-Feb-15-2023-02-29-15-7102-PM.png?width=120&height=40&name=Untitled%20design%20(8)-Feb-15-2023-02-29-15-7102-PM.png){kind=small}
Protecting Yourself from Social Engineering Scams
Criminals are increasingly targeting crypto holders with sophisticated phone and email scams designed to steal funds. These attacks do not require hacking your wallet or breaking into Casa's systems. They work by convincing you to hand over access yourself. This article explains how these attacks happen, what they look like in practice, and exactly what to do to protect yourself.
How would I know if I was being targeted?
The most important thing to understand is that these attacks almost always start the same way: an unsolicited phone call.
You will receive a call from someone claiming to be from a company you already use and trust. This could be Google, Ledger, Coinbase, Kraken, Trezor, or Casa. The caller will sound professional, knowledgeable, and genuinely helpful. They may know your name, reference your accounts, and use correct technical terminology.
During that call, they will often send you a link — to verify your identity, to review a security alert, or to complete a step in the process they are walking you through. Clicking that link can compromise your email. Once an attacker has access to your inbox they can see every service you use, intercept real security alerts, and replace them with convincing fakes.
What to watch for:
- Any unsolicited call from a company you use, even if the caller ID looks legitimate
- A link sent to you during a phone call asking you to click for any reason
- Unusual login alerts or password reset emails you did not request
- Phone numbers appearing in your contacts that you did not add yourself
What does the attack look like once it starts?
These attacks follow a consistent pattern across the crypto industry. Understanding it is the best way to recognize one before it is too late.
They impersonate brands you already trust
Attackers rarely lead with Casa. Instead they start with another service you use, typically a hardware wallet like a Ledger device, and walk you through a convincing security process to fix a fabricated problem. By the time they suggest moving your Casa vault funds to the now clean device for safety, the request feels completely logical. The Casa impersonation comes last, after your trust has already been established.
Fake SMS alerts, spoofed caller IDs, and manufactured emails will arrive throughout the process to make every step look legitimate.
They create urgency to stop you from thinking clearly
Once contact is established the attacker will introduce an emergency. Your device has been hacked. Your funds are at risk. Your API key has been compromised. You need to act right now or lose everything.
This urgency is deliberate. Technical language like API keys, staking funds, and seed verification is used not because it is relevant but because it sounds serious and creates confusion. The goal is to keep you moving forward without pausing to verify anything.
If you feel rushed, pressured, or confused on a call with anyone claiming to be from a company you use, that feeling is a signal. Stop. Verify before you do anything else.
They keep you on the phone
These attacks are patient and sustained. Attackers will stay on the phone with you for as long as it takes, responding to every concern and handling every hesitation. They re-introduce the emergency every time you start to slow down. By this point you genuinely believe you are speaking with someone from a company you trust. That trust is being used against you.
What should I do?
Before you do anything else, verify
The first thing to know is that Casa will never initiate a phone call to you. If you receive an unsolicited call from someone claiming to be from Casa, that is not us. End the call.
If you have received a communication from someone claiming to be Casa and you are not sure whether it is legitimate, the safest thing you can do is stop engaging and reach out to us directly:
Email us at help@team.casa to verify any communication before taking any action. Do not reply to the email or message you received. Open a fresh email and contact us directly.
For Premium and Private Client members, Casa also has a built in verification code system that lets you confirm you are speaking with a real Casa advisor in real time before engaging on any call. We strongly recommend using it every time. You can learn more about how the verification code works and how to use it here: Verification Code Guide.
Regardless of your membership tier, the rule is the same: never take action on your wallet or vault based on an inbound call or message until you have verified directly with Casa through a channel you initiated yourself.
Remember what Casa will never ask for
No matter what tier you are on, no matter how urgent the situation sounds or how legitimate the caller appears, Casa will never:
- Call you unsolicited. We do not make outbound calls to clients. If someone calls you claiming to be from Casa, it is not us.
- Ask for your seed phrase. This is the master key to your hardware wallet. Anyone who has it has permanent and irrevocable access to everything on that device. There is no legitimate reason for any support team to ever ask for it. Not under any circumstances.
- Ask for your private keys or signing device access. Casa's multi-key model is designed so that no single party can move your funds alone. Any request for key access should be treated as an attack.
- Ask for your password. Legitimate support teams do not need your password to help you.
If anyone contacts you claiming to be from Casa and asks for any of the above, end the interaction immediately and email us at help@team.casa to report it.
Never share your seed phrase with anyone
One of the most common patterns seen in crypto social engineering attacks is a victim contacting a family member to retrieve part of a seed phrase and then emailing or texting it. Attackers anticipate this and intercept those messages.
Your seed phrase should never be shared verbally, over the phone, via email, or via text. Not with family. Not with your advisor. Not with anyone.
Keep your hardware devices in separate locations
If all of your signing devices are stored in the same place, a single attack can compromise your entire security setup. Geographic distribution is one of the most important protections you have. If your devices are currently stored together, now is a good time to change that.
If something feels wrong
Trust that feeling. You do not need to be certain something is wrong to stop and verify. Legitimate companies will never pressure you to act immediately without giving you time to check.
If you believe you are being targeted or have already acted on suspicious instructions:
- Stop all communication with the suspected attacker immediately
- Do not take any further action on your wallet or vault
- Email help@team.casa or open your Casa app to contact the real Casa support team
- Document what happened including phone numbers, times, and any instructions you were given
- Check your balances across all connected wallets and vaults
The sooner you contact us the more options we have to help you.
Quick reference: red flags at a glance
| What you experience | What it may indicate |
|---|---|
| Unsolicited call from a company you use | Impersonation attack in progress |
| A link sent to you during a phone call | Phishing attempt to compromise your email |
| Pressure to act immediately or lose funds | Urgency tactic designed to prevent verification |
| Request for your seed phrase for any reason | Seed phrase extraction attempt |
| Step by step instructions to move funds over the phone | Live vault withdrawal attack |
| Caller cannot confirm your verification code | Impersonator, not a real Casa advisor |
| Phone numbers in your contacts you did not add | Contact spoofing |
If you have received a suspicious call or message claiming to be from Casa, forward the details to help@team.casa. Never call back a number that contacted you. Always initiate contact with Casa directly through your app or by emailing us directly.