Phishing Email about Changing Wallet Key should be ignored

A large amount of phishing emails were recently sent out to Stellar Lumens holders today. The email was sent from hello@stellar.org with Request to change Stellar wallet key as subject.

Interestingly, the email has valid DKIM headers for Stellar.org which means it could be a hack. The phishing webpage that asks for user’s secret key was hosted on sub-domain of stellar.org. In other words, the emails are coming from inside the domain and this is not really a phish because these are genuine emails from Stellar.org domain – the official website of Stellar Development Foundation.

Here is a screenshot of DKIM headers of email being sent which confirms that emails were infact sent from stellar.org

stellar phishing email

Also, on the webpage, if you click cancel request, you are taken to auth.stellarwallet.org which is definitely a phishing page.

Earlier, phishing emails were sent from a different domain that could be easily identifiable with some due diligence but this time, it is different. The emails look genuine and webpage is infact, hosted on Stellar.org portal.

Many users have already fell for this and their funds are gone. The webpage asks user for their secret key that gives hacker full control of user’s funds.

A general rule of thumb – emails stating your crypto or email account has been hacked are phishing emails and shall be marked spam immediately.

Here are the contents of the email:

Sub: Request to change Stellar wallet key

A request to generate a new secret key for your Stellar wallet has been received.

For security reasons, this process may take upto 7 days to complete and will be processed automatically from now.

If you wish to cancel the request or if you did not initiate this action, it is possible that someone is trying to access your account without your permission. Please login to your account to cancel the request:

<authorize request> <cancel request>