How to not get scammed and lose all your crypto

I recently had a MetaMask wallet emptied by a sweeper bot. I must have exposed my private key or seedphrase somehow somewhere (no I didn't enter it on any websites or show anybody). It wasn't a wallet for long term holdings so the losses were minimal. It isn't the end of the world and thankfully I am more aware of potential risks and many of ways I could be at risk. Thought I would share so nobody else suffers the same fate as me.

1. Do not send or show your seedphrase or private keys to ANYBODY.
2. Avoid connecting your wallet to websites unless you need to. Remember to remove access when you are done.
3. Double and triple-check website URLs. Scammers attempting a phishing scam will copy the URL of legitimate sites and swap letters and numbers—an “l” for “1” or “0” for the letter “O,” for example.
4. Educate yourself on hot wallets and cold wallets and invest in a hardware wallet for long term holdings.

Hopefully this can help somebody.