I would say to check the first and last 5 characters of an address and also 5 in the middle, as someone who creates vanity addresses might be able to come up with an address with the first 5 and last 5 the same as your real address. In fact, I know that this is already happening, so I would add to verify 5 more characters in the middle. Also doing vanity addresses might be able to come up with an address with the first 5 and last 5 the same as your real address. In fact, I know that this is already happening, so I would add to verify 5 more characters in the middle. Also doing voice verifications adds a layer of security as well, so for example, say your friend is sending you a btc address, it should be followed with a voice message from him with the first, middle, and last 5 digits. If a large amount is being sent, you can test send a small amount first.

Also let me add that on native segwit and taproot addresses that start with bc1q and bc1p respectively, more than the first 5 characters should be checked.

I would say to check the first and last 5 characters of an address and also 5 in the middle, as someone who creates vanity addresses might be able to come up with an address with the first 5 and last 5 the same as your real address. In fact, I know that this is already happening, so I would add to verify 5 more characters in the middle. Also doing voice verifications adds a layer of security as well, so for example, say your friend is sending you a btc address, it should be followed with a voice message from him with the first, middle, and last 5 digits.