João Freitas

The following is a list of best practices to strength your security when using Telegram and Discord. The article focuses on crypto people, but the practices should be used by everyone.

https://officercia.mirror.xyz/dlf6ZEXq3FLE21ZY2jeJ0cBDyuZu8XIF9DEJAQ07nk8


Greetings! In this note I’ll give you some simple tips and you’ll sleep better at night

These two applications are frequently used for work and communication, so it stands to reason that scammers and hackers would also look for victims there. Let’s figure out how to avoid falling victim as well!

Read: github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap

Today I’d like to focus on the basic settings only. Let’s get started!

Check out: Digital Communications Protocols

Check out: The most significant milestones in the development of communications: An Overview


I - Telegram

How Not to Get Hacked on Telegram

How Not to Get Hacked on Telegram

Top-7 Social Engineering Frauds in Crypto - Hacken

A couple of basic tips:

Beware of impersonators (carefully check out Telegram bio as the scammer may insert any nickname to his bio and leave his own nickname blank), fake notifications about logging into Telegram (check out them carefully, they should come into the official telegram news & tips channel) with a phishing link, fake bots (yep, bots - not user accounts - may DM first) and so on.

NONE of the telegram chats are encrypted not 1:1, not groups. Only the secret chat one iirc.

Settings:

Check out: Analyzing Telegram chats and channels. Regular expressions in OSINT in practice


II - Discord

On Operational Security

On Operational Security

How to Avoid Blockchain Blackhats on Discord

GitHub - mpgn/discord-e2e-encryption: Tampermonkey script that encrypt and decrypt your messages on Discord

A couple of basic tips:

Check out: How to Defend Your Castle | Innovative Trio


III - Discord Scams

Discord Security for Web3 Projects: From Zero to Hero

Discord Security for Web3 Projects: From Zero to Hero

How to protect your crypto assets

One of the most dangerous scams, as an example:

Judging from the original tweet, the story goes like this:


IV - Social Engineering

The Only Safe Way to Store Crypto: Ultimate OpSec

The Only Safe Way to Store Crypto: Ultimate OpSec

Violent Attack Vectors in Web3: A Detailed Review

Let us take Jane who is a diligent employee at her company. Information about Jane is publicly available on her social networks. Some sensitive information about her might have even been revealed in some leaks, such as the 2014 Yahoo Mail user account information breach. Generally, she is no different from you or us. So far, so good.

But then, a troll shows up and starts stalking her around social networks, writing hurtful comments, for example. He expands his cyberbullying to others in Jane’s company, bringing distress to his victims.

Even at this stage, the attack has done enough damage to cripple the culture of openness inside the company. Employees may stop sharing personal information or speaking candidly about problems for fear of ridicule or retaliation.

Jane continues to suffer the troll’s attacks in silence. If Jane blocks the troll’s account, he will make another. If he knows her address, multiple pizza deliveries may suddenly arrive at her door. It is no life.

At this point in our story, in comes John. He is a stranger but, he too has a public account and has suffered from the actions of this same troll as evident from attacks on his page. He makes Jane a proposition for cooperation on how to stop the attacks. He says he knows a way to silence the troll.

Sure he knows the way. The Knight to the Rescue and the Evil Troll are one and the same person. The troll’s trick was to establish an emotionally supportive bond with someone who was experiencing pain.

John created a condition where Jane is now more likely to follow John’s seemingly innocent suggestion. She may click on a URL link or open a file sent to her. She might even come out and meet John.

This story may end badly for Jane. A potential scam by John should have been stopped at the beginning – at the stage when the target got recruited.

Are there any good guidelines to follow so that we do not end up in Jane’s position?

  1. The piece of advice “don’t let strong emotions influence your actions” applies well for investing in stocks or when choosing a life partner. It can be your first rule in the digital world playground.

  2. If you get scammed, do not lose heart. One thing victims often tell us after being defrauded is “I can’t believe I was so stupid.” Scams happen to the best among us. Evolutionary psychology tells us that we have been wired by evolution to trust other humans for the purpose of our survival. This is why any exploitation of this strong evolutionary adaptation is particularly painful to us.

  3. If you are in a managerial role, make sure your employees aren’t sick, tired, or go hungry at work. When employees are physically or emotionally weakened, they become vulnerable to psychological influence.

  4. If you work a lot with files, particularly PDFs, you can use these protective measures or dangerzone.rocks!

  5. While you may be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.

  6. We recommend that you follow these 25 rules to safeguard yourself from nefarious Internet scammers.

The exploitation of love or anger happens less often because the scammer would need to maintain a psychological connection with the victim, requiring skill, time, and familiarity with the target. In our situation, the scammer exploited the victims’ fear. What is more, in order for this attack to succeed the victim had to be rushed.

A skillful social engineer will not give the victim much time to think, and will always press for urgency. This is the first thing to pay attention to – If you are rushed to give out sensitive information (or any information at all, for that matter), it is a good time to pause.

The second point to note is that when you find yourself in a similar situation, do not try to solve the problem by yourself. Ask a friend, a frequent contributor to your favorite Discord server, or a moderator of any well-known DAO. Good people want to help. Get a second opinion.

Sometimes scammers just want to get dirt on the victim or de-anonymize the target. Often, however, sophisticated cyber exploits can come coupled with either a malware injection or a phishing attack, or some other surprise.


V - Malware & OTC Scams

Read: github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap

Read: docs.google.com/document/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/edit

Read on to learn what happened here, so you can avoid OTC scam happening to you:

Check out: If you have been scammed…

Bonus:

Awesome Crypto Discord & Telegram servers & chats!

#reads #0xb25c #telegram #discord #security #crypto #opsec