# Discord = Stay Safe By [CurryFish](https://paragraph.com/@curryfish) · 2022-03-15 --- Discord, where NFT life happens. Be Safe. ----------------------------------------- It enables easier exchange of information, collaboration and community building. While there will also be new software being developed and may potentially even replace discord, in the short term (and possibly very long term), all key members of NFT project need to be familiar with the security and safety associated with this tool. The team are the first line of defense to prevent members from being scammed (or themselves to be scammed), here are the basics: ### Topic #1: Social Engineering This is a common method where scammers attacks occur through human interaction. A person can be manipulated into making mistakes or give away sensitive information, resulting either personal or project wallet being compromised or discord account being compromised, allowing malicious user to expand the scam to all the other member in the discord. This is a very common attack method, with many message being sent by members or strangers shilling new projects, stealth mint or collaboration requests. Keep in mind, this could happen outside of personally project discord in other project discords, once the Mods or Admins unknowingly click on links, it is possible to comprise their accounts. (e.g. grant attack access to use their discord account to publish scam links, fake verify/collabland bots to comprise wallet if signed) Examples: 1. DM from unknown or known member asking to check out this link. 2. DM from unknown or known member offering you “paid MOD job” by joining another discord. 3. “Free Mint” links in the community channel. 4. “Raffle” links in the community channel. 5. In a compromised discord, fake announcement, fake collab land, fake verify bot (e.g. captcha) 6. DM from unknown or known member asking the user to check out this project (links to their website or links from twitter). There was a known scam where bookmarking a malicious page can compromise discord account through some sort of webhook. There are many known cases on Twitter, we can have some case study cases in the future to go through these and learn. ### Topic #2: Phishing Related to the Topic#1, but Phishing is the main threat in cyber security in the form of malicious email or links. The usual forms are from impersonating emails that looks legitimate (e.g. opensea, fake link from users). They present a link to the user which opens like look-alike or cloned site to trick the user to give them the passwords or other personal information which could give them access to wallet or discords. ### Topic #3: Free Gift Codes Pretty obvious, when someone wants to gift you something, especially someone you don’t know well, watch out. Usually comes in DM or random posts online. Even well known community members that offer to give you these codes, make sure to verify the link before clicking on it. Again, anyone can be compromised to work the way up. ### Topic #4: Disconnect from sites after Mint There have been report of vulnerability in projects that have minted out, but their minting d-app is still left “online”. When the security become outdated, hackers may gain backdoor channel access giving them access to wallets that have not disconnected after minting, since the approval token generated to mint can still be open and valid. This is a personal wallet protecting people (including me) forgets sometimes. ### In Summary, how to stay safe? 1. Strong password, though, since we use the same password in many places, may want to generate a unique strong password for discord ADMIN/MOD account. (reminder: don’t save password on computer…) 2. Enable 2FA. This really helps if someone got your password & email address from another compromised site. (e.g. my bank) 3. Never click on links from suspicious sources, and stay diligent with links from known sources. Check the URL! (e.g. i vs cap I, lower case l vs cap i, 0 vs o or O) 4. If somethings looks too good to be true, it is probably a scam out to get you. Or those tempting offers. (human FOMO emotion) 5. Lots of suspicious Discord servers out there, be very careful with links in there. (e.g. verify the collab land, captcha bots are official bots instead of fake ones.) 6. Instead of opening links from DM or email, go directly to the official website, or if doing research for collab, use burner laptop/tablets which doesn’t have any important app installed. 7. For personally protection, use hardware wallet as a hot wallet to mint, then create a cold wallet address to store valuable items, use MM software wallet for snipe. 8. Disconnect sites from wallet after mint. (or at least weekly) It is a good idea to revoke any token approvals if no longer necessary. Please let us know if you have any questions or suggestions in our discord. Cheers! Learning is discovering, uncovering what is there in us. Twitter: @StudyNao\_ --- *Originally published on [CurryFish](https://paragraph.com/@curryfish/discord-stay-safe)*