Good & bad practices in the blockchain multiverse: Chapter 4. Community engagement

In this article, we continue with the good and the bad practices in the blockchain multiverse wherein we dive into the community engagement part.

Before we dive into the content this article is part of a series and the following list is some of the topics we will be covering. This is subject to change and likely has more content/subtopics which will be updated retroactively. At the end of this article, a summary article with links will be published for ease of navigation.

Topics:

1. Research

• DYOR
• Smart Contract verification practice

2. Wallet management

• Cryptocurrency wallet practice
• The web3 (MetaMask, etc.) practice

3. Trading

• Why the ‘trading’ topic?
• P2P, Marketplace, FOMO, Risk management

4. Community engagement (covered in this article)

• Social platform practice

Disclaimer: This article is written with an intent to help new gamers entering the blockchain space grasp general ideas about community engagement. The article is not written to provide any sort of financial advice/tip/trick or tool.

Social platform practice

The network and the community are the driving force for change and good for a project. It is based on how harmonious and interactive a community is and not on just numbers. In a thriving ecosystem, community members play a major role in the development of a project, which also involves a lot of social media content and transparency from the project.

Social media platforms have always been a gateway for establishing social communication for billions of people around the world, and today platforms based on the technology available today are attracting a lot of public attention worldwide.

Social engineering scam

When large groups of people with a common interest gather on any platform, it piques the interest of cybercriminals. Discord is no stranger to scams. The recent spate of incidents has us wondering what we can do to deter these incidents, and how do they work? That’s what we’ll dig into in this post, let’s dive right in.

A topic that has been discussed frequently is the social engineering scam. A scam that projects have unfortunately come to grips with. In this scam, Discord accounts of team members/moderators or admins are compromised and many links are spammed that are actually phishing scams.

Compromising existing user accounts can aid attackers in circumventing these server protections since existing accounts will often be members of servers already. Access to such servers gives them the opportunity to post phishing messages within the text channel and send direct messages to other server members. What makes this even more effective for social engineering is the fact that Discord servers are often dedicated to a specific topic and are trusted sources. This allows attackers to craft their message pretexts with a specific audience in mind, increasing the chance of success.

Additionally, existing users will often have contacts within Discord that may be more likely to trust them, thus increasing the chance of success for further social engineering attacks. These further attacks can either be aimed at compromising more Discord accounts or at achieving additional goals, such as financial gain.

Now that we have established what it entails, how does it work?

1. Firstly, the scammer sources a target from your team members.
2. Then goes into the server where the target is.
3. Following that, the scammer convinces Discord moderator/administrator to ban the target by impersonating the target, they pretend to scam members from the other account.
4. Once the target is banned, the scammer impersonates the mod. They reach out to the target.
5. The scammer asks the target to prove innocence. Proving they see the target is banned, the target easily believes the scammer is the official mod.
6. Social engineering starts for the scammer, creating fake photoshopped discussions with other members of the Discord team members about the target’s ban.
7. The scammer proceeds to get on a Discord chat with the target, asking the target to screen share and telling them to open the inspect element by pressing CTRL + SHIFT + I. Inspect element has a Discord token where scammers can take full control of the target’s Discord account.

The best protection against social engineering attacks is knowing that they can occur and stay suspicious of messages, links, or server invites. This will also be the last line of defence if all other preventative measures fail and a malicious message gets through to the members. We’ll describe several preventative measures later in this article.

Crypto giveaway’s

The scam lures victims on Discord’s cryptocurrency-related servers by sending a private message that looks like an ad for an upcoming trade platform or project giving away cryptocurrency, and it deploys social engineering tactics to drive sign-ups.

In the Discord scam, the fraudsters attempt to first placate the victim by filling the unsolicited message with fun emoji and detailed instructions for a pleasant message, and a code, for accepting the digital currency gift. The message provides a link for registering on the cryptocurrency exchange website or project website.

Victims are told to register with the exchange/project website and enter the “promo” code, offering up personal data in the process, and either make a small cryptocurrency deposit or go through a fake KYC (Know Your Customer) identity to check the complete process. When victims try to claim their free crypto, they are asked to top up the account with an amount such as 0.01 BTC or the equivalent in UDST or US dollars.

After the deposit is made, you want to claim your reward, right? Claiming the free crypto seems to work, the user’s exchange account is credited with the promised amount, but when a payout attempt is made, it fails and thus the user has been scammed. Here the scammers have access to the victim’s personal information and can sell it on the black web. Moreover, after a month the website will have completely changed domains and all data will have been deleted and transferred to another domain, this way they will have a clean slate and the cycle will repeat itself.

Server security tips

So, what can we do to prevent these scams from happening? That’s largely down to Discord, and we hope that the company continues to implement anti-spam measures, but that doesn’t mean that there’s nothing you or we can do to make our experiences on the platform more secure. Let’s run through some of the ways you can keep your profile safe.

• Safe Direct Messaging: This will scan all images and videos sent to the user via direct messages and block potentially undesired content. While not directly aimed at preventing phishing.

• Server Privacy Defaults: This option sets the default value for allowing direct messages from users that have at least one common with the user. Disabling this option will reduce the risk of receiving phishing messages.

• Who can add you as a Friend: This option defines who can add you as a friend. Any user that adds as a friend will be able to send you direct messages, regardless of the previous setting (#2). Disabling the “Everyone” option can help prevent social engineering attacks but may also prevent legitimate friend requests.

Two-Factor Authentication

Activating 2FA (Two-Factor Authentication) is a relatively simple process, and doing so secures your account better than a single password alone. Not only that but 2FA is also required for some Discord servers or using admin privileges.

Recommended and used frequently, 2FA’s act as another defence against hackers and scams, more information is asked of the user. Phone lost or stolen? No one can access the verification code without knowing your mobile phone password to open the verification text or authenticator application.

In addition, the authenticator app can also be made more secure by enabling face-id recognition.

Alignment

In recent weeks we have published several articles that should give a good overview of the good and the bad practices in the blockchain multiverse. You can break this crazy and interesting world down into different topics as we have done over the past few weeks. For ease of navigation and clarification, we will list them below:

• Research: This article explains how to do research so you can be ever more alert and avoid the pitfalls of the multiverse.
• Wallet management: One of the first things to understand with cryptocurrencies is how to protect your funds and prevent potential hacking issues and fraud. This article gives more clarification on this.
• Trading: Here more light is shone on the subject, Trading. We will explain the basics of trading in the blockchain space as clearly as possible.
• Community engagement (covered in this article): The focus of this article is the prevention of scams on the well-known platform Discord, where crypto scams happen on a daily basis by users who unknowingly give access to their wallets. We hope to shine some light on this by explaining the scams and giving security measures that you can apply for the sake of your own safety.

We hope that these articles can act as cornerstones in the adventure in the blockchain space and that you have learned something from them.

Furthermore, we would like to point out that we have written it from a general perspective and do not have the intention to give financial advice. These articles are written with the intention to help newbie’s in the blockchain multiverse with their start in this interesting yet dangerous world.

And that covers everything. We hope this article has given you more insights into the crypto world, and if there are any questions, don’t hesitate to join our Discord community and fire away!

Follow BlockRaiders on social media:

Website: https://blockraidersguild.com/
Discord: https://discord.gg/xJXt7BjuPq
Twitter: https://twitter.com/BlockRaidersG
Medium: https://medium.com/@blockraiders
Facebook: https://www.facebook.com/profile.php?id=100025530318287