How can you protect yourself from hackers?
How can you protect yourself from hackers?
- Buy a separate laptop or computer for doing your trades and moving coins. You can throw together a rig that’s more than capable of handling everything for about 100$.
- Install Anti-virus software to computer you are making trades or handle cryptos. Avira Free is good enough if you are cheap.
- Bookmark your crypto sites. Use those bookmarks and only those.
- Get yourself a Ledger Nano S or Trezor Hardware wallet. They’re cheap and a variety of wallets support them. There is really, really no excuse. If you don’t want one of these nifty devices, use cold storage for a majority of your savings.
- Turn on 2FA for everything. Go do it. Right now. Quit your excuses. Choose Google Authenticator over Authy. Don’t use your phone number. Then, make sure your phone number is NOT tied to your Google account (look in privacy settings). Turns out, you and your BFF Mr. Hacker can “recover” access to your account via that number, completely destroying the point of 2FA. PS: Don’t forget to cold-storage your backup words for these 2FA things. It’s a huge pain when your phone goes for a swim and your entire life is 2FA’d.
- Don’t keep your precious coins in exchange for too long. If you want to day-trade, keep only small portion of coins in exchange.
- Do not use cloud storage (Dropbox, Drive, iCloud) for storing your keys: Now your keys would only be protected by your cloud storage password. Write private key to paper and store in safe place.
- Dont use any public Wi-fi. Never.
- For Token Sales: do not trust any address except the one posted on the official site. Bookmark the URL before the sale, get the address from the URL from your bookmark at time of purchase. Do not trust any other source (especially a random bot on Slack).
- Double check the URL. Check it. Then, check it again right before entering any information. This is especially important for any sites that require usernames, passwords, email addresses, private keys, and any other personal information. SSL-certs do not mean a site is trustworthy, just that they bought an SSL-cert. Not sure about the correct URL? Cross reference Reddit, Twitter, Github, Slack and wherever else the project hangs out.
- Triple check Github URLs. These are much easier to fake and much easier to miss. Instead of downloading from that random URL on reddit, seek out the URL on your own.
- Always verify that the site you landed on is legit. Especially if you are about to entire your private key or download an application. What is legit? A service that people have used for a decent period of time with good results. If the URL has been registered in the last week or the site “just launched”, err on the side of caution and avoid it for a while.
- Google the service name + “scam” or “reviews”. Scam sites rarely last long. Value real comments by real people over a random blog. Value a collection of information over a single source. Understand that legit services will likely have a mix of positive and negative reviews over a long period of time. Scam sites typically have no one talking about them, everyone yelling about how they got robbed, or the most perfect reviews ever. The latter one is just as red of a flag as the first one.
- Don’t ever run remote-access software (e.g. TeamViewer) ever…but especially not on a computer with keys on them. The number of security holes in these programs is atrocious. You 2FA your entire life, but then let a single string of characters give someone access to your entire computer & every account.
- Don’t click any link regarding anything crypto, money, banking, or a service like Dropbox / Google Drive / Gmail in any email ever. And if the scammy clickbait was simply too irresistible for you, don’t enter any information on the page.
- Install an adblocker that actually turns off Google/Bing Ads. I recommend going with uBlock Orgin. If you are already using Adblock Plus, it does not hide Google Ads from you. Go into your Adblock Plus settings and uncheck the box that says “Allow some non-intrusive advertising”.
- Don’t click on advertisements. With or without an adblocker, you should never, ever click on advertisements.
- If you have accidentally visited or typed a malicious site, clean out your recent history and autocomplete. This will prevent you from typing kra… and having it autocomplete to the malicious krakken.com.
- No one is giving you free or discounted coins. Even for completing a survey.
- The guys who just finish their token sale don’t want to sell you tokens via Slack DM. Neither does that smokin’ hot 125px x 125px avatar.
- Use portfolio apps to check your balance. Access your wallet only when you have to transfer coins!
Lastly: use your brain. Think for a moment. Don’t assume, ask. Don’t blindly follow, question. If something doesn’t seem right…if you feel like the luckiest fucker on Earth…or if you find yourself asking, “I wonder why I haven’t seen this on reddit yet”, there is likely a reason.
While the above post is all about the steps you should take to protect yourself, there is another one that is even more important:
- Look out for one another
- Scammers thrive because they have victims — because they know they can throw a stupid website out there and people will click it. Stop thinking, “Well, they shouldn’t have clicked it” and start doing what you can to prevent people from making a mistake that will cost them their hard-earned coins.
- If you notice something looks like MEW, say “Hey, that looks like a clone of MEW! I wonder if they’ve seen it?”
- If you think that Github URL looks weird but you don’t have the time to check, throw a “hey u sure thats rite url?” up there.
- If that post or comment is an unheard of wallet, leave a comment and report it with a “??????????” in the report reason.
- If the Token Sale you are participating it doesn’t tell you explicitly when & where their address will be posted, ask them, in public, over and over again. If its not at least 24 hours before the Token Sale, question that choice, in public, over and over again.
- There needs to be more due diligence everywhere, but this is easier diligence than most. It requires no advance knowledge or skills. You don’t even have to be able to write good. Stay aware, trust your gut, ask more questions, trust the internet less, and google the fuck out of everything.