You can't memorize the name of every scam in the world, and you don't need to. Fraudsters keep changing the wrapper, but what they want from you—and what they have to get you to do to take it—has barely changed in decades. This is a universal 7-step gut check. Any "opportunity" that gets your heart racing or your stomach knotting, run it through this first. Most scams will blow their cover on one of these seven steps.
- It's a security gate, not a pass/fail exam—if any single step throws a red light, stop and verify before you go any further.
- It doesn't memorize scripts; it watches the common threads every scam shares: source, promise, urgency, the ask, verifiability, a second opinion, and a cooling-off period.
- The one to burn in is Step 4—anyone who asks for your private key or seed phrase is a scammer, 100% of the time, no exceptions.
What this framework actually stops
Almost every crypto scam—whether it goes by romance scam, fake support, fake airdrop, or high-yield Ponzi—shares an eerily similar skeleton: someone comes to you → dangles something too good to be true → pushes you to act fast → and ultimately moves to take your money or control of your account. If you can call a halt at any link in that chain, the loss simply never happens.
These 7 steps won't turn you into a security expert. They give you a fixed routine that doesn't depend on getting the read right in the heat of the moment—and the heat of the moment is exactly when people make the worst calls. That's the whole point of a checklist: it remembers, for you, the questions you can only think clearly about when you're calm. Below, each step comes with a "green light" (probably fine) and a "red light" (stop the moment it appears).
Step 1: Who reached out first?
Start with the simplest question of all: did you go looking for this, or did someone come looking for you? This one question filters out a huge share of scams. Scammers are almost always the ones who initiate—they DM you, send a friend request, drag you into a group, or cold-call you. Genuinely good opportunities rarely need a stranger to pitch them to you one by one.
Green light
You searched for it and decided to look into it yourself; nobody reached out to you first; you can clearly explain how you heard about it.
Red light
A stranger's DM, a friend request, a group invite, or an out-of-the-blue call comes to you—especially one that opens with investing, making money, or an "opportunity."
Step 2: What's the promise—and is it realistic?
Pull the promise out and hold it up to plain common sense. "Guaranteed returns," "principal protected with high interest," "X% back daily," "copy my trades and double your money," "zero risk"—the moment these words show up, you can basically call it. In a real market, high returns always come with high risk. There is no safe-and-high deal lying around for a stranger to hand to you.
Green light
They're upfront about risk, make no guarantees, and the expected return passes a common-sense smell test; no absolutes like "guaranteed," "sure thing," or "zero risk."
Red light
Promises of protected principal, guaranteed profit, fixed high interest, or steady doubling; returns too good to be true; high returns reframed as "no risk over here."
Step 3: Are they rushing you?
Watch for manufactured time pressure: "limited time," "right now," "only a few spots left," "before midnight tonight," "your account freezes if you don't act immediately." The only purpose of the rush is to keep you from having time to stop and verify. It's a move almost every scam makes, and one of the easiest red lights to spot.
Green light
They explicitly tell you "take your time" and "no rush"; no countdown, no "now or never"; you have ample time to verify.
Red light
Repeated emphasis on how little time or how few spots are left; "act now or it's gone / void / frozen" used to force an immediate decision.
Remember this matchup
A real opportunity isn't afraid of you taking your time; the thing that fears your slowness usually isn't real. The harder they push, the further you step back. "Urgency" alone is enough to make you hit pause.
Step 4: Do they want your money / access / keys?
This is the most important step in the whole framework, because it points straight at the scam's endgame. Every scam, at the end, has to take something from you. Watch closely for any push toward: moving money out, handing over login access, reading out an SMS or authenticator code, approving a wallet transaction (a signature), or—worst of all—giving up your wallet's private key or seed phrase.
Burn in this rule, no exceptions
Anyone, for any reason, who asks for your wallet's private key or seed phrase is a scammer, 100% of the time. There is no "official verification needs it," no "syncing your assets needs it," no "support needs it to recover your account." Your private key and seed phrase are the keys to all your assets. A real platform and real support will never ask for them—anyone who does is there to rob you.
