Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Reclaim Protocol>Discussion>User-phishing risk
GeneralOverview
Findings
Critical (4)
High (2)
Medium (5)
Low (6)
Informational (2)
DiscussionSpoofing risk via website data format instabilitySpoofing risk via insecure contains/RegEx checksSensitive data exposure riskUser-phishing riskLack of `postMessage` origin validationProxy/scraping service usageNode centralization risk
Audit ResultsSummary

User-phishing risk

When users generate a proof of identity or reputation to share with third-party websites, they are required to log in to the website that holds the credential. Attackers can easily steal information by convincing users to generate proofs on elaborately designed fake websites through social engineering.

To mitigate the weakness to phishing in such a structure, it is necessary to implement basic phishing prevention and user-warning measures. These could include

  • checking website hosts against the default providers offered by the Reclaim protocol, and

  • querying the host on phishing-website databases such as OpenPhish.

Zellic © 2025Back to top ↑