Phishing, Scams, and Exploits: How to Protect Your Crypto Assets | Webcast
Na-scam ka na ba sa crypto? Paano makaiwas at hindi na mabiktima ulit?
Watch our interview here:
The blockchain industry, being in the internet space, is not prone to digital fraud such as hacking, scams, exploits, and phishing. What is more painful is that it involves money, and it is really hard to accept when we lose our hard-earned investment profit because of unfair activities.
- To give us tips on how to secure our assets, the BitPinas Webcast has invited Icesteam Jimenez of IMPACT, or the Innovative Movement of the Philippine Association of Crypto Traders.ย
Whatโs the Significance? Receiving free tips on how to avoid falling victim to crypto fraud from those who have experienced it themselves should be considered โsulit.โย
Table of Contents
What is Phishing?
- According to Jimenez, phishing is not just in web3, it is because he already experienced it before while playing World of Warcraft, a massively multiplayer online role-playing game (MMORPG) released in 2004 by Blizzard Entertainment.ย
- He shared that the phishing activity he encountered was when he received an email that his account was compromised and he gave his account and password.
โWhat is phishing is that kung mayroong magti-trick sayo into revealing something and then compromise your assets.โ
[โPhishing is that if someone tries to trick you so you can reveal something so that they can compromise your assets.โ]
- In crypto wallets, phishing occurs when bad actors trick the trader into supplying them with the traderโs seed phrase or private key, as explained by BitPinas EIC Michael Mislos.ย
- Common phishing techniques include fake websites, sending emails, fake links, or PDFs, and social engineering.ย
- โNung nauso yung airdrop, dumami talaga yung phishing kasi nagpo-post sila ng claim link. Minsan tuldok lang yung difference or may isang letter lang naiiba,โ Jimenez added.ย
What are the common crypto scams?
โSiguro iyong magpapa-trade ka sa kanila para kumita. Thatโs one na medyo uso na ipapa-trade mo sa akin, tas makakakuha ka ng fixed return. โ
[โThose who will promote that they can trade on your behalf with a promised interest. That scam is so commonโyou will let me trade your finds, I will promise you a fixed return.โ]
- What he is saying is that there are schemes online where they will convince investors that they will be the ones to trade on behalf of the investor. And in return, the investor will receive interest.ย
- However, they will run with the investment money, and none of the promises will happen.ย
What are the red flags to detect fraud?
On phishing:
โMahirap ma-detect kung may phishing. One thing I think na dapat gawin is to do due diligence. โWag mo agad i-click yung mga link, pasok ka muna sa community nila.โ
[โIt is hard to observe if there is a phishing fraud. For me, one of the ways that can be done to prevent this is to do due diligence. Do not click the received links, go to their community first to verify.โ]
On crypto scams:
โKung may kakausap sa inyo, kapag ayaw magpakita ng mukha, red flag na โyun. For prevention (na ma-scam), pilitin niyong video call at magpakita ng mukha.โ
[โIf someoneโs talking to you, and they do not want to show their faces, thatโs a red flag. To prevent falling from scam, try to talk to them through a video call and let them show their face.โ]
What is the liability of hacking accidents?
- During the webcast, one of the viewers asked if the moderators and administrators of a community channel are liable once the channel has been hacked or compromised and a phishing link was clicked by its members.ย
- โTechnically wala, kasi wala naman kayong pinag-usapan through kontrata. It really boils down talaga sa individual safety.
Experiences on exploits
- According to Jimenez, he had a friend who was using a Trezor hardware wallet and became a victim of a hacking incident because of a hacker exploited a smart account.ย
- He then advised that it is good to use Rabby Wallet, because it allows users to revoke โprevious transactions that a hacker could use to exploit an account.ย
Practices to avoid scams, phishing, and exploits
General security measures:
โIn joining airdrops, create a separate wallet or email and do not join through the main wallet where the majority of the assets are located.โ
In 2FA:
โUse a different device where the two-factor authenticator app can be accessed, not on the main gadget that is used for trading and airdrop farming.โ
In storing private keys:
โKapag bumili ka ng hardware wallet, may binibigay sila usually na maliit na papel kung saan pwedeng isulat yung seed phrase, gamitin niyo yun.โ
[โIf you buy a hardware wallet, they usually give a small paper where you can write your seed phrase. Use that paper.โ]
What anti-virus should be used?
โWala naman akong mai-recomment. Ngayon ang gamit ko ay Bitdefender and ngayon ang gamit ko ay Avast. It is up to you kung saan ka comfortable na gamitin. There is no restriction, basta mayroon kang at least isa.โ
[โI cannot recommend specific brands. But for now, I am using Bitdefender and Avast. It is up to you on what brand you are comfortable to use. There is no restriction. Whatโs important is you have one.โ]
On using hot wallet over a hardware wallet
โAng maganda siguro ay gumawa ka ng maraming wallet, may pang-airdrop, may main wallet. Tapos kapag na-collect mo na yung airdrop rewards mo, ilipat mo na lang sa main wallet โyung assets.โ
[โIt is a good idea to create multiple walletsโone for airdrop, while the other as main wallet. If you already have collected your airdrop rewards, then you can transfer those rewards to the main wallet.โ]
But he advised that traders should still invest in hardware wallets.
This article is published on BitPinas: Phishing, Scams, and Exploits: How to Protect Your Crypto Assets | Webcast
What else is happening in Crypto Philippines and beyond?