As the online space continues to expand into blockchain, crypto, and all things web3 – so does the threat of scammers, hackers, and bad actors. Today’s episode speaks to that reality and ways we can protect ourselves online and safely participate in the web3 space.
Here are some our big takeaways from today’s episode:
Web3 will teach you extreme personal responsibility.
We are currently living in the “wild west of web3”. There’s no regulatory body to offer safety for end users and accountability for the bad actors. Participants in the web3 space take full responsibility to protect themselves when transacting on the blockchain. If you get hacked, scammed out of money, or accidentally send money to the wrong address— it’s your loss and there’s not much that can be done to recover.
Please understand we’re not trying to scare you from participating in web3…but rather want to make you aware of the reality. Security is solely dependent on you to develop best practices to keep your digital assets safe. While it can be perceived as inconvenient managing your own risk, we see this as a GOOD thing. Taking responsibility for your online safety will not only help protect you in web3 but anywhere you have a presence online as many of the recommended practices are relevant in all aspects of the web.
The greatest threat to your online safety is...
YOUR behavior.
You can’t stop bad actors from trying to scam you, but you can control how you interact with them.
Most scammers utilize this concept called “social engineering”, which is a fancy term that basically means manipulating someone’s behavior so they take an action that results in a cyberattack.
Here’s a good breakdown on the process of social engineering from the cybersecurity company, Norton.
So how does this apply to the web3 space?
In short, the application of social engineering is the same in web3 as with any other area of the online space.
However, there are a few key points to cover in regards to how this can show up. Let’s dive in!
1. Send me your seed phrase, and I’ll fix the issue.
Never…ever ever ever ever…give your seed phrase to anyone. If someone asks for your seed phrase (or private key), they are 100% trying to hack you.
Your seed phrase is a string of words (typically 12–24 words) that serve as the password that grants full access to your crypto wallet. If someone has your seed phrase, they can do what they please with your crypto and NFTs held inside that wallet.
It’s important that you never store your seed phrase on electronic devices, and keep it written down in a secure place (like a fireproof safe).
2. This Bored Ape is selling for 0.1 ETH, buy now before it’s gone!
For those that don’t know, a Bored Ape Yacht Club NFT is very expensive. At the time of this article, the floor price was 83 ETH.
Scammers will use “urgency” as a form of social engineering to push you into a state of heightened emotion that forces you to move quickly without rational thought. A common practice we see among scammers is recreating an exact replica of a project’s website and social profiles, and using that to promote their scam, making it appear legitimate. The solution to avoiding this type of scam is by simply making the effort to double check the official project site and verify the contract address.
As a reminder…if it’s too good to be true, it’s probably a scam.
3. Check out this [insert opportunity], click here to join.
Scammers love to send random private messages to people trying to bait them into clicking scam links that are dressed up as “opportunities”.
The quick n’ fast rule is to never respond to random DMs, unless you actually know the person and can verify a match with their username. And even in those cases, proceed with caution.
Lastly, don’t click random links from suspicious sources. Break this habit immediately as it’s only a matter of time that you click a malicious link that downloads malware to your computer.
4. Hi, I’m with the support team. How can I help you?
The same social engineering as above applies here, except in this case scammers will replicate the identity of a project’s team member social profile on Twitter, Telegram, or Discord. They will private message you with what seems to be an attempt to offer “support”.
Don’t fall for their trap.
In fact, a competent project owner will have as part of their community management policy to never DM a community member FIRST to avoid any confusion between real and fake team members.
TIP: Don’t show up helpless in a community. Scammers prey on vulnerability. Take the extra step of researching the answer yourself first, and if you still have a question then proceed with articulating your question in a way that shows you’ve done a little bit of work beforehand. This will lower the probability of becoming a target.
Learn more about Web3 Safety and Security
If you would like to deep dive into developing an effective web3 safety and security protocol — then we suggest either checking out The Guardian Academy safety and security protocol.
Listen wherever you get your podcasts.
Connect with Us
DISCLAIMER: These episodes are for educational purposes only. Nothing in this episode should be construed as financial advice or a recommendation to buy or sell any sort of security or investment. Consult with a professional financial advisor before making any financial decisions. Some of the links posted inside the show notes may be affiliate links, which means we receive a small commission if you click through and make a purchase. This has no impact on your experience with the product or business.
