How to stay safe and secure in Web3? Key takeaways from Podcast Episode 1

Let’s briefly dive into the first episode of the Aleph Zero Podcast to discuss the best tips and tricks for ensuring a safe online experience. Joining us were: Andrew Ciaccia (Interlock CMO), Rick Deacon (Interlock CEO), Christopher A. Pariso (security analyst at Gartner), and Matt Bouillon (attorney specializing in crypto and digital asset cases). 

Listen to the full episode on the platform of your choice

TL;DL:

Too Long; Didn’t Listen 

• FOMO and Greed Are Your Worst Enemies 
• As Security Systems Get Better, So Do Hackers 
• Security Education is a Neverending Challenge 
• Legal Systems Are Still Catching Up to Web3 
• Scams Are Almost Always Organized, Rarely Lone Wolves 
• The Best Security Solutions Are Low-Key 
• Don’t trust; verify! 

If you’d like to hear the whole episode on your favorite platform, head over to the dedicated Podcast subpage.

FOMO and Greed Are Your Worst Enemies 

One thing that was crucial during the discussion was pointing out the social-engineering skills employed by various malicious actors that inhabit the online space. Skills, that are used by people of less than pure intent to part you and your money. This results in FOMO (fear of missing out) and greed supplanting any rationality and logic that should be at the forefront of any responsible decision-making that occurs with regard to your finances. 

As Security Systems Get Better, So Do Hackers 

Another point made during the podcast episode mentioned the clever techniques that cybercriminals are more commonly deploying. In the past, websites and emails used by hackers lacked sophistication and did not inspire the trust that fraudulent websites invoke nowadays. Criminals have gone incredibly good at creating professional-looking systems that aim to provoke web users to divulge sensitive information. This ploy can be foiled, however by ensuring that we verify new websites before we trust them with any sensitive data. 

Trust in real life and online should be earned, not given. 

The tactics, techniques, and procedures used by hackers are not new and mostly revolve around the issue of trust. We are at our most vulnerable to getting hurt when we issue trust to someone unworthy of it. The goal scammers want to achieve can be broken down into three areas: 

• They want them to send you money
• They want access to sensitive data that will give you access to your money
• They want to hijack your social media and steal your credibility to scam other people into losing their money. 

Security Education is a Never-ending Challenge 

One observation noted during the chat described the challenge faced by security specialists in educating the public on the importance of online safety. Parallels can be made between the fields of cybersecurity and healthcare, as in both areas, those who fall victim to scams or preventable health issues oftentimes prefer to solve problems once they arise instead of introducing procedures that would make the problem never appear in the first place. 

“It’s easier to get people to brush their teeth after they have a root canal than before.” 

Christopher A. Pariso

security analyst at Gartner 

The Law Is Still Catching Up to Web3 

The importance of staying safe online and incorporating best practices to avoid losing digital assets also stems from the fact that it is challenging to prosecute wrongdoers in the Web3 space. This has to do with the complexity of tracking down such individuals and the legal system needing to acquire the tools and understanding to tackle Web3 issues. Theft may be theft, but there is an acute difference between explaining to a jury a run-of-the-mill robbery compared to an elaborate Web3 scam that involves abstract words like secret keys or decentralized finance. 

Scams Are Almost Always Organized, Rarely Lone Wolves 

Behind most Web3 criminal activity, there is almost always a highly organized network of individuals working hard to steal money from the average crypto user. These organizations go to great lengths to build trust between themselves and their victims.

Popular examples of these strategies include baiting potential male victims with female company so that they let their guard down. These relationships oftentimes last months as the organization builds trust before receiving the information or funds they were after in the first place. 

An especially malicious example is illicit organizations that create facades of legitimacy and purport to aid victims of hacks to retrieve their lost money. They drain the victims of whatever assets they have left by demanding upfront fees to cover the expenses required to recover what the client lost. Desperate individuals become victimized over and over again. 

The Best Security Solutions Are Low-Key 

As far as the UX of software-based security solutions is concerned, it is better to create systems that are relatively low-key and work in the background rather than bombard users every step of the way with information on their security status. The work these systems do should only come to the foreground if the user of a device is beginning to behave in a truly dangerous manner. Security systems that limit user activity typically have a lower success rate as users become frustrated with the software that is designed to protect them and may either opt to find ways to circumvent it or forego it altogether. 

Key Security Pro-Tips

• Don’t trust; verify. 
• If you get a link, type it in. Don’t follow the hyperlink! 
• Slow down; you are not under the time pressure you believe you are subjected to.