Well, one of the things I see most in airdrops are malicious profiles and doubts about security. Personally, I always give the same tips: your security starts with permissions and signatures.
Many people (the absolute majority) fail in these aspects by allowing and signing contracts with just one click. But, in my view, spending 2 minutes when accessing a site ensures avoiding many simple losses.
How to use permissions when connecting a wallet to a site?
1- Never allow automatic transactions. The only access permissions in transactions should be to check balance and suggest transactions. Never allow access greater than that.
2- Always authorize permission ONLY on the network you are going to use on the site. This minimizes damage in case they manage to send a deploy.
How to sign a contract?
Signatures can be of login certification, ownership, transaction confirmation.
1- Access signatures, or proof of ownership comes with a clear text about what is being signed or just a confirmation code on the network. Never sign an access that:
Have any extension like a website address, a file name...
Have clearly programming codes
Have something like I allow the use according to: followed by an ineligible title.
2 Transaction signature must contain: transaction amount and gas fee.
Do not sign if there are commission requests on the transaction. (You pay 1 dollar and have a commission of 10000% withdrawing 1000 dollars from the account for example)
Well, that's the basics. But of course, never stop checking who is sending you links, and believe me, everything that seems too good to be true has a 99% chance of being a scam.