Newbie DO'S and DONT'S?

[RodeoX]

Don't use online wallets

So your saying not to use coinbase? What exactly is wrong with using coinbase if you transfer the bitcoin to a cold storage wallet after receiving bitcoin?

I think he means for storage. The guiding principal is about control of the private key. Unless you are the only one who has the private key, you do not own any bitcoin. It's fine to use a place like coinbase if you move them to a cold wallet right away.

Aloso...

Some of these are repeats... but they deserve being repeated!
...

Great list bro! Thanks for this.

[Baitty]

Some of these are repeats... but they deserve being repeated!

• Do encrypt (passphrase protect) your wallet. Don't use a simple passphrase. Don't use a passphrase you use elsewhere. Encryption helps, but understand that it doesn't prevent all types of theft.
• Do backup your wallet. Different wallet software work in different ways: some wallets you only need to backup once, others you need to backup after every new receiving address is created, and others are somewhere in-between. Understand how this works for the wallet software you've chosen, and be vigilant with your backups!
• Don't start off owning more BTC than you can afford to lose/have stolen. If you find yourself getting close to your personal limit, search for "cold storage" and find out how to use it. Don't put this off until it's too late.
• Do choose one of the wallet options from the official choose-your-wallet page here: https://bitcoin.org/en/choose-your-wallet. Not all online wallets are bad, however Do heed the warnings on this page regarding some of the less-safe online wallets. Choosing an online wallet does not exempt you from backing up your wallet.
• Don't download programs from the Internet. This rule is difficult to follow 100%; just be aware that each new program you download and run could be the one that steals your BTC.

Regarding that last rule, here are some guidelines that can help you decide how (un)safe a download is. Note that these are not hard-and-fast rules!

• Do research a program before downloading it. Are there a lot of websites discussing it if you search for it? Does it have a Wikipedia page that wasn't created yesterday? If either answer is No, Do be more suspicious of it.
• Software that is open source, especially if the answers above were No, is generally more trustworthy, but Don't assume that something is safe simply because it's authors claim it's open source!
• Software that is written in a popular scripting language such as Python, Ruby, Perl, JavaScript, etc. is generally more trustworthy, but Don't assume that something is safe simply because it's a script unless you can read and fully understand the entire script! Never download and run something claiming to be a script if it's actually an EXE file.
• Do look at the number of pages in a thread before downloading any software referenced on the first post of the thread. More pages means a smaller chance of the software being malware (but there's always still a chance it could be malware!). Do avoid software with only a few pages worth of posts - let someone else be the guinea pig!
• Do look at the Activity count and the Date Registered of users when trying to decide if they're trustworthy, and be more suspicious of Newbies, but Don't automatically assume that a Hero Member is 100% trustworthy.
• Do err on the side of caution/paranoia. It only takes one piece of malware to steal all of your BTC even if you've encrypted your wallet and even if you're using two-factor authentication.
• If you've decided to risk downloading something, Do take the time to find the single official download link or website.

Sorry if I sound scary... most people around here are the honest type, but there absolutely are scammers around here too. Use common sense, and have fun!

Really great information you posted. Color coded too!

[CoinGeneral]

Some of these are repeats... but they deserve being repeated!

• Don't download programs from the Internet. This rule is difficult to follow 100%; just be aware that each new program you download and run could be the one that steals your BTC.

Have there actually been any cases of people downloading software and having their BTC coins hacked? I know there's a lot of 'automatic bitcoin' software out there that are obvious scams, but I'm saying more subtle things like Alt Coin wallets, someone downloads an Alt Coin wallet installation and all of a sudden their BTC coins are gone. Any cases of that yet?

[bigasic]

Don't use online wallets

So your saying not to use coinbase? What exactly is wrong with using coinbase if you transfer the bitcoin to a cold storage wallet after receiving bitcoin?

I would only put my "expendable" coins there. And always use 2 factor authentication.

[boymilk]

and some tips to earn BTC 

Don't spend too much time on faucets and stay away from mining (especially cloud mining) unless you know what you're doing. It's highly likely to be unprofitable.

