No matter your level of experience with cryptocurrencies, understanding best practices when it comes to security is critical.
Unfortunately, we too often hear stories of people who have unwillingly shared personal information with scammers. These scammers then use this information to steal whatever cryptocurrency they can access.
With crypto markets performing well in recent times, there has been a resurgence in scams. Below is a reminder of best practices regarding online security. Implement them to help ensure you aren’t the next victim.
#1 – The Golden Rule
Never share your private key, password, seed phrase or back-up phrase with anyone, ever! Note, there is one exception to this rule…
Do not enter your private key or seed phrase unless you’re mentally ready and have the express intent to do so. For example, if you’re configuring a new wallet or setting up MetaMask.
If you’ve been approached by someone else to, for example, restore your wallet or share your private key or seed phrase, you are NOT initiating the decision. Whenever this happens, alarm bells should be going off.
These scammers can reach out to you online in a number of ways—be it via an instant message on an app like Facebook or Telegram, or via an email or text message.
#2 – Be Aware of Phishing Scams
Just because you initiated the decision, does not mean you can never lose your cryptocurrency. Phishing scams are a common tool scammers use to steal your cryptocurrency.
Phishing scammers typically make you think you’re on an official website, when really it is a fake site designed to look and feel the same as the legitimate one.
It’s always important to double-check the site you’re on is in fact the real one. You can do this by carefully reading the URL. If there are any additional letters or funny spelling you could be on a fake website!
Tip: Bookmark all official exchanges you use regularly so you avoid clicking on a fake website. Scammers will often pay to get their fake website viewed as a top search result.
#3 – Use Password Managers
Use long, random passwords for each online account that you have. Never use the same password twice. Password management apps will normally come with a password generator which can be used to set strong passwords—that is, a combination of letters, numbers and special characters such as ‘$’, ‘@’ and ‘!’.
Tip: If one of your accounts gets hacked, scammers will use your password and email to attempt to access your other accounts. Using a unique password means you’re less exposed if your account details were to become known by a malicious third party.
#4 – Keep Your Back-Up Phrases Offline
Never store your private keys or seed phrase online, whether by text file or photo. Entering your back-up phrase online means anyone who can access your accounts may steal your seed phrase and, ultimately, your cryptocurrency.
Tip: Keep a journal with your handwritten seed phrase, ensuring it is easy to read. Store this in a safe place that only you know or can access.
#5 – Use Two-Factor Authentication (2FA)
2FA is a security method which can be applied to your online accounts. It is basically an extra step to your log-in process. Passwords and usernames are guessable and certainly aren’t fool-proof. 2FA adds a layer of security to your online accounts.
2FA requires you to use a physical device or app on your phone—usually in the form of a 6-digit number that typically resets every 30 seconds—after entering your password. Using 2FA can significantly reduce your risk of being compromised by a bad actor, as even if someone was to have your password and username they’d need your phone or 2FA device to access the account.
Tip: 2FA can be enabled on most reputable websites that maintain user accounts. Visit https://twofactorauth.org for a list of websites that support 2FA.
Please exercise caution when dealing with either Nugget’s News or Alex’s social media accounts. There are constantly scammers who try to impersonate Nugget’s News and Alex. If you ever get an email or direct message from Alex or Nugget’s News, we strongly encourage you to verify the account that is contacting you.
You can verify our official accounts via our Verify page on the Nugget’s News website. Here, you can see the official URLs, emails and links to Alex and Nugget’s News official accounts. (You can also quickly verify by looking at things such as followers, history or activity.)