SAFETY APPLES - Web3 Scam Prevention
SAFETY APPLES
Web3 means that we strive for decentralisation which means that we need to learn to protect ourselves independently.
These SafetyApples came about after seeing people losing their assets to scam time and time again and it absolutely breaks my heart.
That's why I am trying to bring some web3 safety awareness and if it helps even one person, it is absolutely worth it. Each apple is a prompt to remind you how you could strengthen your own security.
Scroll down to read more information on each individual SafetyApples explainer.
Minting now on Manifold: https://app.manifold.xyz/c/OGSafetyApples
1. SECRET RECOVERY PHRASE
Never give out your (12 or 24-word) secret recovery phrase also known as 'seed phrase'. Don’t make a digital copy (e.g. email, photo) because your device can be hacked.
2. DON’T CLOUD SAVE PASSWORD
Turn off the password back-up function on cloud storage as it can be hacked and compromise your email, social media accounts, and even your hot wallet if the secret recovery phrase has been backed up on it as well.
3. SCAM DMs
Beware of all sorts of scams in you DM (Direct Message) ranging from private trades, bad files, links, mints, impersonating admins/ founders etc. Ask in the public chat if you aren’t sure of anything.
4. IMPERSONATORS
Staff shouldn’t DM you. Discord name (e.g. apple#1234) can be faked! But not the long numerical ID (e.g. 123456789123456789). Turn on your dev mode, and copy and paste the ID from their profile and you will get said string of numbers.
5. FAKE JOB, FAKE OFFER
Someone could send you malicious files and links in the guise of a job offer, or an offer to buy your NFT. Private trades are risky. Please be aware.
6. PHISHING EMAILS
If you get a notification email from Opensea for a bid or a sale, make sure it is the legitimate email. Tip: Go directly to the website and paste your wallet and see these ‘changes’, rather than click the link in the email. Always pays to be cautious.
Take your time, check everything multiple times. Correct spelling, correct link address, correct currency. And breathe!
8. NO GREED
“Mint Series now! Price lowered for only 24 hours.” 
(Sounds suspicious!) Check with yourself, is it too good to be true? Check with multiple sources. Ask publicly on Discord/ Twitter.
9. HARDWARE WALLET
A hardware wallet, or cold wallet like Ledger/ Trezor keeps your private keys offline (hence the moniker 'cold storage'), as opposed to a hot wallet. However it won’t protect you if you gave permission and signed a malicious transaction. If that happened, move your assets to a completely new wallet with a brand new secret recovery phrase immediately.
10. HARDWARE WALLET FROM MAKER ONLY
Only purchase your hardware wallet directly from the manufacturer like Ledger/ Trezor. Don’t get it from Amazon as the secret recovery phrase could be compromised.
11. DON’T SCREEN SHARE
Don’t screen share with anyone. You could get your passwords/ QR code seen by scammers and get your wallet drained. Don’t share your seed phrase even if someone is offering ‘help’.
12. AIRDROPPED SCAM NFT
Beware of airdropped NFTs where you don’t know where they came from. Never ever interact with them. Don’t sell nor transfer them. You can report them on Opensea without logging in.
13. STRANGE BIDS
You might see a high bids $ETH offer on an airdropped NFT and you might think it’s harmless to accept. But it is totally HARMFUL! The transaction will likely fail and make you sign another transaction which will be malicious and clean out your wallet.
14. NO STEALTH MINT
Any project that asks you to do a surprise mint out of the blue on Discord, Twitter, Instagram requires extra caution. There could be possible hacks by scammers, and time constraint is a tactic. Always do your due diligence.
15. BURNER WALLET
Use a burner wallet, empty of valuable assets to mint. That way if that wallet is compromised your other assets are safe. Gentle reminder that cold storage/ hardware wallet is highly recommended.
16. DON’T RUSH
Don’t be rushed. Don’t FOMO. Are you listing 0.3 eth or 0.03 eth? Is someone offering in $ETH or in another currency? Take your time to do your transactions without any distraction calmly to avoid mishaps.
17. TOXIC FILES
We all use Doc, Excel, PDF files etc. so this may seem overly paranoid, but remind yourself where the file came from? A Legit sender/email? Check out the file properties without opening it. Is it really a PDF, or one that pretends to be a PDF like .exe?
18. CHECK LINKS AND SOURCES
If there is some sort of mint or prize link, check with multiple sources. Don’t rely on just a singular source. Ask around on Twitter, Discord, Instagram etc. in case of a hack. Also check link’s spelling. Every time.
19. REVOKE PERMISSION
Regularly check your wallet’s active allowance on the blockchain. Revoke permission if you see something suspicious. You would need to connect your wallet and pay gas to revoke permission so correct link address only, please.
20. DEVICE VIRUS
Maybe you have clicked something that has infected your device with a virus that would allow hackers to obtain your passwords. That is why a hardware wallet is recommended where its password and private keys are saved offline and off the computer.
21. 2FA
Turn on two-factor authentication (2FA) to strengthen access security from bad actors.
22. TOO GOOD TO BE TRUE
Is the prize, mint or gift too good to be true? Is that bid on your NFT abnormally high? If unsure ask around and definitely get affirmation from more than one sources.
23. NO PUBLIC WI-FI
Public Wi-Fi is often open, unencrypted and unsecure therefore vulnerable. Use with caution and do your transactions with a private connection.
24. DISCONNECT FROM WEBSITES
Make a good habit of disconnecting your wallet from websites. You never know what kind of bugs there could be. Even trusted websites could be compromised.
Comments
Post a Comment