So..

In December, I received a direct message that caught my interest.

My curiosity, trust, lack of caution, and still-growing experience in crypto led me to download an app that ended up compromising my MacBook. The scammers gained access to all of my data — including, eventually, my MetaMask and Phantom wallets.

Here’s what I did — and what I should have done more:

1. I checked the website where I downloaded the app — but not carefully enough.

→ Pay attention not only to how the site looks and what info it contains, but also to how links behave and where they actually lead.
If a website says the app is available for iOS or Android, there should be an active link that takes you directly to the app store.

2. I asked if we could move the conversation to Zoom or another platform, but I quickly gave up and didn’t insist.

→ Remember: if someone genuinely wants to communicate, you’ll find a platform that feels safe and comfortable for both sides.

3. I asked a mutual follower if she knew who the account belonged to. She didn’t , “If you’re careful, maybe try.” But I wasn’t careful enough.

→ Keep in mind: we don’t really know everyone here personally. Even if your friends or top accounts follow someone — that’s not a guarantee.
Ask more questions. Don’t be afraid to look overly cautious or paranoid. Ask around in chats, groups, or among more people if needed.

4. If possible, use a separate device — one that’s not connected to any of your wallets or sensitive data — for this kind of communication.

→ I had an old laptop nearby… but I only realized after the fact that I should’ve used it.

SUMMARY

1. 🚫 Be cautious with DMs

• If someone messages you “for business” from an unfamiliar account — stay alert, especially if they offer a “collab,” “drop,” “beta access,” or “investment opportunity.”

2. 👤 Check profiles

• Don’t judge based only on follower count or a polished bio.
• Real Farcaster users are usually active, participate in casts, and engage openly.

3. 🧩 Don’t click suspicious links

• Even if you get a link to something like Google Meet, Notion, Mirror, or IPFS — always verify it manually first.

4. 🔗 Verify people and projects through the community

• Ask in casts: “Has anyone worked with this project?”
• Tag trusted members to confirm or deny.
• Don’t hesitate — in Web3, trust is built through transparency.

5. 💬 Be wary if someone pushes a specific format

• If a person insists on using only their link, only Discord, or refuses to accept your meeting links — that’s a red flag.
• Real people are usually willing to meet halfway.

Final note:

“Trust, but verify.”

Be open — but not naive.