I am your friend. I have been there for the last year helping you understand the crypto world. You know I am a nice guy, just look at my avatar. So don’t worry, you can give me your private key and I’ll show you how to vote for your favorite Tron Super Representative. This my friend, is the evil Social Engineer at work.
The definition of social engineering(in the context of information security) is as follows:
|The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.|
Before I took an information security class, I thought a social engineer dealt with Ohm’s law, music, and few drinks. Instead, the class enlightened me to a new form of criminality. It taught me the modern tactics that criminals were using to gain access to financial data as well as critical infrastructure. This is now termed social engineering. In case you do not know, it is extremely easy to fall a victim to this form of attack. The attacker uses the one thing in common with every single individual and organization. And that is human psychology. They will trick you into trusting them. With this trust, you may divulge the information they need to carry out their diabolical plan.
To better understand the different forms of social engineering you can click here. But please do finish reading my article as it could save you a lot of grief in the crypto space.
Imagine if Dr. Evil knew about social engineering tactics when dealing with Austin Powers. The world would be doomed. We would be out One Milliooon Dollars!
I am your Crypto Friend
Social engineering is probably the number one form of attack that is seen on a day to day basis. Every person has seen some form of trickery. Whether it is an email pretending to be your financial institution, known as phishing, or the call from that guy pretending to be a Microsoft representative. You know, the guy who wants to speed up your computer and insists that you follow his directions because he wants what is best for you. The same directions which will give him remote access into your PC. By the way, if you get this call, just pretend to be the old man that doesn’t know how to use the computer. It is quite interesting to see the trouble that these guys go through to get your information or money.
In crypto, we all partake in social media groups where, over time, trust is established. As a Tron Super Representative, we have the responsibility of gaining the trust of our supporters. As our communities grow, as is the case of Tron Spark with Tron Spark Pro, it is very important to safeguard the community from social engineers. Some of these individuals are very good at what they do. That is why Tron Spark wants to make sure that the crypto community knows how to protect itself.
The Number One Rule in Crypto
In crypto, there is one rule that every expert always tells you, and it is:
”Do not trust anyone with your private key!
Do not trust anyone with your private key. If you are concerned about funds being lost in case something happens to you, leave it well documented for that special someone to find at a later time. Example: Leave instructions in your safety deposit box of how to get the private key. I wouldn’t even have it all in one place. If I have to send my private key to someone for whatever reason, split it into several pieces and send each piece via a different channel. One third via telegram, one third via email, and one third via text. Follow the rules, so that you do not find yourself with an empty bag one day.
”Do not trust anyone with your private key!The Wise Crypto Enthusiast
Other Crypto Traps
Below I am listing a few things you can do to protect yourself. I am sure there are many more that can be added. Feel free to comment below.
- Always make sure you are at the correct URL. There are many phishing websites out there that look just like TronScan. Be careful! The minute you enter your private key, you are done.
- Use cold storage or a hardware wallet such a Trezor and Ledger. I recommend not having your tokens in an exchange. Back in 2014, my girlfriend and I lost some BTC because of trusting MtGox. It wasn’t a huge investement at the time, but at the peak it would have been $240k between the two of us. No big deal, Tron will make up for it.
- Verify the first few characters and the last few characters of the receiving wallet address every time you send tokens.
- When sending money to a group, such as an ICO, make sure the source of this information is who they say they are. Verify their Staff, their social networks, their website, etc. Even with all this, websites and channels have been hacked in the past. Just be careful when sending funds. Break them up into smaller transactions. After all, TRX transfers are mostly free.
Tron Spark and our Security Concerns
As Tron Spark grows, we will be adding members to the team which will help expand and accomplish our mission. Nonetheless, we will never ask you for your private key under any circumstance. Yet, getting your private key is not the only concern. A community member, claiming to be representing Tron Spark, can easily request funds to be transferred to a given wallet address. In order be better prepared for this threat, Tron Spark wants to set guidelines to protect the community.
Only three individuals have access to Tron Spark funds. The three individuals are Eder Texeira, Nam Trinh, and George Rodriguez. Nonetheless, we know that people can easily pose as us. Remember all the fake Justin Sun accounts? Therefore, we have decided that any request for funds, whether it be for donations or to fund an activity, will have to be posted on our website. Please do not send anyone, even us, any funds if the address is not posted on TronSpark.com. We will forward you the link if at any time you are to send us funds for whatever the cause may be. Also, make sure it is the correct URL before sending anything.
Tron Security Moving Forward
The new kid on the block is Tron. Being in its infancy, we all know Tron has a long way to go. When it comes to security, we have to establish better safeguards and make the necessary changes to prevent malicious individuals from gaming the system. For instance, there are “fake” Tron tokens which are pretending to be other tokens from respectable entities. Here is one such example. As a community, we must work together to fortify the Tron network. We must bring to light these things so that protections can be developed. Could Tronscan and other wallets not display these tokens? I believe they are already doing this. The Tron network is decentralized, but that does not mean that the community cannot do something to prevent such deceptions. A user on Reddit commented this:
”For those of you saying that this needs to be fixed, that is done through community and communication. Spend time making people unfamiliar with the space aware that scams exist and to not send money to anyone for any reason, unless they are absolutely sure.
”For those of you saying that this needs to be fixed, that is done through community and communication. Spend time making people unfamiliar with the space aware that scams exist and to not send money to anyone for any reason, unless they are absolutely sure.Reddit welcometotheregime
I totally agree with this and hope that you do too. Let’s just keep working together to make Tron the secure network it needs to be.
For more information, please follow us:
|This article was written by the Tron Spark team. Tron Spark is a digital content platform currently serving as a Tron Super Representative. We believe that with the help of the Tron community, we can inform and educate the masses on the exciting evolution of the Tron Protocol. Join the Tron Spark team and lets get the message across!|