Hello dear Astar Network and Polkadot users! This week we bring you some security recommendations.
Scams in the crypto ecosystem are often more common than it seems, it is imperative to be aware of the most used modalities by scammers to get hold of users' assets. In this article we will enlighten the community on how to keep their funds safe, but first let's take a look at the most common scams:
1. Impersonation
Someone may impersonate a Core Team member, or Astar Ambassador and contact you via email, phone or social media and ask for your recovery phrase, private key or login information. It is important for you to know that we will never ask you for this kind of information and we will never contact you first.
2. Phishing
This type of scam is executed through an email where you are asked to visit a website and reset your password or provide your private key. These sites are usually identical to the one they spoof, and may have a URL similar to:
https://portal.astar.network/astar/assets
These scams commonly result in a malicious third party registering your login details and stealing your funds.
3. False investment proposals or blackmail
In this mode they may ask you to "pay a fee" or "pay a tax" to release a larger amount of funds for you. Scammers often pose as Core Team members, project founders, ambassadors, Astar or Polkadot foundation members, who do not usually operate in this way.
One variant involves someone claiming to have your personal information, such as access to your spending records, browsing history or webcam. They may then demand a ransom in cryptocurrencies. You should not trust these types of emails, as your contact information came about as a result of a data breach.
Some things to keep in mind
Never share your seed phrases, private keys or passwords. If possible copy the seed phrases in a paper wallet (make 3 copies minimum) and do not leave them on your PC (on- line).
Never click on unknown links (which can be sent by email, X or Telegram), because by clicking on links of dubious origin you may be opening the door to malware that can steal all the data from your computer or smartphone, including your seed phrases or private keys.
When you want to enter any dApp or Web in which you must connect your wallet, make sure it is the correct web address, for this you can visit the official social networks of the project and make sure that the address is completely correct, also make sure that the information comes from the official X or other official network, as scammers also create fake X or Telegram accounts.
Keep assets preferably in cold wallets, Astar and Polkadot have an App for Ledger.
Never share sensitive information (such as seed phrases or private keys) in Forms. Projects like Astar will never ask for sensitive information through their Forms which are commonly used for community events.
When you are going to make a transaction through any decentralized wallet (Metamask), make sure again and again that the address you want to send to is the correct one, never trust the first and last numbers, even if they match, as scammers have evolved their ways of scamming and can alter the numbers or letters of the address you intend to send to, it is always advisable to check the shipping address completely before making any transaction.
These are some of the most common scams and things to keep in mind when exchanging any of your assets, there is still a long way to go in terms of security, but great advances have been made.
Always remember that security starts at home, always stay alert!
Astar Weekly News Team!