A recent phishing attack committed on the popular NFT marketplace, Opensea, resulted in an estimated $1.7 million stolen from the site’s users.

A phishing attack is essentially when a hacker or malicious actor attempts to get site users to do a “wrong thing.” That “thing” could take the form of anything from clicking a bad link that downloads malware to ask for your password with an official-looking (but fake) email or direct message.

While we have not received any reports of any fraudulent activity from our users or social media followers, given that safety and security in relation to NFT marketplaces are in the news, Third Act thought it might be helpful to preemptively underline some points and offer tips about safety and security when it comes to using an NFT marketplace:

Password Security

CNBC recently ran a story about the 20 most common passwords shared on the dark web. 

Quick aside, the dark web is essentially an internet that’s content isn’t indexed by search engines and needs to be accessed by special software. Lots of illegal stuff goes on in the dark web, including hackers sharing and selling passwords. 

Whether you’re shopping on Amazon, streaming on Netflix, or buying NFTs on Third Act, a strong password is always a good idea. Below are some simple tips for password security:

  • Never use personal information.
  • Use a nice mixture of letters, numbers, and special characters.
  • Avoid using real words.
  • Make it long.
  • Never repeat passwords. This means don’t use the same password for two sites.

Google’s password manager will often suggest passwords to use that follow the above tips. But it could be fun to mash a bunch of keys together to create your own. Or is that only our idea of fun? 

Whether mashing the keys is fun to you, or you just want to go the Google-generated route, a strong password is one of the first steps toward staying safe while participating in the NFT world.

We Will Never Ask for Your Password 

Speaking of passwords, we will never email or DM a user asking for their password. 

While on the site, you may be asked to reenter your password depending on browsing time and inactivity, but no one from the site will ever reach out to you directly and ask for your password. 

The same goes for account information. We will never ask via email or social media DM for credit card information, addresses, or any personal information. Basically, unless you contact us, don’t expect any sort of email or DM from us, other than newsletters if you signed up for them (which you should sign up for them if you want the latest NFT drops, auctions, and news).

Fake Emails and Websites

Every email address associated with Third Act will have the domain @thirdact.digital. Emails without this address should not be opened and marked as spam. 

Along with this, there have been some reports of other NFT marketplaces being cloned and hosted, tricking users into thinking they’re the real thing and entering valuable information. While this is rare, it is important to remember that the domain for Third Act will always be thirdact.digital.

Fake Customer Service and Support

Other NFT marketplaces – and online businesses in general – have experienced instances when people attempt to impersonate their customer service or support team. This can happen through email, Twitter, Instagram, and Facebook. 

While Third Act users have never reported any such cases, it’s always a good idea to remain vigilant. If you receive a message and it did not come from an official Third Act account, then it is fake. While we don’t expect this to happen, if you do happen to receive an email or DM that seems fake or malicious, please contact us at hello@thirdact.digital.

If It Seems too Good to be True, It Probably is

While the above applies to NFT marketplaces and the general web, this one is more focused on being secure and smart when navigating an NFT marketplace. 

There are plenty of headlines about million-dollar NFT sales, but they’re actually rarer than you would think. Most NFT sales are actually come out to under $200. Unless you’re already a billionaire, which in that case, congrats, selling an NFT for hundreds of millions is tantamount to winning the lottery. Winning the lottery is, of course, unlikely. And so is someone wanting to give you hundreds of millions (or even hundreds of thousands) for one of your NFTs.

While it of course CAN happen, statistically speaking, it’s probably not going to happen (sorry to burst your bubble).  

So, if you see an email or message from an unverified account telling you that they want to buy your asset for $10 million, it might be worth taking a second and thinking twice before clicking on that link or giving out your banking info.

Common Sense FTW

This brings us to the last tip to be safe while using our marketplace. Your common sense is probably the ultimate tool in the fight against fraud. Something seems off, fishy? It most likely is! Think about it this way, an NFT marketplace is no different than any other website. Treat it the same way. If you wouldn’t share something with someone you only know from Twitter, don’t share that same thing when it comes to NFTs. If you think an Amazon customer service rep reaching out to you directly to tell you that you’ve one a ten-thousand-dollar gift card seems a little suspect, it most likely is! 

Common sense is a great tool to use, not just when you’re browsing NFTs, but when you’re on the internet in general. A good rule of thumb is, would I do this in the real world? If someone came up to you on the street and said, “You just won three thousand dollars. All I need you to do is give me your wallet,” most likely you would not give it to them. The same goes for the digital space. If someone asks you for your banking info, don’t give it to them. Common sense FTW! 

Remember, collecting NFTs should be fun, and we don’t want to scare anyone. But the truth of the matter is that there are some people who want to ruin the fun for everyone else. Don’t let them! Keep the fun in NFTs by following these tips and tricks for a better Third Act experience.

Leave a Reply

Your email address will not be published.