Hacking & phishing prevention
Hacking and phishing attacks are among the biggest security threats to your cryptocurrencies, so you must set strong passwords for your wallets and all accounts that deal with cryptocurrencies.
Keep these tips in mind when setting up or using your cryptocurrency accounts:
- Use different passwords for every account you use to limit any damage that can be done by hackers.
- Use a unique email when opening accounts on each exchange and only use that email address for that specific exchange.
- Enable two-factor authentication for your exchange accounts. This adds software to your smartphone which adds extra security to your account. Without two-factor authentication, a hacker only needs your username and password to empty your balance.
- Don’t store your wallets and passwords in the same place or an attacker can gain access to both your passwords and your wallet at the same time.
- Never mention what exchange or wallet you use on social media or online forums. Any information you post online can be turned against you.
- Maintain backups of your cryptocurrency wallets and recovery phrases to ensure your coins aren’t lost for good if something happens to your main device.
- External hard drives, USB sticks, and encrypted backup files can be used to secure your recovery options and programs like VeraCrypt can encrypt these sensitive files.
The different types of cryptocurrency wallets
- Desktop Wallet: This is installed on your desktop computer and gives you access to and control over your wallet. This wallet is only accessible from the computer on which it is installed and offers a high level of security. However, it’s at risk if something happens to your computer. Examples of desktop wallets are Exodus, mSigna, and Copay.
- Mobile Wallet:This is run from an app on your smartphone for the most convenient but most vulnerable option. These wallets need to be backed up securely; if you lose your phone, or it is compromised, you could lose your cryptos with it.
- Online Wallet:This is a web-based wallet, which means that your data is stored on an online server, making it easier to access it from anywhere. However, since your private keys are stored online with this wallet, they are more at risk of hacking and theft. Examples of online wallets are Coinbase and Blockchain.
- Hardware Wallet:Wallets such as the Ledger Nano S and Trezor are built to specifically hold cryptocurrency and keep it secure. You can turn them into hot wallets by connecting them to your computer, then take it offline once you’re done. You don’t need a specialized device for a hardware wallet, even USB sticks will do.
- Paper Wallet:The most basic form of a wallet involves a pen and paper. Simply write out your private key and you will be able to recover your wallet if you ever lose access to it. You can also print out a QR code for both your public and private key, which avoids storing data digitally, providing a high level of security.
Transaction safety
- Wallet Address: Because of the irreversible nature of cryptocurrency transactions, it is very important to ensure that you have entered the correct wallet address. If you send coins to the wrong address, it may not be possible to recover them.
- Special Requirements: When using different cryptocurrencies, it is important to understand how they work before making transactions. Certain cryptocurrencies can have special requirements or safety precautions that should be taken. For example, with IOTA you should always use a new address when you send your cryptos, otherwise, your security is reduced. With Ripple, there can sometimes be two parts to the address: a wallet address and a destination tag. If the proper destination tag is not included, the coins you send can be lost or end up in the wrong account.
- Malware & Viruses: Another risk to watch out for is trojans that have been detected lurking on people’s computers. When the victim copies a cryptocurrency address to send tokens, the trojan will swap the wallet ID that was copied for its own malicious wallet address in payment fields. Therefore, pay careful attention to the cryptocurrency address you are sending your cryptos to.
- Phishing: Phishing attacks, Ponzi schemes, and ransomware are all common types of cyber fraud and theft of cryptocurrencies. There have been reports of cybercriminals sending phishing emails with infected attachments that give the attacker access to the victim’s computer and their wallets. Always be vigilant when dealing with suspicious emails and attachments, especially when you are unsure of their source.
Paying with cryptocurrency
- If you're thinking about paying with cryptocurrency, know that it's different from paying with a credit card or other traditional payment methods.
- Cryptocurrency payments do not come with legal protections. Credit cards and debit cards have legal protections if something goes wrong. For example, if you need to dispute a purchase, your credit card company has a process to help you get your money back. Cryptocurrencies typically do not.
- Cryptocurrency payments typically are not reversible. Once you pay with cryptocurrency, you can usually only get your money back if the person you paid sends it back. Before you buy something with cryptocurrency, know the seller's reputation, where the seller is located, and how to contact someone if there is a problem. Confirm these details by doing some research before you pay.
- Some information about your transactions will likely be public. People talk about cryptocurrency transactions as anonymous. But the truth is not that simple. Some cryptocurrencies record some transaction details on a public ledger called a "blockchain." That's a public list of every cryptocurrency transaction — both the payment and receipt sides. Depending on the cryptocurrency, the information added to the blockchain can include details like the transaction amount and the sender's and recipient's wallet addresses. A wallet address is a long string of numbers and letters linked to your digital wallet. Even though you can use a fake name to register your digital wallet, it's possible to use transaction and wallet information to identify the people involved in a specific transaction. And when you buy something from a seller who collects other information about you, like a shipping address, that information can be used to identify you later on.
How to avoid cryptocurrency scams
One sure sign of a scam is anyone who says you have to pay by cryptocurrency. In fact, anyone who tells you to pay by wire transfer, gift card, or cryptocurrency is a scammer. Of course, if you pay, there's almost no way to get that money back.
Cryptocurrency investment tactics to watch out for:
- Promises that you can earn lots of money in a short time and achieve financial freedom. If they promise you'll make a profit, that's a scam. Even if there's a celebrity endorsem*nt or testimonial. Nobody can guarantee a set return, say, double your money. Much less in a short time.
- Having to pay in cryptocurrency for the right to recruit others into a program. If you do, they say, you'll get recruitment rewards paid in cryptocurrency. The more cryptocurrency you pay, the more money they promise you'll make. But these are all fake promises and false guarantees.
- Unsolicited offers from supposed "investment managers." These scammers say they can help you grow your money if you give them the cryptocurrency you've bought. But once you log in to the "investment account" they opened, you'll find that you can't withdraw your money unless you pay fees.
- Unsolicited job offers to help recruit cryptocurrency investors, sell cryptocurrency, mine cryptocurrency, or help with converting cash to bitcoin.
- A promise free of money. They'll promise it in cash or cryptocurrency, but free money promises are always fake.
- Big claims without details or explanations. Smart business people want to understand how their investment works, and where their money is going. And good investment advisors want to share that information.
Other scams to avoid
- Blackmail emails - Scammers will often send emails that say they have embarrassing or compromising photos, videos, or personal information about you. Then, they threaten to make it public unless you pay them in cryptocurrency. Don't do it. This is blackmail and a criminal extortion attempt. Report it to the FBI immediately.
- Social media scams - If you read a tweet, text, email, or get a message on social media that tells you to send cryptocurrency, it's a scam. That's true even if the message came from someone you know, or was posted by a celebrity you follow. Their social media accounts might have been hacked.
- 'Pig Butchering' Crypto Scam:
- The scammer targets a victim on a dating app like Tinder, initiating a romantic relationship that’s exclusively online.
- Through online chats, a level of trust is established.
- Inevitably, the “lover” encourages their target to invest in cryptocurrency, commonly directing them to a fake website or app that is secretly controlled by the scammer.
- After the victim has agreed to invest some money in the phony platform, the lover disappears (along with the money) - never to be seen again.
- Once the victim starts getting skeptical or tries to withdraw their funds, they are often told that they have to pay tax on the gains before funds can be unlocked.