Phishing in Web3 looks different from phishing in Web2. The end goal isn't a stolen password, it's a wallet signature.
Common patterns:
- Fake mint sites: the attacker copies a legitimate project's mint page on a near-identical domain, and any wallet that connects gets a malicious approval prompt.
- Malicious airdrops: a token appears in a wallet, the user goes to claim, and the claim function drains approved assets.
- Compromised Discord and X accounts: project mods or founder accounts get hijacked and used to post phishing links to their own community.
- Address poisoning: attacker sends a 0-value transaction from a vanity address that looks like one of the user's known counterparties, hoping the user copy-pastes the wrong address from history.
The defense is not technical, it is transaction simulation before signing, hardware-wallet display reading every time, and a healthy paranoia about anything that creates time pressure.