This is a simplified, reworked version of the safety tip's article on the MetaMask community blog. I tried to newbiefy it, that everyone understand and apply them easily.
Rule #1: Never share your 12-word or 24-word Secret Recovery Phrase (SRP) or private keys. Customer service, support, troubleshooters, no one will ask your private keys or secret words that you used initially to create your wallet. Anyone who has these words or key, has complete access to your wallet. You cannot change your private key of your wallet. If you lost the control or privacy of your private key, you can just transfer your coins and tokens to another trusted wallet before it has been accessed by someone else.
Rule #2: Beware of impersonators! This is the most common way to scam and con people by pretending to be support or customer service of a particular wallet or website. Many of decentralized or non-custodian service providers does NOT have a support team/personnel/email/account! Usually these fraud impersonators try to 1/ lead or phish you to an alternative fake website to access your wallet and authorize undesired translation or 2/ ask for your private words/key Rule #1!
Rule #3: Never take a photo or screenshot of your secret recovery phrase or private key. Always write it down twice in a notebook, or on a secured piece of paper, not on the cement pocket or piece of napkin that you may use for a recreational purpose sometimes after the midnight!
Rule #5: Never DM (direct message) with someone offering to help.
Big accounts and companies never text you directly. Always verify the email source or account details. So in short: MetaMask Support will never DM to help you.
Rule #6: Never enter your secret recovery phrase or private keys into any website.
Rule #7: Never trust someone asking you to “authenticate your wallet”
Rule #8: Never import a private key or a seed phrase to your wallet that someone gave you
Rule #9: Explained in Rule #2, specifically, MetaMask does not provide support via these platforms. DO NOT join Discord servers, WhatsApps groups, WeChat groups, Telegram channels, or Twitter DMs that say they are real MetaMask supports. These are all scams.
Rule #10: Report scammers. You can help the stay community safe!
Rule #11: Beware of fake websites, scammer clone and copy the real website, as the fake website looks exactly the same as the real one, only there may a small changes, for example by changing the MetaMask.io to MetaMask.support!