logo

Tips for Staying Safe

Practical, real-world guidance to help you stay safe online. Learn how to recognise modern scams, avoid common traps, and protect yourself at the exact moments attackers try to exploit trust and urgency.

Michelle Chen

June 3, 2025

Productivity

No-Bullshit Tips for Staying Safe Online

Most security advice is either outdated or unrealistic. You do not get hacked because you forgot to update Flash. You get hacked because someone convinces you to do something under pressure. These tips focus on the moments that actually matter.

This is practical advice. No fluff. No theory.

1. Assume Urgency Is a Weapon

If someone pushes you to act fast, stop.

Scammers rely on urgency because it bypasses judgement. “We need this now”, “just run it quickly”, “your account will be locked”, “we are on a call waiting”.

Real companies do not pressure you to skip safety checks.

Rule: urgency equals pause.

2. Never Run Untrusted Code on Your Main Machine

If you are asked to run code you did not write or fully understand, do not run it on your primary device.

That includes:

  • Interview take-home projects

  • Demo apps

  • GitHub repos sent by strangers

  • “Quick tests” during calls

Use a virtual machine, container, or throwaway environment. If that feels like too much effort, that is exactly why attackers ask.

3. Read Before You Run, Even Briefly

You do not need to audit every line, but you must scan for dangerous patterns.

Search for:

  •  scripts
  • Obfuscated or minified source code outside dependencies
If you do not understand what a piece of code does, assume it can do anything.
4. Treat “Looks Legit” as Meaningless
Clean repos, nice READMEs, recent commits, real websites, LinkedIn profiles, even video calls mean nothing anymore.
Attackers invest heavily in looking professional. That is part of the attack.
Legitimacy is proven by behaviour, not appearance.
5. Separate Machines by Trust Level
Your main machine holds your life:
  • SSH keys
  • Passwords
  • Cookies
  • Wallets
  • Access tokens
Do not mix that with experimentation.
Have at least one separate environment for:
  • Running unknown code
  • Testing demos
  • Interview tasks
  • Side projects from people you do not fully trust
6. Be Suspicious of “Too Convenient” Offers
High pay. Low hours. Flexible schedule. Vague scope. Immediate start.
These offers exist, but they are also perfect bait. Especially when combined with a request to run something locally.
Ask yourself why they are in such a rush.
7. Antivirus Will Not Save You
Modern attacks do not look like malware.
There is no malicious file. No known signature. No exploit.
You are the exploit.
Do not assume your antivirus will warn you. It will not see social engineering, fake demos, or dynamic payloads fetched at runtime.
8. Do Not Trust the Call Just Because You Are on a Call
Screen sharing and video calls create false trust.
Scammers use live calls to apply pressure and reduce your time to think. They hope embarrassment or politeness will override caution.
It is always acceptable to say: “I will review this offline first.”
If that causes friction, that is a signal.
9. Protect the Moment, Not Just the System
Most damage happens in a short window:
  • Before credentials are submitted
  • Before code is executed
  • Before access is granted
Security that reacts after the fact is already too late.
You need awareness at the moment of action, not reports afterwards.
10. Paranoia Is Rational Now
This is not pessimism. It is adaptation.
Attackers are professional. They use AI. They target people, not systems. They will keep improving.
Being cautious does not make you slow. It prevents you from losing everything in seconds.
Final Thought
If one rule sticks, make it this:
Never do something irreversible under pressure.
Pause. Think. Verify.
That alone will stop most attacks.
Stay Ahead of the AI Curve
Join our newsletter for exclusive insights and updates on the latest AI trends.