Article from: OpenSea
At OpenSea, we’re constantly taking steps to improve trust and safety in the NFT space and ensure users feel confident connecting with us in all of our community channels. However, safety in web3 also requires users to stay vigilant and protect themselves on Discord and other third-party community platforms.
As a general reminder, OpenSea staff will NEVER:
Below you’ll find a series of operational security (opsec) best practices that users of all backgrounds should maintain on a regular basis. With bad actors constantly on the move – even the most experienced web3 users can fall victim to scams and phishing attempts across the community ecosystem.
We recommend that you block DMs for Discord. To do so:
In general, most scam and phishing attempts begin through DMs. Be suspicious of any requests from strangers and always vet them. This applies to other chat apps frequently used in the web3 community like Telegram and Signal.
Most popular Discord servers in web3 will have DM’s turned off by default. In this situation, the only way DM’s can take place is if users are already connected through an existing conversation, or if another member (nefarious or not) issues a friend request.
If you need to connect over DMs, it’s best to vet and confirm if the other party is who they say they are. You can screenshot their request and confirm its authenticity directly with that party over Twitter or email.
This tip is as old as the internet but just as relevant in web3.
Whether in Discord or elsewhere, avoid clicking on unfamiliar links and downloading files as they may have malicious scripts which will compromise your account (or worse, your device). Be highly suspicious of any request that requires you to install or run any program. Even an action as simple as installing a bookmark may compromise your Discord account.
Discord offers SMS as a method of 2FA. However, receiving 2FA via SMS is a possible risk vector if your phone’s SIM card has been compromised. It’s best to use a timestamp-based method of 2FA with apps like Google Authenticator. You can toggle this in your Discord settings.
In general, you should apply timestamp-based 2FA to all of your main web3 apps, if possible.
If you think you may have clicked a link to a malicious website or scanned a malicious QR code, we recommend installing a new wallet, and moving your items to it ASAP.
If you see something suspicious, please let us know.
The post How to stay safe on Discord and Social Media appeared first on OpenSea Blog.
source
Article from: OpenSea
