For the sake of simplicity I'm only going to cover stuff that involves a scammer receiving your crypto through unjust means. I won't talk about ponzis here but if someone wants to cover that in the comments feel free :) This is also super condensed, I've probably missed some bits but this is the main stuff I think all beginners should be aware of!
Given the dip, there's definitely vultures out there trying to use the fear to convince you to send over your crypto to get them gains back. Lets not give it to them
Rule of thumb: if it sounds too good to be true, it is too good to be true
Security
There's loads of good practice security things you can do to keep your crypto safe! Most stolen funds are down to human error so by simply educating yourself you remove 90% of the danger. So lets get into the things that can make a difference.
Keeping your seed phrase off the digital space (hand written, on metal, etc). On a phone wallet the only place you want to enter your seed word is on your wallet app, no notes and no password vaults. I actually quite like electrum for this point as it has a keyboard on its phone app rather than using the phone keyboard. If you have a hardware wallet, only enter your seedword through the actual device.
Running anti virus programs on your devices. Pretty self explanatory, you dont want malware spying on your every move, changing your copied and pasted addresses to their etc etc. Never download anything without background checks regularly update the anti virus.
New address for every transaction (you are less of a target). This basically makes it near impossible for people to see how much crypto you own. Not an issue for privacy coins like monero but definitely a risk with ETH, BCH etc
Setting up passphrases. Bruting 12 words is hard, 24 words is even harder. Bruting any number of words from a limited list THEN adding a random word on top of that? Near impossible. Do your reading on this though! Adding a passphrase to an existing wallet creates a new wallet and you have to move funds manually so BACK IT UP!
Setting up 2FA on any exchange accounts. Its too easy to hijack a phone number for SMS confirmation. Use 2FA. It resets the code every 30 seconds or so and ensures no one can access your accounts without having physical access to your phone AND all your passwords for your exchange accounts. The more bits and pieces someone needs to get to your crypto, the harder it is.
Escrow is never a bad idea. I know the point of crypto is to be trustless, no need for a third party etc, but if you're dealing with a transaction with someone who has no reviews/digital paper trail showing credibility, get a trusted third party involved. LocalBitcoins and Paxful have these services built in, theres forums (bitcointalk) with recommended users for escrow based on good reviews, basically shop around, reviews are your friend. Obviously this point is mainly relevant to online transactions but either way, if you arent 100% sure about who youre sending money to, get reviews on them, if you cant either dont so business with them or use escrow.
Scams
The most common scams are ones asking for your details. Usually this means asking for your seed words, as soon as theyre entered, your funds are stolen.
Fake websites: we've all heard of the poor people that go onto the trezor site or ledger site, are told to type in their seed words then suddenly their funds are gone. Yeah. Thats because the site is fake. A key thing to note is hardware wallets do not interact with fake websites, if the screen on the device doesnt prompt you to take action its safe to assume the site is fake. Check the url and try again. Its filthy of them to do and even long time crypto users have fallen for it, do what you can to avoid it.
Fake giveaways: so you know those youtube videos with Musk/Bezos/any rich public figure saying if you send them 1BTC they'll send back 2BTC. Yeahhhh no, it isn't happening. They'll take your money and that'll be that. Trust me you don't want to send your money anywhere that isn't an exchange, your secure private wallet, or the wallet of someone selling you goods/services and even the escrow is a good idea.
'Investment' schemes: this is your standard scammer DMs you either to tell you to invest through them for xyz gains, invest money into 'cloud mining' or invest with some market genius. All lies. Don't do it. If someone DMs you about crypto and asks if you want to make more, they're most likely going to try and sweet talk you into their scams. On this sub we always advise noobs to ignore crypto DMs for a reason. Anything they can say privately they can say publicly for the community to call out if its dodgy.
Social media links/emails: pretty much they'll provide you with some sort of sign up something, assume you use the same password for everything and access all your account that use your same email and password. If you use the same password for everything and don't have 2FA on exchange accounts your crypto can very easily been stolen this way.
Stuff
These are just things that will hopefully make your crypto experience a lot smoother
check the address you're sending to!! Its overkill but I check mine 5 times before sending, i take a picture and compare the addresses side by side, then read it forwards, then backwards, then split into segments of 4/5 characters, then final check, then send. I know that's excessive, but I refuse to send my funds to the wrong place. I'm not over invested, but the value growth is more than I could bare to lose
Send a small amount to test the address is correct. This isn't viable with high fee coins like BTC or ETH but if you're literally sending thousands+ then it really doesn't hurt to lose a bit of value to ensuring you aren't sending all of your stash into the void.
I think I've covered the basics! Just with the influx of new users I figured if this even helps one person then I've put some good into the world lol. Anything to add in the comments, please do!! We could all probably do with the reminder to brush up out security every now and then.
