New dashboard

Github Discord

Donations

This website uses cookies and other technologies to allow keeping sessions and to improve user experience.

Sync status · Server status

Terms · Privacy · Contact

Beware of scams - recognising fraudulent email and phishing

Objective

Phishing is a fraudulent technique designed to deceive internet users into providing personal data (access accounts, passwords, secret keys, seeds etc.) and/or "wallet verification" or "account verification" by pretending to be a trusted third party or site.
In practice, this is often done by sending an email asking you to click on a link. This link will redirect you to a form that fraudulently uses the colors of a brand and asks you to enter your personal details.

This guide will show you how to recognise a phishing email, and what to do if you click on a fraudulent link.

Instructions

I have received a phishing email on behalf of XRPLWin

Identifying a phishing email

If you have received an email claiming to be from XRPLWin and you are unsure whether it genuinely originated from us, you should look for any signs that it is a phishing attempt. Here are a few details that will help you tell an XRPLWin email apart from a phishing attempt.

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it's from XRPLWin. Or maybe it's from an online payment website or app. The message could be from a scammer, who might

claim your wallet/account is at risk — it is not
claim your wallet/account needs verification or confirmation — it does not
say they've noticed some suspicious activity — they haven't
claim there's a problem with your account or your payment information — there isn't
say you need to confirm some personal or financial information — you don't
include an invoice you don't recognize — it's fake
want you to click on a link to make a payment — but the link has malware
say you're eligible to register for a "government" refund — it's a scam
offer a coupon for free stuff — it's not real

Remember to make sure that the following three conditions are met:

Number/description	Legit XRPLWin email	Phishing email
1. Sender	Check that the address used to send the email ends in "@xrplwin.com"	Most of the times, the email will be marked as spam between brackets, and your NIC handle will not be shown OR will be incorrect.
2. Subject	Subject will not start with "[SPAM]". Title of email claims your account is not verified, you are hacked, you need to confirm something...	Most of the time, the email will be marked as spam between brackets.
3. Link	Move your mouse over the link, and you will be able to see its contents at the bottom of your browser, without having to click on it. Here, the link does indeed points to `https://xrplwin.com` or `https://xahau.xrplwin.com` or any subdomain ends with `xrplwin.com.`	If you move your mouse over the link that it has nothing to do with XRPLWin. Do not click it.

I entered my personal details - what do I do now?

If you entered your credit card number on a fraudulent site

The only thing you can do is contact your bank as soon as possible, to have your card blocked. Tell them the date and (if possible) the time at which you entered your credit card number. Only your bank can cancel fraudulent transactions that may have been made without your knowledge.

If you entered your XRP/XAHAU account secret key(s) on a fraudulent site

Move your funds to a new wallet immediately! Scammers work fast, if they did not drained your funds yet move all funds to newly generated account as soon as possible.

Other sources

https://xrpl.org/community/report-a-scam
https://chainara.io