Green light
No transfers from you, no verification codes, no approval signatures—and nothing anywhere near your private key or seed phrase.
Red light
They want you to transfer / deposit / pay a "fee, tax, or margin"; they ask for a verification code or account password; they push an unexplained approval; they ask for your key or seed phrase.
Step 5: Can you verify it independently?
Don't accept any "proof of identity" or link the other party hands you. Instead, verify in reverse, through channels you already control. If they claim to be an exchange's official support, don't use their link—go to the site from your own bookmark and open a support ticket inside the platform. If they say a domain is the "latest official site," check the domain character by character yourself, or run it through our official domain checker. The power to verify identity and official domains has to stay in your hands.
Green light
You can confirm the identity and domain independently, through official channels you already control; the domain matches character for character, with the correct suffix.
Red light
Their only "proof" is a link / screenshot / QR code they sent; the domain has a near-miss spelling, an extra word, or the wrong suffix; it falls apart the moment you check.
Step 6: Did you get a second opinion or official confirmation?
Scams hate being said out loud to someone else. Before you act, tell the whole thing to one clear-headed person with no stake in it—family, a friend, anyone—or go straight to an official channel to confirm. Just saying it out loud, you'll often hear the holes yourself. This step exists to break the isolation of "I'm the only one judging this"—and isolation is exactly what scammers work to manufacture.
Green light
You've already told at least one bystander, who saw nothing wrong; or you've confirmed it through an official channel.
Red light
They warn you "don't tell anyone," "this is internal—say a word and the spot's gone"; or you're afraid or unwilling to tell family and friends.
Step 7: Did you give yourself a cooling-off period?
The last gate: don't decide while the emotion is still running hot. Set yourself a rule—anything involving money or account access waits a while (sleep on it; ideally a full 24 hours) before you act. Looked at the next morning, a lot of "once-in-a-lifetime" chances suddenly show their cracks. A real opportunity can wait one night; the ones that can't were never worth betting your money on anyway.
Green light
You gave yourself real cooling-off time—slept on it, waited a day—and it still feels fine and still holds up against the first 6 steps.
Red light
You're being pushed by emotion to "do it right now"; the moment you stall, they apply pressure; you can't bring yourself to spend one night thinking it over.
Three real scenarios, run through the check
The framework's covered—but reading it isn't the same as drilling it. Take three of the most common scenarios and walk them through these 7 steps, and you'll find they throw red lights almost the moment they walk in the door.
Scenario 1: An "airdrop" DM lands in your inbox
A stranger's account DMs you: "Congrats, you've been selected for Project X's airdrop whitelist—click the link to connect your wallet and claim, today only." Run the framework:
- Step 1: they reached out to you first — red.
- Step 3: "today only" — red.
- Step 4: connect your wallet, approve a signature — red, and basically the signature move of a fake airdrop drainer.
Three red lights in a row, and the conclusion is clear: don't click the link, don't connect your wallet, just ignore it.
Scenario 2: "Support" says your account is flagged and needs unfreezing
Someone claiming to be exchange support contacts you: "We've detected unusual activity on your account and need you to verify. Read me the SMS code you just got, or it freezes in 30 minutes." Run the framework:
- Step 1: support reached out to you first — red (real support usually waits for you to open a ticket).
- Step 3: "freezes in 30 minutes" — red.
- Step 4: asking for your verification code — red; hand over the code and you've handed over the account.
- Step 5: don't trust them—check your account status from your own bookmark — and you'll usually find nothing wrong at all.
The right move: hang up / don't reply, log in through the official channel yourself to confirm, and never read out any verification code. More in fake support and "account unfreeze" scams.
Scenario 3: A friend recommends a "guaranteed-profit" platform
This is the easiest one to let your guard down on, because it's someone you know. "I've been making steady money on this platform for months—let me bring you in, 2% daily." But note: their account could be hacked, or they may already be a victim themselves. Run the framework anyway:
- Step 2: "guaranteed," "2% daily" — red; a promise that defies common sense doesn't become true because someone you know recommends it.
