Five Best Practices to Protect Your Online Security
Digital assets enable a globally connected ecosystem of transactions and innovations, but their fluid nature also creates opportunities for bad actors to commit crimes. The reality is that one wrong click can be all it takes to drain your assets.
Many unknowingly engage in behaviors compromising their online security—from how they handle cryptocurrency wallets to their interactions with everyday online services.
Since one of the best ways to stay safe is by being aware of the risks, we’re sharing five things that can compromise your online security.
1. Segregate Hot and Cold Wallets
For maximum security, it is best practice to store the majority of your assets in a cold wallet. Because they are not connected to the internet hackers have no direct path to access them. Cold wallets use air-gapped devices (not connected to the internet) and require offline key handling. While this can slow down transaction times, it is the best way to safeguard your investments from malicious attacks.
In contrast, hot wallets are directly connected to the internet and allow for quick access and faster transactions. Similar to a physical wallet, hot wallets are ideal for assets that are regularly traded or utilized to make purchases. They preserve access, but they also increase the risk of a successful attack by hackers.
A common approach to balance security and accessibility is to keep a portion of digital assets in hot wallets for easy access and the rest in cold storage for safekeeping. Find more information about wallets.
2. Think Twice Before Clicking on Unfamiliar or Suspicious Links
It is best to always be mindful of bad actors who use phishing attacks in an attempt to steal your identity, information, or digital assets. This is true in both the traditional and cryptocurrency financial industry.
Here’s how it often works:
-
A hacker sends mass emails or texts that appear to come from a legitimate source, such as a crypto exchange or wallet provider.
-
After gaining the victim's trust, the phisher directs them to a website that appears authentic and entices them to input sensitive information, like private keys.
-
With this information, the hacker can access the victim’s wallet.
Phishers often offer fake incentives, such as a bogus airdrop, or claim there’s an urgent issue with an account. They suggest clicking a link to “fix” the situation.
Another popular phishing route is creating domain names that are visually similar to popular sites. These “clones” often appear high up in search results and promptly direct you to a link to drain your wallets. Always verify the domain name and make use of bookmarks when possible to ensure you’re not using a fake.
To protect yourself, always verify the email address; for example, a legitimate crypto company is unlikely to use a Gmail address. Is the tone or branding different from what you’re used to? Are there multiple spelling errors?
Trust your gut—if something seems off, take a moment to pause and reflect before proceeding.
3. Be Wary of Connecting to Public Wi-Fi Networks
According to Aura, an internet safety company, nearly half of Americans use public Wi-Fi hotspots for financial transactions.
When unsecured, these hotspots can be playgrounds for malicious individuals looking to steal identities, inject malware, obtain passwords, or target users with phishing ads.
Solutions to protect yourself include using a virtual private network (VPN), anti-malware software, secure password managers, and antivirus protection. If you're unsure whether a public hotspot is safe, it’s best to avoid using the network altogether.
4. Verify the Legitimacy of Phone Calls
This is especially true when you don’t know the caller and/or they request personal information. Scammers, according to the Federal Trade Commission (FTC), have devised countless ways to cheat people over the phone. Often, only a small amount of personal information is needed for them to steal your identity.
Scammers can spoof phone numbers to make them appear legitimate, pretending to be from the FBI, Social Security Administration, or even your bank. They may offer to fix your credit score, pitch a foolproof crypto investment, or sign you up for a free trial—then ask for your bank or credit card information.
If a call seems suspicious, the FTC suggests hanging up and calling the organization directly using a verified number. For example, if the caller claims to be from your bank, call the number on the back of your debit card. If you find out the number isn’t legitimate, block it.
The best way to stay safe is to remain skeptical. Ask yourself, “why is my email provider calling me and asking me to do things with my account?” The reality is, 99.99% of the time, they wouldn’t.
5. If It Sounds Too Good to Be True…
You probably know the rest.
If someone offers an obscure investment opportunity with promises of “fast money” or “guaranteed high returns,” it’s almost certainly too good to be true. Don’t let fear of missing out lead you into regretful decisions.
Phrases like these should raise red flags:
-
Don’t miss out!
-
Buy now.
-
Available for the next hour only.
-
Get rich quick.
-
High returns . . . guaranteed.
-
Unbelievable profits!
-
Exclusive opportunity.
The FBI Portland office offers two additional tips: never send money or invest based solely on advice from someone you’ve only met online. Always conduct your own due diligence. Also, don’t share details about your financial status with people you don’t know or trust—stick with reputable sources.
Secure Digital Asset Storage and Transactions With BitGo
BitGo provides secure digital asset storage and transaction services, maintaining high levels of security awareness. Connect with us here.
About BitGo
BitGo is the leading infrastructure provider of digital asset solutions, offering custody, wallets, staking, trading, financing and settlement out of regulated cold storage. Founded in 2013, BitGo is the first digital asset company to focus exclusively on serving institutional clients. BitGo is dedicated to advancing a digital financial services economy that is borderless and accessible 24/7. With multiple Trust companies around the world, BitGo is the preferred security and operational backbone for more than 1,500 institutional clients in 50 countries, including many of the world’s top brands, cryptocurrency exchanges and platforms. BitGo also secures approximately 20% of all on-chain Bitcoin transactions by value and is the largest independent digital asset custodian. For more information, please visit www.bitgo.com.
©2024 BitGo Inc. (collectively with its affiliates and subsidiaries, “BitGo”). All rights reserved. BitGo Trust Company, Inc., BitGo Inc., and BitGo Prime LLC are separately operated, wholly-owned subsidiaries of BitGo Holdings, Inc., a Delaware corporation headquartered in Palo Alto, CA. No legal, tax, investment, or other advice is provided by any BitGo entity. Please consult your legal/tax/investment professional for questions about your specific circumstances. Digital asset holdings involve a high degree of risk, and can fluctuate greatly on any given day. Accordingly, your digital asset holdings may be subject to large swings in value and may even become worthless. The information provided herein is not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation. BitGo is not directing this information to any person in any jurisdiction where the publication or availability of the information is prohibited, by reason of that person’s citizenship, residence or otherwise.