Tips to Avoid Online Fraud and Crypto Theft

I recently came across a victim’s story, in how she was scammed online and ultimately lost all her cryptocurrency. In reading the story, and extrapolating from my four decades of working against criminals, I wanted to pass on some digital security tips so others can avoid similar traps:
1.      Telegram is not trustworthy place to meet new people. Telegram and other social sites are overflowing with scam artists. Never believe any message from unknown persons on Telegram, X/Twitter, Facebook, Discord, email, or SMS text messages. These and other similar channels are the avenues scammers reach victims. So, by default don’t believe them. If they say they are from an organization, have them send you an email message from that domain or call that entity and ask for them. Still not sure, then reach out to their profile on LinkedIn and ask to confirm they reached out to you. (Note: also make sure their LinkedIn profile looks legit)
2.      The fact an unknown subjects may know a lot about you or your organization is NOT proof of their legitimacy. It just means they can use the Internet. AI empowered scammers are beginning to do this automatically, with some success. They will get better.
3.      Meet people in person (if it is safe) or via video meeting. If their camera is not working or they give some other excuse, be HIGHLY suspicious – give no sensitive information and do not follow any instruction. It is best to simply ask them to reschedule when they can be on camera. If they are having technical issues, they will definitely accommodate. If they refuse, it is a huge red flag! Also beware that sometimes scammers do an unannounced swap and the person you were supposed to meet with is suddenly unavailable and they want you to meet with someone unknown and unvetted. Again, just reschedule. If they press, then it is another red flag.
4.      Never click a link or go to an untrusted webpage URL. It may be infected and all it takes is going there to get you in trouble. There are security tools to test such sites, but unless you are a security pro, just don’t do it.
5.      Never install any program or open an attachment from an untrusted person. If they say you need a collaborations app, then it should be an industry recognizable product otherwise don’t (without super secure isolation – consult a security professional)
6.      Don’t use web browser extensions, unless you FULLY trust them. It is one of the biggest risks you can take online as extensions can fully control your browser and anything you type or click on. It can capture passwords and even change what you see from the webpages you navigate to.
7.      Lastly, when it comes to cryptocurrency, use online wallets sparingly. Don’t put much money in them because they are easily hackable if your system is compromised. Only put as much money in them as you are willing to lose. Keep your currency protected with MFA centralized solutions (like exchanges) or even better, use a cold (offline) wallet where only you have your private keys!

I hope this helps others to remain safe and recognize warning signs of online fraud.