Don't use online wallets

Blockchain.info isn't that bad.

[bigreddmachine]

Never listen to someone when they tell you that a certain altcoin is going to hit it big.  They're all gambles.

Oh and AwesomeSauceCoin is going to the moon!  Just kidding

[bkora]

to earn BTC you can sell you service here
and for some free rewards try faucets

[C.Steven]

Have there actually been any cases of people downloading software and having their BTC coins hacked?

Here is just one example of such malware.
http://www.coindesk.com/chrome-extension-could-vulnerable-malware/

[newflesh]

Probably already been said but be wary of installing wallets for new alt-currencies, I've heard of at least two wallets with keyloggers. Also make sure to download from official websites and not random links posted up on the forum.

[C.Steven]

Probably already been said but be wary of installing wallets for new alt-currencies, I've heard of at least two wallets with keyloggers. Also make sure to download from official websites and not random links posted up on the forum.

Would you mind sharing a little bit details? I have tried to search with Google but got no results.

[Acidyo]

Some of these are repeats... but they deserve being repeated!

• Do encrypt (passphrase protect) your wallet. Don't use a simple passphrase. Don't use a passphrase you use elsewhere. Encryption helps, but understand that it doesn't prevent all types of theft.
• Do backup your wallet. Different wallet software work in different ways: some wallets you only need to backup once, others you need to backup after every new receiving address is created, and others are somewhere in-between. Understand how this works for the wallet software you've chosen, and be vigilant with your backups!
• Don't start off owning more BTC than you can afford to lose/have stolen. If you find yourself getting close to your personal limit, search for "cold storage" and find out how to use it. Don't put this off until it's too late.
• Do choose one of the wallet options from the official choose-your-wallet page here: https://bitcoin.org/en/choose-your-wallet. Not all online wallets are bad, however Do heed the warnings on this page regarding some of the less-safe online wallets. Choosing an online wallet does not exempt you from backing up your wallet.
• Don't download programs from the Internet. This rule is difficult to follow 100%; just be aware that each new program you download and run could be the one that steals your BTC.

Regarding that last rule, here are some guidelines that can help you decide how (un)safe a download is. Note that these are not hard-and-fast rules!

• Do research a program before downloading it. Are there a lot of websites discussing it if you search for it? Does it have a Wikipedia page that wasn't created yesterday? If either answer is No, Do be more suspicious of it.
• Software that is open source, especially if the answers above were No, is generally more trustworthy, but Don't assume that something is safe simply because it's authors claim it's open source!
• Software that is written in a popular scripting language such as Python, Ruby, Perl, JavaScript, etc. is generally more trustworthy, but Don't assume that something is safe simply because it's a script unless you can read and fully understand the entire script! Never download and run something claiming to be a script if it's actually an EXE file.
• Do look at the number of pages in a thread before downloading any software referenced on the first post of the thread. More pages means a smaller chance of the software being malware (but there's always still a chance it could be malware!). Do avoid software with only a few pages worth of posts - let someone else be the guinea pig!
• Do look at the Activity count and the Date Registered of users when trying to decide if they're trustworthy, and be more suspicious of Newbies, but Don't automatically assume that a Hero Member is 100% trustworthy.
• Do err on the side of caution/paranoia. It only takes one piece of malware to steal all of your BTC even if you've encrypted your wallet and even if you're using two-factor authentication.
• If you've decided to risk downloading something, Do take the time to find the single official download link or website.

Sorry if I sound scary... most people around here are the honest type, but there absolutely are scammers around here too. Use common sense, and have fun!

Awesome list! Did you compile it yourself?

This should be a sticky in this section.

[Velkro]

most of this advices are too vague
dont get scammed, if that would be so simple there would be no scams
people dont know they are scammed until they got scammed

[btchris]

RodeoX, baitty, Acidyo, thanks for the kind words.

Awesome list! Did you compile it yourself?

This should be a sticky in this section.

