Source: OneKey Chinese (X: @OneKeyCN)
The money earned from using bots to trade with "土狗" (a slang term for low-quality cryptocurrencies) is all given to scammers. Can you tolerate this?
The following methods are used: social engineering to obtain verification codes, fake software, and fake group entry verifications. You must take precautions. The last one has deceived many people.
Don't wait until it's too late to regret.
1. Social Engineering to Obtain Verification Codes
This scam was rampant before, using various methods to make you provide the Login Code verification code.
They like to ask you to take screenshots, which will capture the verification code. The scammer then gains login access and transfers your bot's money (as mentioned in a case by SlowMist Technology's Yu Xian).
Fortunately, the latest version of Telegram has added "blurring" so the verification code cannot be seen in screenshots.
Some people even unknowingly give away the "Login Code," leading to theft. Now you know.
Common reasons:
(1) Friends (who have also been hacked) claim to need assistance with the verification code; Telegram does not have verification assistance!
(2) Impersonation of exchanges or group administrators, requesting re-verification;
(3) Impersonation of official accounts, telling you to remove risk controls; note that official accounts have a blue checkmark! Besides your own login, no one needs your verification code!
The easiest targets for deception are impersonations of exchange officials and employees. You can use the official verification channels below to verify various contact methods including phone numbers, WeChat, and Telegram.
Binance @binance: https://binance.com/zh-CN/official-verification…
OKX @okx: https://okx.com/zh-hans/support-center/channel-verification
There are even people impersonating Binance employees to approach you for private placements, and you can use this to expose the lies!
2. Fake Software
Many people like to click on tutorial links to download Telegram and Chinese localization packages—don't do this.
Even Google searches are not safe, especially when searching for "Telegram Chinese version," as the top results are not official websites.
You may easily download fake versions of Telegram and localization packages with backdoors.
You can confirm the official account by checking the common followings of several big V's: @telegram, and its official website in the introduction http://telegram.org.
Download from official channels for peace of mind.
As for language packs, you should note that language packs can be directly installed within the app.
There is no need to download any installers to install on your computer or phone! Anything that needs to be downloaded separately is an executable file, i.e., a Trojan virus.
Refer to this warning: https://landiannews.com/archives/93592.html
3. Fake Group Entry Verification SafeGuard
This is the most rampant and targeted scam in the crypto community recently.
A few days ago, well-known blogger Box exposed this. (Related reading: "Hundreds of thousands of U stolen, revealing the complete process of new asset fraud targeting TG Bot players")
In summary:
Do you always need to verify before entering a group for a coin? Hackers have created a fake SafeGuard verification page to obtain your login access.
Understand this: group entry verification is only to identify if you are human. Usually, a simple click or entering an image verification will suffice.
It will never ask you to scan to log in or use your phone number to log in.
If you open the group entry verification and see these two screens—quickly exit, it's 100% fake.
By following these steps, hackers can log into your account on their device and transfer your money.
This kind of fake SafeGuard group entry verification is really hard to guard against.
It could be that an administrator's account has been hacked and replaced with a fake one, or someone is taking advantage of your FOMO emotions to urgently find a link for a certain coin and sends a fake group link.
In any case, when you see this kind of verification, you should immediately realize that someone wants your login access.
4. Ultimate Telegram Security Settings
Using Telegram's default settings makes you vulnerable to various harassments and security risks. Next, you need to make some very important settings:
(1) Do not display your phone number
Many scammers in private chats can send you a verification code request because they can see your phone number, which they then use to log in.
When adding friends, you can choose not to display your phone number to them.
Also, in the Privacy and Security section of the settings, you can set it so that no one can see your phone number.
(2) Enable Two-Step Verification
This doesn't need much explanation, right? It's essential for preventing theft on the internet.
Don't find it troublesome, or else you'll regret it if you get hacked.
(3) Set the Account to Not Be Added to Unknown Groups by Non-Friends, and Prohibit Non-Friends from Messaging
You can make these settings in the Privacy and Security section of the settings.
Telegram sneakily sets the option to block unfamiliar users only for Premium members, but you can see that users who are not added as contacts have a "Block/Add Contact" option. Just be cautious when you see it.
(4) Do Not Keep Large Amounts of Money in Bots
Diversify the risk! After all, the private key is generated from a centralized bot, and copying and pasting for storage involves network exposure and multiple risk points. Just in case.
For large funds, it is recommended to use a hardware cold wallet, with the private key isolated from the network.
(5) Other Security Awareness
After reading about the scams mentioned earlier, I believe you will be more cautious.
In any case, be careful with various "pie in the sky" benefits, and always verify various links and people.
Finally, regularly clean up unused groups and contacts to keep things tidy. Otherwise, if you accidentally fall for a scam due to carelessness, you'll suffer a big loss.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
