What is social engineering?
Generally, social engineering (or phishing) is an event in which a hacker who is pretending to be a trustworthy individual or business tricks someone into opening an email, text message, attachment, or link that contains malware.
In the crypto space, users continue to lose millions of dollars each year to such attacks, including $24 million that was siphoned off in the first six months of this year alone.
How to Be Ready for Any Sort of Phishing (Social-Engineering) Attack
Generally, there are four rules to follow to help you armor yourself against all sorts of social-engineering(phishing scams):
- Never give away your username or other credentials. We, at NBX, will never ask for that, and neither would any other sort of serious vendor or service provider across all sorts of contexts.
- Your password is yours and yours alone. Keep it a secret from everyone, with no exceptions. That means that literally no one should have access to it because anyone else with knowledge of your password is a potential leak for a social engineering scammer to exploit. As previously stated, the same goes for the private key to your cryptocurrency wallet!
- Consider two-factor authentication (2FA) as your extra layer of defense. Anytime you are given the chance to use 2FA, do so. At NBX, we require 2FA for all user accounts and it’s as easy to set-up as a few clicks.
- Bookmark https://nbx.com. In the case of a spoofed website, you can usually tell the difference between it and the original by looking at its URL and comparing it to, for example, that which the real firm has posted on their blog. Trezor and many other crypto firms do an excellent job of making sure that their users always have access to accurate links to their sites through such means. To prevent a spoofing attack, you should also keep in mind that if the little lock symbol with the https certificate information is missing from a website, you should treat that as a serious red flag. This is because that certificate clarifies that all of the data which is sent to the site in question is being kept as private as possible. In our case, bookmark https://nbx.com and always look for the lock symbol next to the URL, then you’ll always be in the right place. Even so, none of this is effective alone without a critical eye. Sometimes the difference between a spoofed website and a real one is as small as one period in the wrong place.
- Do not install software you are not familiar with. Last but not least, another way to get access to your secrets and accounts is by tricking you into installing some sort of remote access software. What that means is that once you install software that a hacker gives you, under the guise of a trustworthy agent, they can access your computer without being physically close to you and do all sorts of harm to you. Consequently, it’s important to remember that any software with remote access permissions should be avoided.
Note: This article is a distillation of our blog post on the same subject, which you can find here.
Two-factor authentication (2FA)