Keep up your basic securityHere are some basic rules for securing your user account.
- Enable two-factor authentication, either by mobile app or paper codes. More than 99% of the attacks against you can be prevented with two-factor authentication. It takes only few minutes to set it up.
- Do not share your password across different websites.
- Do not publish your email address, associated with your LocalBitcoins account, on any website. Do not get involved transactions outside the LocalBitcoins site messaging, e.g. in Skype. The malicious users often use these channels to circumvent the security features present on LocalBitcoins.
- Do not use the website from a shared computers or devices, like ones in public internet cafes, as they may have keyloggers installed to steal your user credentials.
- Always when logging in to the website, read the browser address bar and check that you are logging into https://localbitcoins.com and not a phishing domain. Make sure the spelling is localbitcoins.com exactly, as the phishers, especially email phisheres, often register domain names resembling localbitcoins.com domain name.
- If possible when accessing user accounts with Bitcoin wallets, do this from a dedicated computer you have reserved for financial tasks only. Do not use this computer for other tasks. Do not install third party software and browser addons you cannot trust 100%. This greatly reduces the risk of getting malware infection on the computer.
- Keep most of Bitcoins safe offline in a cold wallet. We recommend specialized Bitcoin wallet applications like Electrum for this purpose.
New LocalBitcoins security featuresWe have rolled out some new user facing security features this week.
- You cannot use the same LocalBitcoins logged in session across different IP addresses. This prevents session hijacking attacks against LocalBitcoins users, but may also cause minor inconvenience for the legit users. This is especially case if you use LocalBitcoins on a mobile device where your IP address may change often.
- LocalBitcoins may interrupt your normal website actions in the case there is a chance that the action might not be started by the legit user account owner. In this case you will get an email verification to ensure that it was you who really wanted to perform the action.
Some latest security threads affecting Bitcoin usersHere are some latest threads Bitcoin community has found targetting Bitcoin users. Keep your eyes open for these.
- Chrome extension stealing your Bitcoins by modifying the Bitcoin transaction receiving address secretly.
- Rooted iOS devices (iPhone, iPad) are subject to malware attacks which may also steal Bitcoins (though no evidence found yet).