Five Best Practices to Protect Your Online Security

Digital assets enable a globally connected ecosystem of transactions and innovations, but their fluid nature also creates opportunities for bad actors to commit crimes. The reality is that one wrong click can be all it takes to drain your assets.

Many unknowingly engage in behaviors compromising their online security—from how they handle cryptocurrency wallets to their interactions with everyday online services.

Since one of the best ways to stay safe is by being aware of the risks, we’re sharing five things that can compromise your online security. 

1. Segregate Hot and Cold Wallets 

For maximum security, it is best practice to store the majority of your assets in a cold wallet. Because they are not connected to the internet hackers have no direct path to access them. Cold wallets use air-gapped devices (not connected to the internet) and require offline key handling. While this can slow down transaction times, it is the best way to safeguard your investments from malicious attacks.

In contrast, hot wallets are directly connected to the internet and allow for quick access and faster transactions. Similar to a physical wallet, hot wallets are ideal for assets that are regularly traded or utilized to make purchases. They preserve access, but they also increase the risk of a successful attack by hackers.

A common approach to balance security and accessibility is to keep a portion of digital assets in hot wallets for easy access and the rest in cold storage for safekeeping. Find more information about wallets.  

2. Think Twice Before Clicking on Unfamiliar or Suspicious Links

It is best to always be mindful of bad actors who use phishing attacks in an attempt to steal your identity, information, or digital assets. This is true in both the traditional and cryptocurrency financial industry. 

Here’s how it often works: 

1. A hacker sends mass emails or texts that appear to come from a legitimate source, such as a crypto exchange or wallet provider. 

2. After gaining the victim's trust, the phisher directs them to a website that appears authentic and entices them to input sensitive information, like private keys. 

3. With this information, the hacker can access the victim’s wallet.

Phishers often offer fake incentives, such as a bogus airdrop, or claim there’s an urgent issue with an account. They suggest clicking a link to “fix” the situation.

Another popular phishing route is creating domain names that are visually similar to popular sites. These “clones” often appear high up in search results and promptly direct you to a link to drain your wallets. Always verify the domain name and make use of bookmarks when possible to ensure you’re not using a fake.

To protect yourself, always verify the email address; for example, a legitimate crypto company is unlikely to use a Gmail address. Is the tone or branding different from what you’re used to? Are there multiple spelling errors? 

Trust your gut—if something seems off, take a moment to pause and reflect before proceeding.

3. Be Wary of Connecting to Public Wi-Fi Networks

According to Aura, an internet safety company, nearly half of Americans use public Wi-Fi hotspots for financial transactions. 

When unsecured, these hotspots can be playgrounds for malicious individuals looking to steal identities, inject malware, obtain passwords, or target users with phishing ads.

Solutions to protect yourself include using a virtual private network (VPN), anti-malware software, secure password managers, and antivirus protection. If you're unsure whether a public hotspot is safe, it’s best to avoid using the network altogether.

4. Verify the Legitimacy of Phone Calls

This is especially true when you don’t know the caller and/or they request personal information. Scammers, according to the Federal Trade Commission (FTC), have devised countless ways to cheat people over the phone. Often, only a small amount of personal information is needed for them to steal your identity.

Scammers can spoof phone numbers to make them appear legitimate, pretending to be from the FBI, Social Security Administration, or even your bank. They may offer to fix your credit score, pitch a foolproof crypto investment, or sign you up for a free trial—then ask for your bank or credit card information.

If a call seems suspicious, the FTC suggests hanging up and calling the organization directly using a verified number. For example, if the caller claims to be from your bank, call the number on the back of your debit card. If you find out the number isn’t legitimate, block it. 

The best way to stay safe is to remain skeptical. Ask yourself, “why is my email provider calling me and asking me to do things with my account?” The reality is, 99.99% of the time, they wouldn’t. 

5. If It Sounds Too Good to Be True…

You probably know the rest. 

If someone offers an obscure investment opportunity with promises of “fast money” or “guaranteed high returns,” it’s almost certainly too good to be true. Don’t let fear of missing out lead you into regretful decisions.

Phrases like these should raise red flags:

• Don’t miss out!

• Buy now.

• Available for the next hour only.

• Get rich quick. 

• High returns . . . guaranteed. 

• Unbelievable profits!

• Exclusive opportunity. 

The FBI Portland office offers two additional tips: never send money or invest based solely on advice from someone you’ve only met online. Always conduct your own due diligence. Also, don’t share details about your financial status with people you don’t know or trust—stick with reputable sources.

Secure Digital Asset Storage and Transactions With BitGo

BitGo provides secure digital asset storage and transaction services, maintaining high levels of security awareness. Connect with us here.