How to Avoid Phishing and Ensure Communications Are from Figment

Commitment to Your Security

Figment is committed to maintaining the highest security standards to protect your account and information. By staying vigilant and following the guidelines outlined here, you can help ensure your interactions with Figment remain safe and secure.

Phishing attacks are a common method used by malicious actors to steal sensitive information such as login credentials, personal data, or financial details. At Figment, we prioritize your security and want to ensure that you can recognize and avoid phishing attempts effectively. 

Figment’s multi-layered security approach encompasses continuous proactive measures and purpose built controls to maximize the resiliency and security of its staking services.

Security is integrated throughout all aspects of Figment to reduce risk and enable the assurance, integrity and confidentiality customers expect.

You can help protect yourself from fraud by familiarizing yourself with the many ways in which fraud can appear on your Figment account, email, phone, or your computer. 

Here’s our guide to staying safe:

Recognize Official Communications from Figment

To help you differentiate legitimate communications from Figment and potential phishing attempts, keep the following in mind:

  • Email Domains: Official emails from Figment will only come from our domain: @figment.io.
  • Secure Links: Ensure that any links in Figment communications direct you to our official website, https://figment.io, or other verified subdomains, which include the following below. Communications from Figment will always comes from official domains, if you’re unsure, please verify with our support team.
  • No Sensitive Requests: Figment will never ask for your password, private keys, seed phrases, or any sensitive financial details via email, chat, or phone.
  • Contact Verification: If you’re ever unsure about the legitimacy of a communication, contact us directly through the official channels listed on our website and detailed in this guide.

Types of Phishing to Watch Out For

Phishing attempts take many forms and are becoming increasingly sophisticated. Below are some of the most common types to be aware of. While this list is not exhaustive, it highlights the most prevalent methods in the industry, as scammers continually devise new and elaborate ways to access accounts.

Email Phishing

Fake emails designed to appear as if they come from Figment, urging you to click a link or share sensitive information. These emails often create a sense of urgency, such as warning about account suspension or requiring immediate action to secure your funds.

Smishing

Fraudulent SMS messages pretending to be from Figment. These messages may:

  • Contain shortened or unrecognizable URLs.
  • Warn of suspicious account activity, asking you to verify your information immediately.
  • Promise rewards or bonuses in exchange for clicking a link or providing sensitive details.

Be cautious of any text message urging you to act quickly, and verify its legitimacy through official Figment channels.

Social Engineering

This method involves scammers pretending to be Figment representatives. They may use phone calls, emails, or messages to gain your trust and request:

  • Funds or deposits under the pretense of “securing” your account or processing transactions.
  • Private keys, seed phrases, or passwords for troubleshooting or verification.

Remember, Figment does not custody funds, request deposits, or require access to your private keys or seed phrase at any time.

Fake Websites

Fraudulent websites are crafted to look like Figment’s official site but are designed to steal your credentials. Common tactics include:

  • Slight variations in the URL (e.g., flgment.io instead of figment.io).
  • Mimicking the design and layout of Figment’s website.
  • The inclusion of login forms or pop-ups requesting passwords or your seed phrase.

Always verify the URL and ensure it matches Figment’s official domain before entering any sensitive information. If in doubt, please contact us at support@figment.io

Best Practices to Avoid Phishing

  • Verify Sender Details: Before responding to an email, verify the sender’s name and email address. Be cautious if the email contains typos, generic greetings (e.g., “Dear User”), or urgent language prompting immediate action.
  • Avoid Clicking Unknown Links: Do not click on links or download attachments from unknown or unexpected senders. Hover over the link to view the URL first.
  • Bookmark Official Websites: Bookmarking the official Figment website will ensure you always visit the legitimate one and prevents you from clicking fraudulent search engine results.
  • Use Strong and Unique Passwords: Secure your Figment account with a strong, unique password and enable two-factor authentication (2FA) for added protection. Preferably hardware-backed FIDO2-complaint MFA tokens. For the highest level of security, use a hardware-backed phishing-resistant MFA device such as a Yubikey or Titan Security Key.  
  • Use a Password Manager: Password managers ensure your passwords and login details are stored securely and prevent accidentally typing in passwords on fraudulent domains.
  • Stay Updated: Enable automatic updates on all your devices to ensure your browser ensure your browser, operating system, and antivirus software are up to date to protect against known vulnerabilities.

Steps to Take If You Suspect a Phishing Attempt

If you believe you’ve encountered a phishing attempt targeting you or other Figment customers:

  1. Do Not Engage: Avoid clicking any links, downloading attachments, or responding to the sender.
  2. Report the Incident: Forward the phishing email or provide details about the suspicious communication to support@figment.io.
  3. Check Your Account: Log in to your Figment account via the official website here to verify your account activity. If you notice unauthorized actions, update your password immediately and enable 2FA.
  4. Stay Alert: Inform other Figment users in your network about the phishing attempt to help them avoid falling victim.

Figment’s Unique Security Model

  • No Private Keys or Wallet: Figment does not hold customer funds, private keys, seed phrases, or wallets. If anyone claiming to represent Figment requests deposits, funds, or wallet access, this is fraudulent. Report such requests immediately.
  • Non-Custodial Staking: While Figment manages staking services, we do not custody user funds. Your assets remain under your control at all times.

Additional Resources

For more information about online security and how to protect yourself against phishing, explore these trusted resources:

Federal Trade Commission (FTC) on Phishing

Cybersecurity & Infrastructure Security Agency (CISA) on Phishing

If you have any questions or need further assistance, please reach out to us at support@figment.io.