Remember the infamous Nigerian prince pervading your emails with claims of vast untouched fortunes that just require your credit card to claim? Well, this old dog has a few new tricks up his sleeve in the Web3 and NFT space.
Although an exciting space, many are hesitant to get involved in NFTs due to fears of being scammed and potentially losing their assets - and for good reason.
In a recent statement from Opensea, over 80% of all NFT projects launched via their platform were flagged as a scam or fraudulent. Let that sink in. It's happens more often than one would think. Even Hollywood comedian and producer Seth Green recently fell victim to a phishing scam.
But fear not! If this space is something you are curious about exploring, we are here to educate you on how to navigate it safely. This article outlines the 8 key fundamentals to know and deploy whilst venturing into this new frontier, with clear examples to help you stay safe and outsmart scammers. Let's dive in.
The 8 Key Safety Fundamentals
The following 8 fundamental principles will keep your personal security and assets safe whilst exploring the NFT and Web3 space.
1. Never give out your wallet seed phrase.
The series of 12 randomised words given to you when you open a hot wallet such as MetaMask or Phantom is your seed phrase. It acts as a backup password for your wallet, in case you forget your password and can no longer access it.
We need to make this abundantly clear: Never give your seed phrase to anyone. No one reputable will ever ask you for your seed phrase.
If someone is asking you for it, immediately block and report them on whatever platform you happen to be on. This is especially common on Twitter and Discord.
You are the only one who should have access to your 12 word seed phrase. We do not recommend keeping a digital copy of this, whether it be in notes or as a photograph.
We always recommend having a hard copy of this written down on a piece of paper and kept in a safe place. Many inexperienced NFT investors have been caught out and had their wallets cleared out because they have trusted someone who has impersonated an account (see point 3).
2. Never give out personal information
Any personal information should remain confidential when interacting in any digital space. This is especially relevant when financial assets are involved, especially within Web3 and NFT circles.
Legal name, bank account details, places of residence, employment etc. should remain confidential. Even when using secure direct messaging platforms, do not give out personal information to anyone.
3. Founders, projects or celebrities will never contact you directly.
There are many advanced scams that present themselves as project founders, influencers, developers, managers and representatives. You will likely see many high traffic social media profiles with “WILL NOT DM YOU” in their bio or proceeding their name.
This is to protect their community from impersonators attempting to scam them. As a means of protecting yourself we recommend filtering all messages on all platforms to receive only from friends, or similar.
Important: You should maintain the mantra that any major profile that reaches out to you via direct message is likely an imposter.
This also goes for comments sections where bot impersonators will automatically respond to your post with messages like “Send me a DM.” “Message my Whatsapp now, ” or “Claim your free airdrop now!”
Protip: Do not trust anyone who says they will “hold” or “trade” your assets.
These are all various scams attempting to get in contact with you to steal your cryptocurrency and NFTs.
4. Disconnect your hot wallet from all connected websites after use.
This is good practice when exploring Web3 as it ensures you do not put yourself at risk of hacks. This is a simple process and best done at the end of every session where you have used your hot wallet.
Visual 1. How to your MetaMask wallet from a website after use.
5. Update your browser regularly.
Web browsers such as Chrome and Brave are proactive in keeping their Web3 users safe through regular updates. It is important to regularly check you are using the latest update within your browser to ensure you are not subject to potentially hacks and phishing scams.
6. Do not connect your wallet to shady websites. Verify website address via other media before connecting.
A good rule of thumb is to always check the project links on Twitter, Discord and Google BEFORE connecting your wallet to ANY website. Even if you find yourself excited or with limited time to get into a project, always make sure to double check your sources. Never rush, and always double check where the link to the website came from and that it is authentic.
Best rule of thumb: If unsure, do not connect your wallet.
Projects will provide their official website links within their biography on Twitter as well as feature an official links section within their Discord server and community platform. Always cross check these websites before connecting.
This is one of the most important recommendations as there are very sophisticated scams that impersonate popular project websites, deceiving those without a keen eye. Triple check you’re on the correct website and not on a lookalike. If unsure, refer to ‘Best rule of thumb’ above.
Secondly, if you come across an unfamiliar website requesting your wallet to be connected for anything ‘free’ or for a ‘limited time,’ proceed with extreme caution. Ensure that you verify its authenticity via multiple other sources prior to connecting.
Remember, your wallet security is your responsibility, it is best to be over precautious in this space than reckless.
7. Never scan unknown QR codes with your wallet reader
Hot wallets have the ability to connect to your phone camera to read QR codes. This is an innovative function that can quickly connect you to NFT websites, function as entry tickets, check-ins and more. Although innovative and useful, be sure to always verify the QR code you are scanning as these too can be replaced by scammers.
This can be in the context of an event, or social event, where QR codes are provided as a means of connecting to project websites, free drops and more. For the would-be scammer, disingenuous QR codes could be placed around the event, that when scanned and connected, can drain your wallet or connect you to a scam website.
We recommend that you always verify the codes you are scanning. Go directly to the event coordinator or representative to be safe. If unsure, do not scan.
Visual 2. QR code scanner on your MetaMask wallet.
8. Never select a suspicious link (Phishing scams).
This ties in with direct messages from impersonators and advanced scammers.
A phishing scam is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.
This will come from a project impersonator, or other, directing you to select a link.
Never select a link from your direct messages unless you have verified, know and trust the sender.
Phishing scams from cryptocurrency and NFT projects often induce FOMO and panic on behalf of the recipient to trick them into quickly selecting the link. Never click on a link that has been send via DM or looks suspicious.
Examples can include but are not limited to;
- “Exclusive whitelist opportunities at this link, Hurry!”
- “Click this link to chat directly with…..”
- “Limited availability at this link, today only!”
Visual 3. Phishing text example.
An example of a phishing scam via an email looks like the below.
Note the unknown number and direction to select an obscure website link. These will pop up in your direct messages across Discord, Twitter, Instagram and mobile phone.
See another example below of a poorly executed phishing message on Twitter.
Visual 4. Phishing DM example.
You are now fully armed with the fundamental tools to be your own online scam detective. It’s now your responsibility to protect yourself and others throughout your Web3 journey.
Remember, knowledge is power only so far as it is used and implemented. It is essential to have these fundamentals under your belt and to refer back to them if and when you find yourself in a dodgy situation.
Be sure to follow AUS.NFT for more exciting news and tools to empower you throughout your journey into Web3, cryptocurrency and NFT’s. It’s an incredibly innovative and exciting space where creativity is rapidly growing, and you will have the tools to maximise its potential in your life.