I have followed one simple principle for the last 16 years and have been incident-free. The communication with every business I am affiliated with in any way is one-way - I contact them. I never answer any calls or texts and I never answer any emails. no exceptions. It is amazing how much this simple rule just works. To fall for most scams you have to make a mistake which almost always involves you getting something, call, text, email…

This is one of the best heuristics (because it’s such an short+easy to memorize). I learned it from my mother who is kinda low tech, but understood risk.

But ultimately, it’s a heuristic and is imperfect.

One example thing which bypasses weakness to this heuristic: when you import a programming language library or a “curl pipe bash”: how much research do you do to verify the authenticity of the library, the security of the package and contributors, that you didn’t typo and accidentally install a lookalike malware, etc? And then every time you take an action which updates the same thing, are you equally as rigorous and vigilant as the first time?

It seems like no exceptions would just make life needlessly difficult for me.

I just received a monitor at no-cost because the first one I bought had a hardware defect - the company didn’t respond to my attempt to contact them, so I returned it to amazon and left an accurate review. The seller followed up and sent me a non-broken one. If I’d ignored this, not only would I be down a monitor, I’d have just assumed the entire product category - of which there seems to be only a single supplier (16” 2880x1800 AMOLED monitors that match up perfectly to 27” 5K monitors when placed in portrait mode) simply wasn’t workable with my setup for whatever reason.

My dentist recently called to reschedule an appointment. I could have insisted that I call them back, but that just wastes everyone’s time for a conversation that has no real scam potential.

Also applies to computers: no open inbound ports, and outbound only to known destinations.