Yes, it comes from years of trial and error ( mostly the latter...  )

[btchris]

Probably already been said but be wary of installing wallets for new alt-currencies, I've heard of at least two wallets with keyloggers. Also make sure to download from official websites and not random links posted up on the forum.

Would you mind sharing a little bit details? I have tried to search with Google but got no results.

• Don't download programs from the Internet. This rule is difficult to follow 100%; just be aware that each new program you download and run could be the one that steals your BTC.

Have there actually been any cases of people downloading software and having their BTC coins hacked? I know there's a lot of 'automatic bitcoin' software out there that are obvious scams, but I'm saying more subtle things like Alt Coin wallets, someone downloads an Alt Coin wallet installation and all of a sudden their BTC coins are gone. Any cases of that yet?

I guess that depends on your definition of "subtle", but one thing is for certain: there's some new piece of malware posted on the forums every couple of weeks, and it's been getting a bit more clever each time. This is a trend that I'd guess is very likely to continue.

Take this one for example. The website it points to looked surprising professional even though it had some broken links (it's currently down, so you'll just have to take my word for it). It wasn't posted by a newbie which gave it a little credibility (I'm pretty sure the forum account it was posted under was hacked). The malware itself wasn't all that clever given that it tripped a bunch of antivirus (probably some existing RATware if I had to guess), but overall it wasn't immediately obvious.

Here's another one that's a little more clever. Not the nicest looking website, and it is posted by a newbie, but it claims to be open source and even has a link the the supposed source on GitHub. There's also someone who's not a newbie who is somewhat defending it. The malware itself isn't an off-the-shelf package-- it appears to have been custom written and doesn't trip antivirus unlike the first example.

I'd have to guess that these kinds of examples are already fooling at least some people, otherwise why would their respective authors keep bothering (both of those examples were not the first of their kind...)?

[RodeoX]

Some of these are repeats... but they deserve being repeated!

• Don't download programs from the Internet. This rule is difficult to follow 100%; just be aware that each new program you download and run could be the one that steals your BTC.

Have there actually been any cases of people downloading software and having their BTC coins hacked? I know there's a lot of 'automatic bitcoin' software out there that are obvious scams, but I'm saying more subtle things like Alt Coin wallets, someone downloads an Alt Coin wallet installation and all of a sudden their BTC coins are gone. Any cases of that yet?

Yes. This has happened many times.

[Newbiemon]

What programs/software could i use, if there is any that could detect if the files i'm downloading is safe or not?

Is malwarebytes enough? 

[shogdite]

Probably already been said but be wary of installing wallets for new alt-currencies, I've heard of at least two wallets with keyloggers. Also make sure to download from official websites and not random links posted up on the forum.

Would you mind sharing a little bit details? I have tried to search with Google but got no results.

The Tradercoin wallet contained a keylogger/trojan:

https://bitcointalk.org/index.php?topic=317201.0

"Carefull this newly released coin seems to contain a virus or keylogger -
It creates the a fake crss file in the C:\Users\acer\AppData\Local\Temp\crss.exe
then creates the following registry directory too:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MXsound
The process is then found in msconfig under the name MXsound (crss.exe)"

[coinsolidation]

to earn BTC

Do what you do best, or as a day job, and accept BTC as payment.

The operative word is "earn".

[RodeoX]

What programs/software could i use, if there is any that could detect if the files i'm downloading is safe or not?

Is malwarebytes enough? 

This why i love open source software. For example, bitcoin-QT. The reason I can safely assume that it is virus free is because nothing is hidden. The source code is released along with the executable file. Any mal-ware in the code would be easily spotted.
Proprietary software keeps the source code hidden and you must rely on anti-virus software, which might not work.  

[DrG]

Treat BTC like money, but just assume that there are no government or institutional agencies to protect or guard you.  Once you send bitcoin, it's gone unless the person is willing to send it back.  So if you wouldn't send a stranger on the web $5 of money, don't send them bitcoin.

If you use online wallets, you're assuming the person holding the coins won't steal them (cough tradefortress cough).