Jameson Lopp's avatar
Jameson Lopp lopp@lopp.net 11 months ago
Social engineering prevention PSA: 1. Never trust ANY unsolicited incoming communications be it via email, phone, chat, social media, etc. 2. Any message you receive that conveys FEAR and a sense of URGENCY should be regarded as highly suspicious. 3. No crypto exchange, hardware, or software provider is going to call you out of the blue and ask you to make changes to your security setup. 4. Never install software, especially remote desktop software like AnyDesk or TeamViewer, at the instruction of an unsolicited message. 5. Slow down, take a breath, and reach out to someone you trust to provide a second opinion if you find yourself in a weird situation.

Replies (13)

Brisket's avatar
Brisket brisket@nostrplebs.com 11 months ago
They nearly always use fear or greed to engage you to act. Become very aware of either of those feelings arising within you because they often lead to very bad decisions.
Braydon Fuller's avatar
Braydon Fuller _@braydon.com 11 months ago
Also, establish secure e2e and signed means of contacting team members _before_ it's 100% necessary (even better, multiple ways). If someone is unfamiliar, help them.
Bitcoin_Debstr's avatar
Bitcoin_Debstr 11 months ago
This ⬇️
Jameson Lopp's avatar Jameson Lopp
Social engineering prevention PSA: 1. Never trust ANY unsolicited incoming communications be it via email, phone, chat, social media, etc. 2. Any message you receive that conveys FEAR and a sense of URGENCY should be regarded as highly suspicious. 3. No crypto exchange, hardware, or software provider is going to call you out of the blue and ask you to make changes to your security setup. 4. Never install software, especially remote desktop software like AnyDesk or TeamViewer, at the instruction of an unsolicited message. 5. Slow down, take a breath, and reach out to someone you trust to provide a second opinion if you find yourself in a weird situation.
View quoted note →
t0biwas's avatar
t0biwas 11 months ago
The best tip is the last one. Slow down. Take a breath, drop the call, call back if you think it helps. But only after a break.
Dug's avatar
Dug Dug@primal.net 11 months ago
So so happy that when “ledger” give me a call, I know 1) they shouldn’t have had any data breaches 2) I’m glad I moved everything from them after “ledger recover” and 3) I ask them if their family is proud of their career choices to be a dirty scamming thief.