Phishing

Phishing is a social-engineering attack in which criminals impersonate a trusted entity — a bank, registrar, or marketplace — through deceptive emails, messages, or lookalike websites to steal credentials, seed phrases, or funds. Domain abuse is central to most phishing campaigns: attackers register convincing lookalike names via typosquatting or homograph tricks, then point them at fraudulent pages mimicking the real site. A successful phish against a registrar account is a common precursor to domain hijacking, and DNS hijacking can weaponize a legitimate domain for phishing without the owner noticing. Defensive hygiene includes verifying sender domains carefully, enabling hardware-key MFA on registrar and wallet accounts, and using password managers that bind credentials to exact origins so they won't autofill on lookalike pages. For Namefi users, a phishing attack that harvests a wallet seed phrase is as severe as any registrar compromise — on-chain ownership is only as secure as the private keys protecting it. Source: FTC Consumer Information — How to Recognize and Avoid Phishing Scams.