The GoPlus security team emphasizes that in order to avoid becoming a target of phishers when conducting on-chain transactions, users should take a series of precautions to strengthen protection.
1. Verify the source
Official channels: Avoid clicking on links from unknown sources, especially those received in emails, social media, or private chats. Make sure all transactions and logins are made through official websites or official DApps. It is recommended to bookmark frequently used websites and apps to reduce the risk of accidentally entering fake websites. At the same time, you can observe whether there are well-known users among your Twitter followers to help determine whether it is an official account.
Check the URL: When visiting any website, double-check that the URL is spelled correctly and make sure the URL uses a secure certificate (HTTPS). Phishing websites often use domain names that are similar to the real website, but with subtle differences.
2. Secure browser extensions
Install browser extensions: Install secure browser extensions with transaction simulation and phishing site identification features that monitor and block access to phishing sites in real time. These extensions usually also check whether the visited website is in a database of known phishing sites and issue warnings when risks are found.
Update regularly: Make sure browser extensions and other security software are always up to date to identify and block the latest phishing attack methods.
3. Improve vigilance and identification skills
Emails and messages: Be wary of any emails and messages asking for personal information, passwords, recovery phrases, and private keys. Legitimate services will not usually ask for this information via email or messages.
Check the sender: Even if the message appears to be from a familiar source, double-check the sender's email address. Phishers may pretend to be legitimate senders through subtle spelling errors or fake domain names.
IV. Fund Management
Multi-wallet management: Do not concentrate all assets in one wallet, but store them in multiple wallets. This way, even if one wallet is attacked, the assets in other wallets can be protected.
Combination of hot and cold wallets: Store most of your assets in offline cold wallets, and keep only a small amount of assets in online hot wallets for daily transactions. Cold wallets are not connected to the Internet and are more secure.
Regular inspection: Regularly check the security status and transaction records of each wallet, cancel unnecessary authorizations, and promptly detect and handle abnormal situations.
The OKX Web3 Wallet Security Team also provided the following additional suggestions:
Verify websites and addresses: Before entering your private key or making a transaction, always verify that the URL of the website you are visiting is correct, especially when clicking on a link directly from an email or social media account. For blockchain addresses, use a known secure service such as OKLink Browser to verify the legitimacy of the address.
Use a hardware wallet: Hardware wallets provide an extra layer of security for your crypto assets. Even if your computer is infected or you visit a phishing website, a hardware wallet will keep your private keys safe.
Don’t authorize easily: When authorizing smart contracts, be sure to confirm the content and source of the contract. Only authorize contracts that you trust or have been fully reviewed by the community.
Leverage security tools and services: Install and use anti-phishing and malware protection tools, such as web browser extensions, that can help identify and block access to known malicious websites.
Be alert: Be wary of any urgent requests for your private keys or transfers. Attackers often use users’ nervousness and impatience to trick them into making decisions.
Improve your own security awareness: Update your security knowledge regularly and pay attention to the latest phishing attack methods and blockchain security trends. You can take relevant online courses or read blockchain security guides to improve your security awareness and skills.
