knowledge base security avoid phishing and scams

How to Avoid Phishing and Scams?

Here is a list of tips and tricks to avoid common phishing/scam techniques:

  1. Secure your access method: This is the number one defense against phishing.
  2. Install EAL, PhishFort, or Cryptonite or other trusted Chrome Extensions that warn you when visiting malicious sites.
  3. Never click on a link sent to you, even if it looks like it was sent by a legitimate crypto company: Try searching for the service on Google and find the information there. Make sure you are not looking at an ad.
  4. Do not give your private key, mnemonic phrase, or keystore file to anyone! You will never have to enter your private key for any service, airdrop, or KYC verification.
  5. Turn on 2FA for everything. Go do it. Right now. Quit your excuses. Choose Google Authenticator over Authy. Don't use your phone number. Then, make sure your phone number is NOT tied to your Google account (look in privacy settings). Turns out, you and your BFF Mr. Hacker can "recover" access to your account via that number, completely destroying the point of 2FA.
  6. Phishers are very clever with their tiny dots and accents over and under the letters. Check the URL very closely, to make sure it’s the one you are expecting. Bookmark all the sites you frequent most.
  7. Always Google search any token sale or ICO in which you are interested. If it’s a scam, others in the community will likely be posting about it on Twitter, Reddit, etc.
  8. There are many fake bots and accounts out there, so search smart and look for common signs of scams – lack of followers in common, angry comments, etc.
  9. Double and triple-check everything: Make sure every address is 100% correct, as even one wrong character will lead to a completely different wallet. Transactions cannot be reversed or refunded, so this is very important!
  10. Don't run remote-access software (e.g., TeamViewer). Don't ever ... but especially not on a computer with keys on them. The number of security holes in these programs is atrocious. It would be a shame if you enabled 2FA on everything in your life but then let a single string of characters give someone access to your entire computer and every account.
  11. Install a good adblocker. or use Brave Browser: Install an adblocker that actually turns off Google and Bing ads. We recommend using Brave browser over Chrome. It has same functionalities as Chrome and support every extension.
  12. Don't use brain wallets: Brain wallets are wallets where the key is derived from a word or phrase you choose. Human brains don't have the ability to create high-entropy seeds. Using a phrase that you make up, even if it seems "rare" or "random" is not as secure as using Zillet's randomness, and these phrases can be brute-forced by the millions.
  13. No one is giving you free or discounted Zilliqa(ZIL).: Even for completing a survey. ;)
  14. Don't trust Slack DMs. The guys who just finished their token sale don't want to sell you tokens via Slack DM.
  15. Lastly: Use your brain. Think for a moment. Don't assume—ask. Don't blindly follow—question. If something doesn't seem right, if you feel like the luckiest person on Earth, or if you find yourself pondering, "I wonder why I haven't seen this on Reddit yet," there is likely a reason.

Edit this page on GitHub