Safety & Security
Being part of our amazing community provides a number of positive experiences. Unfortunately however, there are those who do not share our Community Guidelines and may seek to take advantage of new ZED RUN stable owners.
This information below is to provide you with helpful tips on how to stay vigilant and aware of key security steps to protect your accounts, ZED RUN and beyond. Also included are examples to help you avoid being taken advantage of so you can identify how others may attempt to access your account or personal details.
Two-factor authentication, often known as two-step verification, is a security feature that adds an extra layer of security to your online accounts.
Use two factors to authenticate your identity instead of just one (such as a password alone). Instead, use your password and a One-Time-Password (OTP) sent to you through SMS or email.
An authenticator app is one that adds two-factor authentication (2FA) to accounts that you want to protect. When you enable 2FA on your account, you will be given a secret key to enter into the authenticator app. This creates a secure link between the authenticator app and your account. Once this secure connection is established, the authenticator app will generate a 6-8 digit code required to access your account, similar to the access code emailed to you by a website.
Social engineering is the art of persuading people to reveal sensitive information. The types of information sought by these criminals vary, but when individuals are targeted, the criminals are usually attempting to trick you into giving them your passwords or bank information, or accessing your computer to secretly install malicious software–giving them access to your passwords and bank information as well as control over your computer.
Social Engineering attacks can take many forms. One example is an email or SMS from a trusted source Using a compelling story or pretext. These messages may:
- Urgently ask for your help
- Present a problem that asks you to verify information
- Notify that you’re a winner
- Pose as a person you know
- Use phishing attempts with a legitimate seeming background
Another example is baiting scenarios. These schemes are often found on Peer-to-Peer sites offering a download of something like the latest new movie. But the schemes are also found on social networking sites, malicious websites you find through search results, and so on.
A third example is a response to a question you never had. A representative will reach out with the need to ’authenticate you’, have you log into ’their system’ or, have you log into your computer and either give them remote access to your computer so they can ’fix’ it for you, or tell you the commands so you can fix it yourself with their help–where some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.
If you think you may have clicked a link to a malicious website or scanned a malicious QR code, we recommend you update passwords to your email accounts IMMEDIATELY if possible or create a new email account and MetaMask Wallet. Enable 2FA if not already enabled.
✅ Enable 2FA on your email and Discord account.
✅ Set your spam filter to HIGH through your email settings.
✅ Enable authentication app such as Google authentication or Authy, and make sure you have a backup way to access these if you lose your phone.
✅ Never reuse a password and use a password manager app. A password generator or manager like 1Password or LastPass can make life easier.
✅ Write down your passwords to your accounts and store in a secure location.
✅ Always check URLs and email address to ensure emails you have received are from legitimate user accounts.
❌ Do not click on unknown links.
❌ Do not send sensitive account information to your email address (i.e. don’t email passwords to yourself).
❌ MetaMask does not require an email address to set up a wallet. So be cautious when you receive an email regarding your account.
✅ Write down your seed phrase and private key and store it in a safe place.
✅ If you have a large amount of ETH or tokens look into investing in a hard wallet.
✅ Make sure your wallet app or extension is the official one.
❌ Do not screen share your MetaMask account with any support services.
❌ MetaMask do not get users to fill in a Google form for support issues. Please lodge a request directly through their website. The same thing applies to Twitter comments.
✅ Enable 2FA for your account via email and mobile number, and write down your Discord backup codes. Change your password frequently.
✅ Write down account details and passwords and store offline in a secure place.
✅ Check your privacy settings and ensure you have your DMs turned off.
✅ Only click on official links to website and marketplace collections from within the discord server channel for the community.
✅ When verifying assets through verification bot within a discord server always check the URLs are correct.
✅ When interacting with other members within discord always check you share the same server with the individual. You can click on their profile and view ‘Mutual Servers’.
✅ Always check official announcements channels for updates on the project.
✅ If you DO somehow click on a link in a DM and realise it’s not legit - the best thing to do for your account safety is to immediately change your password. If your account is compromised, changing your password ASAP is the only way to recover it or prevent it from being permanently banned from Discord.
❌ Do not accept friend request from people you don’t know
❌ Do not click on any unknown links - this includes from people you know, as their account may be compromised as well. ALWAYS check with them that they know what the link is before you click on what they’ve sent, and that you’re really talking to your friend!
❌ Do not share your seed phrase with anyone, ever. Don’t type it into ANY websites.
❌ Do not screen share your Discord window with anyone - if you get a message that appears to be a mod from a server saying you were banned and need to ‘prove’ that you did/didn’t do something, but you need to screenshare - do NOT proceed.
✅ When viewing collections on OpenSea make sure they are the official links to the collection through #official links channel from the community Discord or Twitter.
✅ When purchasing or listing via OpenSea try to limit contract approvals and always check contract addresses to what you are approving through your wallet. You can check which sites you’re connected to in Metamask, via the Token Approval sections for Etherscan and Polygonscan, and on revoke.cash (ETH only).
❌ Do not log in or click on anything that is not from the official OpenSea website.
Last modified 10mo ago