Don't get scammed! 11 simple security rules
11 simple security rules for cryptocurrency transactions
Last updated
11 simple security rules for cryptocurrency transactions
Last updated
Blockchain technology has a high level of security, but there is still a human factor. Moreover, scammers are always working out new ways to cheat unsuspecting users.
Therefore, it is about time for all of us to think of how to secure our funds. Blockchain transactions are anonymous and irreversible, and this can be both an advantage and a disadvantage.
If funds from your wallet are withdrawn to someone else's wallet, you won't be able to undo the transaction.
If funds from your wallet are withdrawn to someone else's wallet, you won't be able to undo the transaction.
That's why you have to be extra careful and remember the rules of cybersecurity. Only awareness and constant vigilance will help you protect your money from the intruders.
Further we will tell you about the basic concepts of cybersecurity, the most common threats, and the ways to defend yourself.
A mnemonic phrase, aka seed phrase, or "12 words", is a generated set of words given out when creating a wallet. The phrase is generated once and it cannot be changed or recovered.
Seed phrase allows you to get 100% access to your wallet and assets, so it is important to keep your 12 words safe and not to share them with third parties.
An attacker obtains the seed phrase and withdraws all crypto assets, gains access to products with a signature (Web3), and it becomes impossible to restrict access for the attacker.
Do not share your 12 words with anyone.
Do not take pictures or screenshots of your seed phrase.
Do not enter your 12 words into third-party forms, websites, apps, or anywhere else.
Keep your phrase on paper or in a personal notebook in the safest place you can find, such as at home with your papers.
A private key is a combination of letters and numbers that allows you to manage your wallet and assets. Only the owner of the address can know the private key, it cannot be changed or deactivated.
A private key is similar to a seed phrase, but has direct relevance to the functioning of blockchain technology.
An attacker who obtains a private key gains access to the assets and control of the wallet forever.
Do not copy or request your private key from the blockchain unnecessarily. If you need it, store the key with caution, especially if it is an electronic device. It is strictly forbidden to transfer, insert, or publish your private key!
A wallet address (a public key) is a combination of numbers and letters for transferring and receiving cryptocurrency.
The address is not something secret, but it is worth remembering that once you know the address, you can find out exactly which assets are stored on it, and how many.
Anyone can see all incoming and outgoing transactions, this is public information. Sometimes it makes sense to secure the address with the owner's anonymity.
More and more often you can see phishing websites (clones of the original ones) that are confusing and can do damage.
A phishing website may attempt to obtain logins, passwords, seed phrases, and other information. On top of that, some websites may steal assets when interacting via Web3.
You should always check the spelling of the domain name — it is sometimes replaced with a similar one. Check for an SSL certificate (the lock icon near the input line).
Do not click on links from strangers.
More and more false crypto exchanges are appearing on the Internet, offering to store assets with them on very favorable terms.
“Single-day” exchanges attract users to their websites to acquire deposits and then shut down.
Before using any crypto exchange, research comments and reviews.
A popular type of phishing is emerging in Telegram — fake bots that use well-known platform and project names. Please note: FORSAGE has no Telegram bots with passive income.
A Telegram bot offers to make a deposit and generate super profits in a matter of hours. Some Telegram bots try to gain access to users' seed phrases or private keys via a survey.
Only use Telegram bots that are referenced in the official resources of the platforms and projects.
Some users find out that they are invited to a Telegram chat about cryptocurrency. Moreover, there are many participants in such a chat (several thousand), and there is also some activity.
Fraudulent Telegram chats are aimed at profiting by stealing data, assets, as well as advertising obviously risky financial products.
In addition, such chats are designed so that a person will ask a question and start a dialogue, during which he or she is likely to be deceived.
Immediately exit unknown Telegram chats. Do not click on links that are distributed in such chats. In Telegram settings, disable the ability to add you to groups.
An intruder using a name and photo of a famous person or a representative of a well-known project can contact you on any social network.
Abusers post in social media and messengers presenting themselves as the owner or administrator of some project.
Using someone else's identity and photo, attackers usually ask you to make a transaction or grant them access to your assets.
Don't trust imposters, no matter who they pretend to be. Do not attempt to engage in dialogue, just ignore their messages.
Do not trust screenshots and photos from scammers, as all of these are easy to fake. It is necessary to keep in mind that offers of easy earnings are scams almost 100% of the time.
Attackers use special software to track active wallet transactions and charge tokens to the wallet, which may even have a dollar value.
The tokens credited to the wallet have a website address in their name. This is designed for a person to visit that website and try to sell those tokens to make money.
But after you start exchanging such tokens, all crypto-assets are deducted from your wallet. In addition, the software can gain access to the wallet and continue to strip all incoming assets.
Don't react to incoming tokens that you weren't expecting. The safest thing to do in such a situation is not to try to transfer or sell them. By simply remaining at your address, these tokens won't do any harm.
Scam websites can contain malicious software. By downloading files or interacting with such a website, there is a risk of getting malware that will control your computer.
Malware most often connects to Windows operating systems and sometimes to Mac computers. Once connected to your computer, the malware substitutes your copied cryptocurrency address for its own.
Without noticing the address spoofing, users can transfer funds to the fraudulent address while not suspecting anything.
Do not visit unknown and suspicious websites. If you find out that a cryptocurrency address is being spoofed when copying and pasting, you should remove any malware on your device, or contact a professional.
There are specific surveys on the Internet and in messengers that are misleading and trying to gain access to your crypto wallet.
A survey or quiz is offered in which questions are gradually asked, some of these questions imply that users will leave their 12 words or private key, for example, under the pretext of receiving a cash prize.
After you disclose 12 words or a private key, your wallet is no longer owned only by you, and the scammers instantly seize all the assets.
Be careful with any kind of surveys and tests on cryptocurrency topics. Never and under no circumstances disclose your personal data, passwords, and wallet accesses.
So, if you know the basic rules of cybersecurity for cryptocurrency transactions and always adhere to them, you have nothing to fear.
Stay vigilant and don't forget to share helpful information with others.