Scam: Your Funds and Friends Aren't Safe
What Is This Abuse? Part 3
For my third anti-abuse contribution, I'm tackling one of the most destructive type of abuse - Scam.
Scam is a notoriously demoralizing abuse on the platform. It can make you quit. Or for the better, it can make you less-clicky on links.
One thing we need to do while surfing the web is be leery of any links. Be leery of any screen asking for your password.
Main pic by https://unsplash.com/@timcollinsphoto
Points To Cover
- What is scam on the blockchain
- How to find scammy/phishy posts and comments on the blockchain
What is Scam
Scam is defined as a fraudulent or deceptive act or operation.
You might think it's only for emails and mails. No, you can also fall for it in the world of wide trappy web.
Let's see how else scam is defined.
From Utopian antiabuse guidelines
Scam - Posting a scam designed to trick or defraud others. One example of that would be phishing, which is posting with intention of stealing account keys, passwords or credentials.
Malware/Virus/Phishing and other Attack Vectors
Any of these can compromise the security of Steemian’s account(s), computer, or steemit.com itself.
The most common downfall of this type of abuse is clicking on links. New Steemians, and even established ones, fall for this bait. Click an enticing link and give away your password.
How To Detect Scam/Phishing
Examining Links
If you are using Steemit, any links pointing to other sources will warn you that it's an external link.
Steemit post with external link
On the above screenshot, I hovered my mouse over the link on my post. The warning says that particular link will take you away from steemit.com. On the bottom left of your screen, you should also see where that link is going to take you. On this case, it goes to Utopian.io.
On Busy.org, check your settings:
My settings on Busy.org
If Rewrite links is checked, any link you click with steemit.com will open as busy.org. Otherwise, it will be an external link - going to steemit.com.
If Enable exit page is checked, any link you click going away from busy.org will open on a separate window. It will let you stop and consider before going to the website. If unchecked, Busy will let you go to the website without a prompt.
New tab opened from Busy.org if exit page is enabled
Looking for something to flag
If you don't already know by now, I'm scouting for abuse.
For this post, I'm going to look for abuse under artisteem tag.
New/Created page for artisteem tag
On my last post about copy/paste, this particular tip gave me 2 abuse leads.
Click on Steemit logo, click New and choose any tag. Since I'm targeting artisteem, I just typed artisteem on the address bar. Then take your pick! It's going to take some time so grab a snack and a drink...
GIF of how to do this on PCThis incident happened 4 days ago. I was looking for a material to write about plagiarism. Instead, I stumbled on a phishing comment!
What a coincidence. At that time, I just read @guiltyparties post about phishing and how Steemcleaners keep track of phishing and phished accounts.
I found an artisteem submission, checked if it was plagiarized, it's not. As I was looking through the comments (yes, I read the post and the comments too), I found a glaring advertisement.
Phishing culprit. The -2 rep is after Steemcleaners wiped out every comment.
If I was click-happy and wanted that exclusive 30 STEEM bonus, I'd jump right on it before they run out of Steem!
But I hovered over that link, noticed it was going to a website . I didn't want to click on it.
What do you do? How can I test if this is a phishing link or not?
On non-urgent abuse cases, I usually report them through the Steemcleaners website.
This is a destructive abuse and needs an urgent attention. I decided to drop this link at Steemcleaners Discord. I don't care if it's going to turn out as false alarm. What matters is if this link is safe or not.
Steemcleaners has a phishing channel. I reported the link and asked if they can take a look at it. Bullionstackers is usually the main guy and that morning was prime phishing morning.
Steemcleaners phishing channel was on fire that morning
Sure enough, it's a phishing link. Thanks to @BullionStackers and @Pjau for responding so quickly.
Looking at the account's comment page, it's all greyed out now.
Nuked account to minus 2 rep
Another superb job by Steemcleaners!
Steemcleaners and plentyofphish hammering the phishing comment
Summary
You might think your Steemit life is over once a scammer gets a hold of your private keys, passwords, and/or credentials. Damages like the ones below would be devastating.
- Your funds were withdrawn
- Your rep is down to the negatives
- Your Steemit friends got phished too
- Your account is unrecoverable and you have to start another account
It takes a lot of work to start from scratch again. And how can you deal with your friends getting phished because you got phished?
You don't ever have to deal with it if you're careful, slow to click and aware. Multiple check everything! Be selfish with your password.
Flag a phishing link to help your friends not click on it when they see it on your post. It's time to stop ignoring the scammy links on comments you stumble on.
This is a community effort. Do your part and stop feeling sorry for others. You can help stop phishing from spreading on the blockchain.
If you give a subtle warning like @thekitchenfairy, even better! She's a witness too. If you have a spare witness spot, consider voting for her.
Resources
- SimplyMike authored a recent post on how to protect yourself from being a phishing victim
- Arcange authored this post on how a deceiving comment with images is used to trick you
- Surfermarly talks about what happened after she recovered her phished account
- Themarkymark talks about how a good password manager can help protect you from phishing attacks
Previous Series
If you missed the first and second parts to this series, check it out below:
Last on "What is This Abuse" Series
- Plagiarism: Your Hard Work, My Gain
Thank you @lovenfreedom for your third contribution to the Utopian-io anti-abuse initiative. This post follows the other two contributions you submitted and has the best http://hemingwayapp.com/ score I have seen yet. Your writing skill is awesome and your post explains how to be super careful clicking on any link on steem apps.
This issue, Phishing is a terrible one that can be easily overcome. Everyone should treat their steem passwords like cash in their wallet. Never click on a link you don't recognize. Take the time to report every Phishy link to @steemcleaners. You explain this all very well.
Even tagging @guiltyparties, @pjau or @bullionstackers will help. Thanks again for another great anti-abuse contribution.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
Only Tag when Urgent.
Keep Tagging will be Ignore.
I Do Read my Summons.
Thank you for your review, @iamstan! Keep up the good work!
An interesting post with an interesting approach. I guess one cannot avoid different kinds of malicious behaviours when you face them every day.
Anyway, I could see examples for general links which you can see by hovering over them. What about shortened urls, which could be created to keep track of the click rate but also may make one to accidentally click unwanted link as they are curious.
Do you recommend any tools for such cases or is there a service/bot on Steem that expand shortened links?
Awesome thoughtful question. I totally forgot about tiny URLs. Since some Steemians use them for affiliate links and such, it can be abused to point to a malicious website.
I don't know any service on Steem but I have a tool un-shortener for shortened URL.
https://unfurlr.com
The other websites providing preview are not https.
Hi @lovenfreedom!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server
Hey, @lovenfreedom!
Thanks for contributing on Utopian.
Congratulations! Your contribution was Staff Picked to receive a maximum vote for the anti-abuse category on Utopian for being of significant value to the project and the open source community.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
I don't like scams!