Trezor.io/start — Security Notice
Important: This page displays a phishing warning and safety guidance.
This website has been reported for potential phishing.
Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.
Phishing attacks targeting cryptocurrency users have become increasingly common as bad actors try to steal private keys, seed phrases, and login credentials. This article explains why the warning "This website has been reported for potential phishing" matters, how to recognize phishing sites, and what to do if you encounter one. The goal is to help you protect your funds and personal information by using practical, cautious steps.
Phishing websites often mimic legitimate services in appearance but use slightly altered URLs, unofficial domains, or cloned page designs. They may prompt you to enter sensitive information such as wallet recovery phrases, account passwords, or two-factor authentication codes. For hardware wallet users, attackers sometimes create fake “start” or “setup” pages designed to trick new users into revealing their recovery seed. Remember: a legitimate hardware wallet setup will never ask you to enter your seed into a website or browser.
When you see a phishing warning, pause and do not enter any details. Check the URL carefully for misspellings, extra characters, or subdomains that don’t match the official site. Use a search engine to find the verified, official domain for the product you intend to use, and compare the certificate and issuer shown in your browser’s address bar. If you’re using bookmarks, ensure they were created from trusted sources and not copied from an unknown link.
Protective habits reduce the chance of falling victim. Always keep your recovery phrase offline and never store it as plain text on a computer or in cloud storage. Use hardware wallets for long-term storage and enable multi-factor authentication on accounts that support it. Keep your software, browser, and device firmware up to date to benefit from security patches.
If you suspect you visited a phishing page and entered sensitive information, act quickly. Change passwords for affected accounts and enable two-factor authentication where possible. For cryptocurrency wallets, consider moving funds to a new wallet whose seed phrase was generated securely and never entered online. Contact the official support channels of the product or exchange to report the incident and follow their guidance.
Reporting phishing sites helps others avoid the same trap. Most browsers and search engines offer simple reporting tools—use them to flag the suspicious site. Your web host or domain registrar can also be notified if the domain appears to be hosting malicious content. Security communities and forums may provide additional advice and can amplify reports to takedown services.
Education and vigilance are your best defenses. Teach family members and colleagues about phishing tactics and encourage safe practices like verifying URLs, reviewing certificate details, and avoiding unsolicited links in emails and messages. Regularly review account activity and transaction histories to spot unauthorized access early.
In summary, treat every phishing warning seriously. Do not share recovery phrases or passwords with websites, verify official domains through trusted sources, and move funds immediately if you believe a compromise occurred. Staying informed and cautious will significantly reduce your risk of losing assets to phishing attacks. Stay alert and verify links before entering information.