- Step 5: can the platform be verified independently? The domain and credentials fall apart the moment you check.
- Step 6: confirm through a different channel (call, in person) that it's really your friend, and that they themselves have actually withdrawn money.
- Step 7: either way, sit on it for a day—don't transfer money on the spot.
A recommendation from someone you know doesn't equal safe; what matters is whether the promise itself is realistic. These are usually fake high-rebate and Ponzi schemes, with the acquaintance being the last person who got pulled in ahead of you.
Save this: the 7-step checklist
Screenshot the list below to your phone, or bookmark it. Next time any "opportunity" gets your heart racing or stomach knotting, check it off against this—any single box ticked (a red light hit) means stop first.
- ① Source: they reached out to me (I didn't go looking for it).
- ② Promise: words like "guaranteed / protected / high interest / doubling / zero risk" showed up.
- ③ Urgency: they're rushing me with "limited time / few spots left / act now or it's void or frozen."
- ④ The ask: they want a transfer, a verification code, an approval—or they ask for my private key / seed phrase.
- ⑤ Verify: I can't independently confirm the identity and domain through channels I control.
- ⑥ Second opinion: they told me "don't tell anyone," or I haven't yet asked another person / an official channel.
- ⑦ Cooling-off: I'm itching to "do it now" without sleeping on it first.
Want it easier? Let a tool run it for you
It's fine if you can't keep all seven in your head. Feed your situation into our scam self-test tool—answer a few questions and, using the same logic, it'll gauge how risky it is and tell you what to do. When you're unsure and worried your own emotions might take over, let the tool run it calmly for you.
Common questions
Do all 7 steps have to pass for something to be safe?
No. The framework isn't a pass/fail exam—it's a filter. If even one step throws a red light, that's reason enough to stop and verify before going any further. Its job is to surface danger signals early, not to give you a score where "most of them check out" means you're cleared to proceed.
Scammers keep changing their tactics. Does a fixed checklist still work?
Yes, because these 7 questions don't target a specific script—they target the things almost every scam has in common: who reached out first, whether the promise is realistic, whether you're being rushed, whether they want your money or keys, whether you can verify independently, whether you got a second opinion, and whether you slept on it. No matter how the packaging changes, anything that wants your money or account access will trip on at least one of these.
Which step matters most?
If you only remember one, remember Step 4—does it want your money, account access, verification codes, or your private key / seed phrase? Every scam ultimately exists to take one of those. Above all, burn this rule into memory: anyone who asks for your wallet's private key or seed phrase is a scammer, 100% of the time, no exceptions. After that, Step 7—giving yourself a cooling-off period—matters most, because nearly every scam is afraid of you slowing down.
What if a friend or someone I know referred it—do I still run the check?
Yes—and even more carefully. Your friend's account could be hacked, or they may already be a victim who doesn't know it yet. Whether something is trustworthy depends on whether the promise itself is realistic and independently verifiable, not on who brought it to you. When money is involved, hold people you know to the same yardstick. That isn't distrust—it's refusing to pay for someone else's blind spot.
Pass the 7 steps—then make sure you walk in the right door
This self-check helps you fend off scams that come knocking; when you actually trade, using a reputable major exchange through its official channel from the start cuts the risk at the source. OKX is one of the mainstream exchanges, and you can sign up through the official channel below—its official domain is okx.com. The moment you've signed up, bookmark it, and from then on only enter from the bookmark.
Related reading
- Why "I'd never fall for it" is exactly what's dangerous—understand the psychological levers scammers pull, and you'll see why these 7 steps work.
- Scam self-test tool—feed in your situation and it'll run the same logic for you automatically.
- Fake airdrops and wallet-approval drainers—the full breakdown of Scenario 1, and how an approval signature empties a wallet.