Wealth Security Protocol
Go to Casa Home
  • 🗺️Overview
  • 💜Casa vs. Alternatives
    • Introduction
    • Option #1: Do-it-yourself
    • Option #2: Custodial Storage
    • Option #3: Commercial Systems
  • 🔑System Design Principles
    • Introduction
    • Minimal Knowledge
    • High Security
    • Usability is Security
    • Expert Support
    • Redundancy
    • Sovereignty
    • Incentive Alignment
  • 🚨Threat Overview
    • Introduction
    • Data and Credential Loss
    • Phishing
    • SIM Hijacking
    • Network Attacks
    • Malware
    • Supply Chain Attack
    • Physical Coercion
    • Child/Pet Attack
    • Internal Service Provider Attack
    • Platform / Hosting Provider Attack
    • Code Dependency Attack
    • Official Seizure
    • Inheritance Failure
  • 🔐Chosen Features
    • Introduction
    • Hardware Wallet Signing
    • Multi-signature
    • Multi-location
    • Heterogeneous Hardware and Software
    • Seedless Hardware Wallets
    • Emergency Recovery Key
    • PIN or Biometrics for Mobile Key only
    • PIN for every device
    • Sovereign Recovery Instructions
    • Emergency Lockdown Button
    • Health Check
    • Identity Verification for Account Recovery
    • Inheritance
  • ✅Chosen Key Schemes
    • 5-Key Vault
    • 3-Key Vault
    • Pay Wallet
  • ❌Rejected Key Schemes
    • Shamir's Secret Sharing
    • 2-of-2
    • 1-of-2
  • ❌Rejected Features
    • Biometrics General Usage
    • Brain Wallet -- Memory Based Solutions
  • 🔧Remaining Attack Vectors
    • Address Spoofing
    • Malicious Insider Key Theft
    • Extreme disaster scenarios
    • Extortion
  • 👨‍🚀Future Improvements
    • Taproot/MAST
    • Schnorr Signatures
Powered by GitBook
On this page

Was this helpful?

  1. 🚨Threat Overview

Phishing

PreviousData and Credential LossNextSIM Hijacking

Last updated 1 year ago

Was this helpful?

Phishing is the practice of tricking a user into using malicious software that is designed to look legitimate. The malicious site may try to harvest credentials, or trick a user into downloading a tampered version of key software. For example, if you are tricked into logging into a malicious website at c0inbase.com, the attacker can then use your username and password to access your Coinbase account.

Phishing is a common practice. Users of desktop wallets like were attacked with a false upgrade notice, tricking them into downloading a version of the software that steals their Bitcoin.

Mitigation:

  • Watch carefully for HTTPS warnings on cryptocurrency sites.

  • Always check the URL on cryptocurrency sites.

  • Use a multi-signature wallet, which would require the user to be tricked multiple times before fund theft is possible.

  • Use a sovereign key storage system that avoids single points of failure.

Electrum