I think I have been phished. What should I do?
If you think you have fallen victim to a phishing incident, complete the following actions to mitigate risk to your Kraken account:
- Contact our Live Chat specialists by clicking on the chat icon at the bottom right of the page to notify them of the suspicious activity so they can lock your account. If you received an email about an unrequested withdrawal address added to your account, click the link provided in the email to lock the account yourself.
- Submit a support request using the “Report Suspicious Activity” option on our webform.
- Change the passwords for both your Kraken account and the email associated with your Kraken account. Triple-check that you are entering your credentials through the correct URLof www.kraken.com/sign-in.
- Look through your recent search history on your browser and search the word “Kraken”. See if any URLs come up that deviate from www.kraken.com (i.e. www.krakin.co/signin) and provide these to our security team so they can report them and have them taken down.
- Take screenshots of the fraudulent URL for further analysis by our security team.
Once your support request is received by our security team, they will respond via email and assist you in securing your email, devices and your Kraken account. Our aim is to get your account fully operational as soon and safely as possible, but the process can take some time. We will provide you tips on how to avoid future attacks and equip you with the tools necessary to ensure your Kraken account is up to date with all of our latest security features.
What is a phishing incident?
While phishing incidents come in many forms, the most common scenario occurs when a client uses a search engine to search the word “Kraken”, clicks on the first link they see and unknowingly enters their sign-in credentials into a fraudulent site pretending to be the actual Kraken website. These sites will often look almost identical to the official Kraken site, the most telling difference being that the URL (website address) is noticeably different from the official URL, www.kraken.com/sign-in.
Screenshot of a phishing website
The attacker can use this fraudulent site to get your username, password, device approval code and your sign-in 2FA code, providing full access to your Kraken account on the real Kraken website. Additionally, attackers will often include an “email synchronization request” to try and phish your email credentials. If an attacker succeeds in compromising your email, they will be able to change your password, remove 2FA functions, add and approve withdrawal addresses and ultimately, be able to withdraw funds from your account.
How will I know if I have been phished?
Once an attacker enters an account they need to make changes to it in order to withdraw funds. At the very least, they will add a withdrawal address, but they will often make further changes to prevent you from entering, allowing them time to attempt the withdrawal of funds.
Kraken will notify you via email any time you make a change to your account settings. If you begin receiving emails about changes to your account that you haven’t requested, this could be the result of a phishing compromise.
Note: If an attacker has compromised your email, they will often delete the auto-emails to avoid detection. If you fall victim to a phishing incident but do not see any Kraken notification emails in your inbox, this could be the reason.
We will notify you anytime the following actions are attempted on your account:
- Device approval
- Password resets
- Two-factor authentication changes
- Global Settings Lock changes or deactivation
- Adding or updating withdrawal addresses
- Withdrawal requests
If you haven’t requested these changes, it is possible you have been involved in a phishing incident and need to take action immediately.
What are the best practices to avoid phishing incidents?
The avoidance of phishing extends beyond your general use of Kraken and demands proper digital hygiene across all crypto platforms, search engines, social media, and email providers. The following is a list of recommended best practices to avoid a phishing incident:
- Bookmark the Kraken sign-in page on your browser or device to avoid the use of search engines to navigate to www.kraken.com. Even the most reliable search engines can lead you to a phishing website (especially the most used ones!).
- Do not use links suggested in your browser's URL bar to navigate to www.kraken.com and avoid clicking on suspicious links prompting you to enter your credentials. Only enter your credentials if the URL is www.kraken.com/sign-in.
- Double and triple-check the URL of any platform that you visit before entering any sign-in credentials or sensitive information.
- Delete your browsers' history and cookies to avoid automated suggestions of phishing links you may have navigated to in the past.
- Keep your browser, any software and all of your devices updated to the latest versions and remove any browser plugins or extensions that may have been downloaded from untrusted sources.
- Beware of fake Kraken apps. Our official mobile apps (published by Payward, Inc.) are listed in our Support Center. Other apps claiming to be official Kraken apps are not ours and are likely to be scams. If you have downloaded a fake Kraken or cryptocurrency app to your device, we advise to backup any required data and factory reset the device.
- Consider the Chrome Netcraft or Firefox Anti-phishing extension as an additional layer of protection.
- Avoid the use of untrusted or public wireless networks when accessing the Kraken site.
Additionally, use all of the security features available at Kraken. Sign-in 2FA alone is not enough to properly protect your account! Our Master Key and Global Settings Lock security features are often critical tools in preventing successful phishing attacks.
When our security features are properly used, they are substantial barriers between you and an attacker. Please see this article on how to best secure your Kraken account, email, devices, and digital life.