Hi, folks. Sherpa here for another installment of “Keeping an Eye on Your Fundamental Health”. Last week, we looked at a few ways to spot red flags when buying NFT projects.
This week, I’d like to go into a few different types of scams/attacks. Because, how can you know how to protect yourself, if you don’t know what you’re protecting against?
Let’s try to break this down to a few specific areas where attacks & scams can occur:
Mobile
Mobile is one of the most insecure methods of accessing your crypto, if you hold any real balance. In general, it’s good to break your portfolio up between different sites & wallets, and not all connected to the same emails/phone number - because the odds of getting attacked are unbelievably high.
You have your sim-swapping, even to the point where insiders could be working for your provider, and facilitating swaps. This has happened. But also, it could just be negligence on the part of your provider. Any way you slice it, tying verification to SMS is asking for trouble.
But let’s assume that you’re following best practices & still want to trade on mobile - well, you also have to worry about links sent via text. I know of at least one trader who lost everything after clicking a link that claimed to be an update on his delivery status. He was expecting a delivery, and didn’t think anything of it.
Another person was trying to sign up for a dating site that supposedly let you pay using crypto. They phished him for his email, and emptied his Coinbase wallets - they also attempted to buy more, but his bank blocked them.
Still another person downloaded an app that they thought was reputable; it wasn’t.
Long story short, take the utmost care when accessing ANYTHING crypto-related from your phone, and NEVER use sms verification.
Social Media (Both computer & mobile)
Social media apps get their own category, because this is actually where the majority of scams occur. Telegram, Slack, and Discord have been hotbeds from scams & takeover attacks. Always watch out for anyone claiming to be support, a “famous” trader, or anyone “trusted”.
Anyone worth following has dozens of impersonators across every platform under the sun. They’ll try to sell you paid courses, or they’ll deliver hot tips - maybe they’re claiming to be support staff & require a ‘confirmation’ from your wallet by sending so much crypto to them. Whatever the case is, always be hesitant to send anyone anything, or give out any personally identifiable information.
Beyond those scams, and the classic, “click here for a giveaway!” hacks, “send 1 ETH I send 2 back!” scams, and others - people can get pretty clever. I saw one guy drop an ETH private key in a telegram channel. “Oops”, rookie mistake.
If you checked the address it belonged to, it looked like it had hundreds of dollars worth of some random token, but no ETH to send it out. So if you put the private key into MyEtherWallet, you could use this wallet. You send some ETH for gas to remove the tokens, and...what? The ETH is automatically sent to another address.
If you DO happen to catch it quickly enough to try to transfer the tokens, you’ll find out that they’re locked in a contract & can’t be moved. What they’ve done is set up a honeypot to catch some free ETH from anyone who might take advantage of the “rookie mistake” in telegram.
Don’t trust “easy money” in crypto. It doesn’t exist. The only “easy money” is being earned by scammers & hackers on the backs of people who thought they were invincible, or too smart to get tricked. Nobody is too smart. The same FOMO that brings you here can let you get carried away when things are going well. You drop your guard, or store some passwords in Evernote because it’s “convenient” - and you get wrecked.
Computer
On PC, you have a lot of different things to worry about. Not only the social media attacks detailed above, but also viruses, malware, keyloggers, etc. Use Teamviewer for work? That can also get infected. And that wallet you’re trying out for a new shitcoin may be chock full of viruses.
Aside from having some good antivirus software, I highly recommend putting any new wallet, mining software, etc. through Virus Total before opening it. This is one of the simplest ways an average user can protect themselves before opening something that could potentially infect them.
The name of the game is “prevention”. Endure a few annoying moments to cover your ass in crypto, and keep yourself from losing a fortune down the line.
Stay safe out there, folks, and if you don’t have an eye on your money, rest assured - someone does.I’ll be back next week with some more tips for protecting your digital assets.
If you found this helpful, feel free to follow me on Twitter at @shitcoinsherpa or toss a few shekels in the tip jar.
BTC: bc1qahxrp47hpguhx8y8r382dekgca34tlv54aufht
Doge: DJRy9gGSUGeyXfVcZXzKLkBv7RmDLv3MhJ
Disclaimer: Please be advised that I own a diverse portfolio of cryptocurrency assets, and anything written or discussed in connection to cryptocurrencies – regardless of the subject matter’s content– may represent a potential conflict of interest. I wish to remain transparent and impartial to the cryptocurrency community at all times, and therefore, the content of my media are intended FOR GENERAL INFORMATION PURPOSES ONLY. Nothing that I write or discuss should be construed, or relied upon, as investment, financial, legal, regulatory, accounting, tax or similar advice. Nothing should be interpreted as a solicitation to invest in any cryptocurrency, and nothing herein should be construed as a recommendation to engage in any investment strategy or transaction. Please be advised that it is in your own best interests to consult with investment, legal, tax or similar professionals regarding any specific situations and any prospective transaction decisions.