Announcing our $41M series B led by Goodwater Capital

Learn more

How Slash is combating recent phishing attacks

New phishing attacks are targeting Slash users with fake websites and Google Ads. Here's how to protect yourself and what we're doing to keep you safe.

Author:Allie Brown
Allie Brown

At Slash, we process millions of transactions every day, connecting businesses and consumers in an increasingly interconnected, global financial ecosystem. With that level of volume comes the necessary, serious responsibility to protect our customers from phishing attacks. We’re writing today to alert you to recent phishing attempts impersonating Slash and to update you on the standards and procedures in place to protect all users from phishing.

This includes investment in not only heightened security procedures but tips for users to ensure the sites they are visiting and, more importantly, logging into, are valid Slash websites.

What to be conscious of

Over the past few weeks, we’ve seen a dramatic surge in fake phishing websites copying Slash’s login page. Fraudsters are creating these fake websites, then using sponsored Google Ads to push these sites to the top of the search results.

These attacks are particularly dangerous due to their accurate design: nearly pixel-perfect replicas of our platform.

Here’s an example of a phishing site:

vs. Slash's real UI

The visual resemblance can make phishing sites difficult to distinguish from our real site, but here are a few steps to verify authenticity:

  1. Ensure the site URL is genuine. The Slash URL is (and will ALWAYS be) slash.com or app.slash.com. If you notice a variation by even a letter, please leave the site immediately.
  2. Bookmark your Slash page. In many instances, attackers are successful through Google search tactics. If you are searching for Slash through Google, you are opening yourself up to a potential scam. Please bookmark Slash’s page and refer to that bookmark to mitigate this risk.
  3. Enable security notifications and monitor your account regularly. With adequate security alerts enabled, you can maintain clear oversight into logins, account activity, and transactions. If you receive a notification for activity you didn't authorize, contact our support team immediately.
  4. Consider using the mobile app. Our official Slash mobile app offers a secure way to access your account. Unlike web browsers, where fake sites can appear in search results, mobile apps are vetted by Apple and Google before publication. Once downloaded, you can trust that you're always accessing the real platform.
  5. Unsure? Contact Slash support. Our support team is available 24/7 to assist you and answer any questions or concerns. If you’re unsure whether a site you are visiting is legitimate, contact support@slash.com and we'll be happy to assist you.

Following the above steps will significantly reduce your risk of falling victim to phishing attacks. However, we know that even the most vigilant users can make mistakes. That's why we're continuously building advanced security systems and enhanced protections to proactively detect and counteract these threats before they reach you.

What Slash is doing

It is our top priority to keep you and your funds safe from attacks; that’s why we have implemented heightened security to reduce phishing and fraud risks. Our new security verification system includes:

  1. Device fingerprinting. When you log into your account for the first time, we create a secure fingerprint of your device IP address and browser information. This information is encrypted and used only to verify your device's identity.
  2. New device detection. On future logins, if we detect sign-ins from an unfamiliar device or IP address, even with already existing two-factor authentication, we will send a link to your email to verify the login. This link will only work if it is clicked on the same device, which combats phishing for two-factor authentication codes.
  3. Trusted device registry. Once your device is verified via two-factor authentication, it will be added to your trusted device registry, so you will no longer need to complete multiple verification steps, and logins will remain fast and seamless.

In addition to enhanced device verification, at Slash, we continue to ensure your account remains secure against unauthorized or fraudulent activity through ongoing verification, notification features, and a team of compliance and support professionals.

We recognize that heightened security may require additional verification steps or brief delays, but safeguarding your funds is our top priority. If you have any concerns about additional security measures, please contact our support team.

Our commitment to you

Our users are the foundation of everything we do at Slash, and we’re grateful for the trust you place in us every day. We don’t take this trust lightly, and we are committed to staying one step ahead. If you ever have questions about suspicious activity, notice something that doesn’t seem right, or simply want to verify whether a communication is truly from us, please don’t hesitate to contact our support team.

We’re here to support you every step of the way. Your security is our mission, and we’ll continue investing in security measures and keeping you informed as new threats emerge.

Read more from us