← BACK_TO_DATABASE
VECTOR_ANALYSIS // SECURITY

Phishing & Address Poisoning

NODE: PHISHING-ADD
VERIFICATION: PASSED
01_DEFINITION

Strict Definition

"Deceptive attacks designed to steal private keys or trick users into sending funds to the wrong address."

Liability Check // Risk Analysis

The 'User Error' risk. Scammers send a $0 transaction to your wallet from an address that looks *almost identical* to your own. You then 'copy/paste' that address from your history for your next real transaction, sending funds to the attacker.

Knowledge Context // Related Terms

Hot WalletSecurityMPC

Auditor NotesVS-AN-2026

Strategy Domain

"Implement 'Contact Whitelisting'—only send funds to addresses that have been previously 'saved and verified' in your software."

Operations Standard

"Always verify the *entire* address, not just the first and last 4 characters. Use 'Transaction Simulation' to see the recipient's metadata."

Legal & Compliance

"Conduct monthly security training for treasury staff specifically focused on 'Visual Address Verification' and phishing signatures."

Run Readiness Assessment
DOCUMENT_ID: CW3-PHISHING-&-ADDRESS-POISONING-2026
SCHEMA_VER: AEO_3.2
LAST_AUDIT: 1/8/2026
HASH: NECDO