How to stay safe on the internet? What do you need to be careful about when creating a crypto account? How can you make your account extra secure?
We have compiled some best practices for you because your security is very important to us. Read on to learn what you should be doing to stay safe on the internet, how to securely create a new account and keep it safe and lastly some tips when it comes to various scams.
Before you make your GateHub account
Before you even create a new account anywhere you could be exposed to some risks. The top risk is to use a compromised email account. The next risk is to land on websites that could collect your sensitive information through different tricks.
Your email is extremely important for your everyday internet life and also extremely sensitive. In order to protect your email, you should use a unique, complex and sufficiently long password AND 2-factor authentication.
If you own multiple crypto accounts it is sometimes advised to create separate (but equally secure) email accounts. You should make the judgement if one email is secure enough or whether you can keep multiple emails safe enough.
Modern browsers will notify you when you are visiting an insecure site but you should still be vigilant. One of the best preventive measures is to bookmark the websites you frequent so you can always be sure you are visiting the correct one.
There are two main vectors of attack. Both start with a spoofed website that will somehow try to part you and your sensitive information like password and email.
One way is to prey on users who accidentally visit a website with a slightly different domain name (for example gatehub DOT com instead of gatehub DOT net).
The other is to send an email to you claiming you need to log in to perform an action and then redirect you to such a website.
Make sure to bookmark gatehub.net and stay vigilant for fraudulent websites mimicking GateHub.
2-factor authentication, which is mandatory on GateHub, can prevent most automated and many sophisticated targeted attacks.
When creating a GateHub account
Now that your email is safe and you are aware of the threats of spoof or phishing websites, it’s time to create your GateHub account.
Use a strong and unique password
Make sure to use a strong and unique passphrase, that is at least 12 characters long and is composed of the following: lower-case letters, upper-case letters, numbers.
Here’s what you should avoid using in your password:
- Using the same password you use anywhere else.
- Using words you can find in the dictionary.
- Using passwords shown as an "example of strong passwords".
- Personal information, such as names and birth dates.
- Using simple keyboard patterns, like "qwerty" or "12345" (particularly avoid sequences of numbers in order).
- Common acronyms.
- Using only one type of character, such as all numbers, all upper-case letters, all lower-case letters, etc.
- Repeating characters, such as mmmm3333.
You can also use password managers like 1Password, LastPass or KeePass, which will help you generate and store your passwords. You will need to learn how to use it and make sure to protect it as well (or even better) than your email.
infoUsing a password manager will make securing your accounts easier. A drawback is that in case you lose access to your password manager, you can have a hard time accessing all the accounts stored in your password manager.
It is advisable to use a password manager with a user friendly recovery method if you are prone to forgetting your passwords.
As stated above, 2FA can prevent most attacks even after your login credentials (email & password) have been compromised. Enable 2-Factor Authentication for your GateHub account and safely store the 2FA backup code (“Authentication key”).
Avoid public WiFi
Every time you enter your GateHub account, make sure you are using a safe WiFi connection (no public WiFi).
Offline storage of your keys
Make sure your GateHub recovery key and other credentials (i.e. XRP Ledger wallet secret keys) are stored in a safe place (offline storage or paper copies).
A password manager can usually be used to store information other than passwords safely.
We strongly advise against saving your sensitive information in your email or any other online storage.
Set your own unique message that will display on every system email received from GateHub to avoid falling victim to phishing emails (for more details please refer to the article Anti-phishing email security precaution).
Freeze your account
If you receive an email from GateHub informing you of an action you didn’t perform or request, we advise you to freeze your account immediately and get in touch with our support team.
When you deposit money to your GateHub account
After you have deposited funds to your account at GateHub you can start sending money, trading and exchanging and tracking your analytics. All of this is 100% safe but there is always danger lurking in the crypto space. Be vigilant of these.
GateHub uses a monitoring system of addresses tied to fraudulent activities, collected and published by XRP Forensics.
Addresses flagged for connections to malicious activities and added to the XRP Forensics blacklist are monitored through our client. GateHub will warn you when trying to withdraw to any listed address.
In addition to the wallet notification, we will regularly publish any scam alerts relating to our users on our Twitter profile. Follow us and get news, improvements and potential security alerts.
Fake emails and websites
Scammers will use fake websites (constructed to look identical to real sites), emails and instant messages to trick you into divulging sensitive information, such as usernames, passwords, recovery keys, etc.
GateHub has taken security measures to prevent this kind of malicious emails from affecting our users.
These emails may include (but are not limited to)
These emails try to make you believe that you need to log in to your account in order to perform an action. They usually redirect to a site identical to the one you actually want to log in to and when you submit your credentials, you can consider them compromised. The same goes for emails asking you to share your credentials or keys directly over email. Never share any sensitive information over email.
infoGateHub will never ask you to share your password or any of your keys.
Besides phishing emails and fake pages, there are also scams like fake giveaways, that you can usually find on social media or through emails. Do not share your information with anyone promising free stuff.
Make sure you trust whoever is issuing third-party assets for which you are adding custom trust lines. Airdrops do not require any personally identifiable information or secret keys. Never share these with anyone online. Make sure to check your tax liabilities in case of airdrops and do your own research before trusting and dealing with new tokens.
What do I do if I get a suspicious email?
First, don’t believe anything on first impression and don’t make any rushed actions. Don’t click any links and don’t share any information. We strongly suggest you do not reply to any such emails.
Second, make a screenshot of the email in question and share it with us, preferably by creating a support ticket here. Our support team might ask a few additional questions and your feedback will be greatly appreciated. If we feel the email might pose a threat to our other customers we’ll make a public warning about it.
Things to remember
To recap, here is a basic security checklist:
- Secure your email and browse as safely as possible.
- Use a strong and unique password for each of your accounts of any type.
- Use a password manager to make your life easier.
- Use 2FA whenever possible.
- Store your sensitive data like keys and passwords offline or in secure storage.
- Don’t click suspicious email links and be vigilant of suspicious emails.
For an added layer of security on your XRPL wallet, you can enable Wallet Protect. This product offers enhanced security for your XRPL wallet by using multisignature. This is a subscription based product paid in one go for a yearly plan.
Your transactions are double checked against our advisory lists using Fraud Shield. In addition to this real-time security element, Wallet Protect comes with Theft Cover by Coincover which covers potential losses from theft up to $100k in value. If by chance, you lose access to your GateHub account and your wallet’s private keys, your funds can be recovered by GateHub and Coincover.