lots of sophisticated phishing attacks going around lately. all of these have been attempted on me. sadly seen a lot of cases where people did lose funds in these ways:

- real person (hacked) you've interacted before DMs you on TG and asks to catch up, send a zoom, looks like a real-ish zoom URL, asks you to download a client to "fix" audio, everything drained

- credible/real news org DMs you out of the blue on their official X account, asks for an interview, send you to a (fake) TG account, sends the (fake but real-looking) zoom link. this has happened to me with (major) news orgs that didn't even know they were hacked

- one of your "colleagues" asks for funds via email, email looks real, but headers are faked

- blitz of messages saying your coinbase has been hacked, yadda yadda, "support" calls and asks you to move your assets to a temporary address with some time pressure ("the "hackers" submitted the transaction but you still have time!")

general rules of thumb (not exhaustive)

- use @CasaHODL

- use @River for a custodial option

- don't keep a ton of funds on browser wallets like m*tamask or ph*ntom

- don't google crypto platforms and click the first link (hackers buy ads to put fake links in there)

- secure everything, not just wallets. this includes google, telegram, icloud, etc.

- don't answer phone calls from "support". hang up and call back on the official support line if you have to

- don't trust anything you hear on the phone especially if you're being pressured to do something

- don't answer calls from unknown numbers even if they seem like they're from "Google" or "Coinbase"

- be suspicious of emails or DMs from your "colleagues". know that email headers can be faked (ask AI for help analyzing headers if youre suspicious)

- double check that DMs from "friends" are real and they haven't been hacked

- make sure you have physical 2fa + authy/google authenticator on everything

- avoid SMS based 2fa wherever possible