There’s been a lot of reported scamming/hacking this year.~~ I refuse to use the term hacking here, since I feel like it is being used wrongly a lot in this sub and in the crypto scene in general. It’s giving a bad rep for actual hackers.
This year billions if not millions worth of crypto went to these bad people’s wallets, and mostly this is 90% the fault of the users themselves. It’s not like every hacker out there writes codes in an undetectable assembly language level scripts that bypasses antimalware/antivirus detectors or some 300 IQ shit. Hackers Scammers these days rely more on social engineering and phishing attacks, requiring the user’s participation.
We are experiencing a mass adoption of crypto, we should expect naive young bloods in the scene and with that more scammers out there. Experience is the best teacher, but we can educate ourselves as much as possible to mitigate inevitable losses along the way.
ALWAYS double, triple check the current URL of the website you are using whenever you are having crypto transactions. Check the domain first and foremost, then the following parts of the URL – the spelling, the subdirectories. You have to make sure you are using the right site. Also, USE BOOKMARKS IN WEBSITES YOU FREQUENT! Check if the connection is secure. Check if there’s lock icon on the left side of the address bar in most browsers click it and should say “Connection Secure”, and yes I’m aware that not all websites uses https BUT nowadays almost all of services now uses https. This doesn’t mean that if the website uses https it equates to it being safe already. You can also check the SSL certificate of a website by using some online tools around, it’s one google search away. Don’t use public wifi to access websites requiring entry of your credentials. You never know, you might get redirected to a malicious site imitating the website you’re trying to access. Don’t give your passphrase to anyone or to any website that is asking for it. Never ever put it in a website or anything connected to the internet for saving purposes or whatever. Put it somewhere safe offline. This is your lifeline to your wallet, imagine giving someone a direct access to your lifeline. Beware of fake mobile apps. Logo looks off? Misspellings? Other obvious errors? Don’t leisurely install apps from external sources, do a bit of a research about the company or about the app you are trying to use/install. Also, even if it’s in the app store or app store doesn’t mean it’s legit. Google and Apple have been known to be pretty lax at what goes in their app stores at times, of course official entities (binance, coinbase, etc.) can quickly find fake apps and get them remove from the app store, but still better to be cautious. Don’t click on suspicious emails/messages. Check the email domain, it’s quite easy to spot phishing emails. If it asks for sensitive information then it’s a red flag, even support agents from companies don’t ask for sensitive information. Don’t touch coins that you know nothing about. Sometimes you may see some coins in your wallet out of nowhere, looking at thousands or millions worth of coins in your wallet is tempting, but do not ever touch it. It maybe a dusting attack or worse you’ll be giving wallet access to the hacker. If you’re following influences, youtubers, news site etc. be sure to check if they are the real thing. Just like phishing attacks there can be fake accounts imitating famous personalities that may give some advice or send out links promising this and that. Never trust anyone online. I don’t think this is being extreme at this point. If you get a personal message out of nowhere then be cautious. Most social engineering starts here, the first contact. If he/she is offering to help you and give some links or software, that should really your awareness more. It’s fine talking to people but always assume that he/she is after something. Keep your mouth shut, limit your exposure. Even simply your name, address, birthday etc. can be used to get a hold of your accounts or YOU yourself. These can be used to reset a password or change an email or even sim swapping. You can also be attacked physically, knife in your gut or your passphrase? Don’t be stupid and avoid discussing so much on a public forum. Beware of softwares you install/trying to install. It may have some malwares coupled with it or a mining script in some cases. Multifactor authentication. Use an offline authenticator, don’t use an SMS one since it is prone to swim swapping. I personally use Authy, some use google authenticator, it’s up to you. Look for something that will satisfy you. Distribute your holdings to multiple exchanges/wallets. Don’t put all your eggs in one basket. This is more of a mitigation. Setup a kill switch. Had your mobile phone/laptop stolen? Wipe the data off of it right away. There are softwares/apps now that do this with a single click even if you’re on other side of the globe.
Everything here boils down to basically “keep your mouth shut” and “If it’s good to be true, then it probably is”.
submitted by /u/frstrtd_ndrd_dvlpr
[link] [comments]