Only seek out support from official GameStop support
You should only contact support directly from https://support.blockchain.gamestop.com. GameStop Support agents, Admins, and Moderators on Discord will never message you first for any reason.
Do not share your wallet's private key or recovery phrase
Your wallet's private key and recovery phrase should be treated like your credit card, ID, bank account and routing numbers. These numbers and phrases are what a hacker would need to take your assets away from you. Do not trust anyone with this information, even someone claiming to be a GameStop Support agent.
Do not fall for fake giveaways
Don't fall for the classic bait-and-switch scam where an attacker sends you a message saying "For a limited time, we have this surprise NFT airdrop, by [Well known NFT artist here]! Click here to claim yours!" The message may be coming from an account with an official-looking profile picture (PFP), and they may have set their nickname to mimic that person or organization. If you see any of those links come up in your inbox, first check to see if you have mutual servers in common with the user. If so, this is how they found you. Screenshot the message, delete it immediately, and report the screenshot to a moderator or admin of the server you have in common with the attacker. This will help the moderators to keep your servers clean of attackers as best they can.
Beware of scammers impersonating GameStop Employees, and employees of other trusted organizations
Don't give out your private keys or passwords to anyone claiming to be affiliated with a company you know. Be suspicious of any request for personal information like passwords, pin numbers, etc. Any message asking for your password should be considered a scam until proven otherwise. GameStop will never message you first, meaning we will always wait for you to come to us - we will not reach out to you. GameStop will never ask for your passwords, Private Keys, Secret Phrases, or any other personal identification information.
Don't click on links in emails or instant messages unless you trust the sender.
Always make sure to open attachments only when you're ready to read the entire message. Attachments can contain viruses, malware, or spyware that could infect your computer and steal your personal information. There are types of malware that look for private keys, Secret Phrases, and wallet credentials from browser wallets, desktop, and mobile wallets. Never send private keys, Secret Phrases, or passwords via insecure text message or email.
Make sure your wallet app or extension is the official one!
There are copycats of known popular wallets which are designed to trick you into providing your secret recovery phrase or private key. Only download wallets from the official website associated with that wallet.
Never reuse passwords or passphrases across multiple accounts.
A hacker who breaks into one account can often gain access to other accounts using the same login credentials.
Use strong passwords!
Password managers are great tools for creating unique, complex passwords for every account you have. It's important to change your password periodically so hackers don't have time to crack your old ones.
Keep your software updated.
Software updates are a vital part of keeping your computer and phone secure. Always update your operating system and apps to the latest versions available.
Beware of fake social media profiles.
Scammers often impersonate known Facebook, Twitter, Instagram, and YouTube accounts to lure people into revealing personal information. Do not click on links or follow any suspicious accounts.
Use Two-Factor Authentication (2FA) whenever possible.
2FA adds an extra layer of security to your online accounts by requiring you to enter a second code each time you log in. Some services offer an option to enable 2FA automatically for all your accounts, while others require you to manually add the additional step to your login process.
Use a hardware wallet.
Hardware wallets are special devices that store your cryptocurrency offline. They are tamper proof, meaning hackers cannot steal your coins as easily, but you're still responsible to keep your Secret Phrase a secret.
Pay attention to every signature request and smart contract approval.
Scammers sometimes will create websites with fake wallet popups, requesting signatures or approvals for contracts that appear legitimate but are actually scams designed to collect your password or Secret Phrase. When signing a contract, always verify the source of the message and be careful that it's coming from your official wallet and not a fake wallet designed to look the same.
Don't share your personal information with strangers.
Don't give out your real name, address, phone number, email, or any other personal details to anyone you don't know or have never met. Avoid cold emails and downloading files from strangers without knowing anything about them. Hackers can use your personal information to steal your identity or commit fraud against you.
Report any suspicious activity to your local law enforcement or a trusted friend or family member.
If it seems too good to be true, it probably is. If you think you've been a victim of a phishing scam, please contact the authorities immediately.
Beware of pump & dump schemes
"Pump and dump" schemes are used by scammers to artificially drive up the price of an NFT. This often occurs when a trader or group of traders perform "wash trades" to buy and sell the NFT to themselves at a higher value. This increase in price usually followed by fake PR on social media, where the scammers hope to get more attention to the NFT from outside buyers, who will fall for the scam by thinking the NFT is valuable and in-demand. You should always look at the transaction history of an NFT that is being hyped on social media. It may be indicative of a pump and dump scheme to see several transactions occurring at the same time.