Phishing Protection

Phishing is the leading cause of crypto wallet losses. Morsel includes several layers of protection, but understanding how attacks work is the most important defence.

Morsel's Built-in Protections

• Domain blocklist — known phishing sites are blocked before they load in the in-app browser
• Connection popups always show the exact domain requesting access — you see the real URL before approving
• Transaction simulation — transactions are simulated before you sign them, so you can see what actually happens

How Phishing Works

Most crypto phishing follows the same pattern:

1. You receive a link via Discord, Twitter, email, or an NFT airdrop
2. The site looks exactly like a real dApp (same UI, logo, layout)
3. But the domain is slightly different — e.g. jup1ter.ag instead of jup.ag
4. You connect your wallet and approve a transaction
5. The transaction drains your wallet

Verifying the Domain

The single most important habit: always check the domain in the Morsel approval popup before tapping Connect.

Transaction Simulation

Before you confirm any transaction, Morsel simulates it and shows you what will actually happen — which tokens will leave your wallet, which will arrive, and any unusual programs being called.

Common Scam Patterns to Recognise

• Free NFT or token claims — "You won! Click to claim" — almost always wallet drainers
• Urgent warnings — "Your wallet is compromised, verify now" — Morsel will never send you such messages
• "Revoke approval" scams — fake sites that ask you to approve a transaction to revoke permissions
• Discord DMs offering support — always go to official support channels, never DMs

If You Think You Were Phished

1. Immediately create a new wallet with a new seed phrase
2. Move any remaining funds to the new wallet
3. Do not reuse the compromised seed phrase anywhere
4. Report the phishing site to Morsel support so it can be added to the blocklist