:
- your username. Keep your username secret!
- your passwords. Never give out your passwords to anyone who asks.
- removing your 2FA methods or Master Key.
- access to your devices via remote desktop access software like Teamviewer or AnyDesk.
- To contact Kraken Support, always bookmark or navigate to the website manually by typing support.kraken.com into your browser's address bar. Never give out any information about your account unless you opened a ticket via this method.
- If you receive a Kraken Support email from any other address besides firstname.lastname@example.org, please do not click on any links that may be provided, as they are not legitimately from Kraken Support and should not be trusted. Instead please fill out this form to let us know and don't delete the email until you heard back from us.
- Note that our marketing emails are sent via the domain @marketing.kraken.com or @email.kraken.com and can be considered safe if you receive them in your inbox.
- View additional domains we send from as well as whitelisting instructions to ensure you receive all Kraken related emails.
- Kraken's phone support is now offering inbound service. More phone support options means there will likely be more phone scammers trying to take advantage of unsuspecting clients. We will never call you but if you wish to contact Kraken Support, kindly call one of the inbound numbers found on our support page.
- Kraken's inbound phone support means you can call us. Do not use search engines to locate our support phone number or the Kraken website. We recommend you bookmark support.kraken.com and only use this link to navigate to our phone number, which will be found at the bottom of the page on our support center.
- If you accidentally called or receive a call from a scam number, please fill out this form and let us know as many details as possible regarding the call.
- Our social media team only provides general support and an option to escalate your ticket using an online form.
- If someone claiming to work for Kraken contacts you on social media, never give them any information besides the ticket number of your issue.
To report a phishing incident, click here.