Abuse Series: They Were Phishers of Men
Phishing:
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. - Wikipedia
They are everywhere! They are even on the Steem blockchain! I remember my first encounter with an phishing attempt as a university student. An email was sent to everyone at the organization I worked at, posing as Wells Fargo & Company. I heard several employees fell for the scam and they were frantically trying to damage control.
I was fortunate because I did not use Wells Fargo. When I received the email, I deleted it on the spot. Today, I often receive phishing calls over the phone. Again, they tend to claim to be services which I have nothing to do with or know anything about, and I am able to ignore their enticements.
I have personally witnessed several people falling for phishing scams in the past few weeks. Much like their off chain counterparts, they often pretend to be a trustworthy service or another link on the blockchain. Here are some examples:
What is so malicious about these attacks is that all the accounts you see in the screenshots were VICTIMS that fell for the trap and ended up having their own accounts become the tools of further scams. Some accounts were stolen for so long that they became permanent fixtures in the phishers' resource pool.
If you paid attention to the links they provide in their comments, they are not Steemit links. When you click on them, they will ask you to log in as if you were logged out of the UI. That is how they get you.
How to recover account?
A general process can be found in @firepower's past post about account recovery or visiting the @steemcleaners Discord for assistance. People such as @bullionstackers and @arcange work tirelessly to contain the phishers' attempts to gull other hapless Steemians into their jaws.
Phishing accounts are generally flagged into invisibility. When you have recovered your account, make sure you delete all traces of phishing elements on your profile and notify quarantine personnel to remove the flags before seven days, or your reputation damage could be indefinite.
How to stay safe?
The Witness @quochuy has a useful signature that serves as a PSA for phishing protection. I recommend everyone to read them. Basically, it involves using each of your unique keys for specific purposes. In the event that you do become a victim, the damage would be limited.
What about lost funds?
I am sorry to say that they are good as gone. As a precaution, there are ways to make sure your funds are difficult for the phisher to extract. A makeshift cold wallet, as suggested by @themarkymark can minimize losses should your active social account becomes compromised. In addition, putting your funds into savings, a relatively unused feature, can buy you three days before the phisher can move your funds.
What can exchanges do?
I was informed by @steemflagrewards lead admin, @anthonyadavisii, that @blocktrades, Witness and exchange, is willing to blacklist known cash out accounts used by phishers to slow down thefts. This is under the condition that users provide details about the timeframe which accounts were stolen. They would also be willing to provide extra information for tracing the funds if necessary.
While it would be nice if all exchanges chose to participate in slowing down wrongful transfers, let us all remember that our accounts are our own responsibility and money is involved in all accounts.
Abuse Series is a record of witnessed events as I move about on and off the Steem blockchain.
Previous post: Memes #2
Next post: What Is Spam?
Although I always be careful before filling key in a third party interface. But the risk always exists.
This article is really helpful and I will have to read more the contents you mentioned. Thanks a lot!
You got upvote = x2.5BID + 10 bonus upvote from @hoaithu. Thank for you used service!
Reply on @haccolong's posts & can get upvote free from me.
Can never be too careful, especially when you are running a business.
I myself do not understand why people do not use the savings part more often, I understand that not everyone wants to power up there steem or their SBD, but leaving hundreds vulnerable to an accident, does not seem like a good Idea, Use the saving part of the wallet, it takes three days yes to get it out, if three days is not liquid enough for you then cash it out asap. Why take the risk.
Hard to say. It does make you wonder about how people perceive the long-term potential of Steem. It's as if everything has to be liquid and moveable at all times.
It's very useful, thank you!
Some useful information there! Gonna try to make sure my father gives this a read. Thanks for taking the time to put this together and share it.
I tried to simplify it to around 500-700 works so people won't be bored of reading on the spot. lol
I almost gave it one time and one of my accounts was recently hacked , don’t make any stupid mistakes . Always trust your gut feeling
I hope you didn't take heavy damage...
@enforcer48, upvote! Very interesting information. I am analyzing it.
Thanks. Be safe out there!
Let’s just hope the right people will see that post and not fall for those ridiculous scams.
That's silly. Most people don't read around here. :v
You just planted 0.13 tree(s)!
Thanks to @enforcer48
We have planted already 3377.43 trees
out of 1,000,000
Let's save and restore Abongphen Highland Forest
in Cameroonian village Kedjom-Keku!
Plant trees with @treeplanter and get paid for it!
My Steem Power = 19262.84
Thanks a lot!
@martin.mikes coordinator of @kedjom-keku
BOING! You got a 45.76% upvote from @boinger courtesy of @enforcer48!
You got a 100.00% upvote from @luckyvotes courtesy of @enforcer48!