A Rollercoaster Ride: Courtesy of Phishers of Men

in phishing •  11 months ago

On a Wednesday in April, I was doing my thing – I am trying to develop a routine – of “doing” comments, checking posts and doing my bit for #steemitbloggers and #teamsouthafrica, the two Discord servers on which I am most active.  I’m still learning my way, and I’m not as active as I should be on #worldofphotography because I don’t consider myself even a rank amateur when it comes to photography.  I dabble at best, and tend to point and click my smartphone and my Samsung bridge when I am able.  But mostly, am pre-occupied.  So back to that day, and trying to develop a routine.  It was also part of my strategy to build a reputation on Steemit, and maximizing the return;  as one should, but to which engagement is a central tenet.  Engagement is not just critical to success, potentially financially, but also to one’s sense of self on Steemit.  That day, and the ensuing days taught me how true this is.

So, there I was, doing my “thang” and I came across this comment with a link about auto votes.  

“Oh, cool,” Me thought, "this might be useful.”

But then Myself said, “Are you sure?  That link looks a little weird and the real Steemit community doesn’t actually approve of too much automated stuff.  You know you can’t comment and/or upvote within 20 seconds of the previous one.”

“Umm, ja, but that the hell?  What have I got to lose?” I ask Me. 

Click.

I get on with a few other things because, all of a sardine, there was a power outage.  We live in the country and it happens from time to time, but it’s really annoying.  Especially sometimes, as happened that day, it was scheduled and because of our poor mobile phone service here, we don’t find out until AFTER the fact.

Up to that point, my day had been uneventful, and I was happily preparing for my mid-morning meeting with a client.  

Then the power came back on.  Suddenly I had more notifications on my Discord icon than I’d ever seen – before or since.  @Ginabot had gone mad. She was shouting.  She was blaring, and she carried on shouting.  She was going beserk.

“WTF?” I ask, in real words and CAPITAL LETTERS.  “I” was suddenly commenting on posts that would never enter my consciousness, and in languages I could not recognise, let alone understand.

The next few minutes are a complete blank.  

A huge knot develops in my stomach.  What have I done? What do I do?

Not only a Minnow, but also a bit of a technodunce, I know that I need help and head over to the @steemitbloggers Discord server, where I’d already done the daily greet with the folk online.  

I confess.

I ask for help.  

Mercifully, the calm voice of reason and (help) was online.  Step by step @zord189 asks me a series of questions, some of which in my panic, I can’t answer.  

“Which password? Which key?” He asks, instantly suspecting I’d been hacked.  Then, came this instruction:

I couldn’t get to my wallet.  I couldn’t get into my account.

Diagnosis:  HACKED

And then, he asks, “Have you transferred any money from your wallet?”

“No.” I had not then, have not yet, transferred anything out of Steemit.  I have done the odd small transfer to other user accounts but that’s it.  I’m saving what little I have.  For a rainy day.

He was checking movement on my account and sent me to check for myself:  half my wallet was gone.

An aside:  you do know that your wallet and its transactions are all public – if you know where to look

Revised diagnosis:  HACKED and PHISHED

All I could do, again talked through the process by the calm voice of reason, was to go through the steps to recover my account and wait.

By the time I returned from my meeting, an hour later, my hard-earned reputation had gone from a from 44 to minus one.  Virtually everyone of my comments, not just the spam, had been flagged and downvoted.  Gina was very busy passing on messages from Steemians telling me not to spam.  

I felt helpless, horrified and mortified.

What “I” was doing flew in the face of everything I’d come to understand about Steemit and what the community stands for.

Oh, she of little faith.  

As I was going through all this turmoil in my mind, that community and the special sub-communities of which I am part, #steemitbloggers and #teamsouthafrica, stepped in, rallying the troops.

The founder of @steemitbloggers, @jaynie included one of my posts in a curated post, and folk called on their folk to support, like the two below, @sweetpea, @byn, as well as @thekittygirl, @roseosman, to name just a few.

Then, there was #teamsouthafrica, @joanstewart and @therneau – the latter having been told of the “drama” – his word – by his Steemitblogger wife, @jusipasseti, as well as the help from @fates who sent me numerous private messages of advice and support.  

More humbling mortification:  just the day before, I had volunteered and accepted a role in #teamsouthafrica, which I could not fulfil until I was back on Steemit.  @fates gracefully stepped in.

But I still couldn’t DO anything.  I had to wait until I received THAT email, allowing me to recover my account.  You can’t rush certain things:  there are things that HUMANS do in Steemit, and that is the monitoring of the support email and the account recovery process.

The email arrived, just under 24 hours later, and I logged in to deal with the mayhem.   I followed the instructions from @simplymike says in a well-crafted and thought-through post about how to re-establish my reputation.  Central to this, and before I could contact the @steemcleaners, to “ask” for my reputation back, I had to go through and edit every single spam comment.  I went one step further, where I could:  I upvoted and responded to each comment that told me I had spammed – with a genuine apology.  I did not want anyone else to have been caught the way I had.  It was too awful to contemplate.

It was a long, emotional morning.  Emotional because I was overwhelmed not just by the entire experience but by the support.  Then, as they say in those awful television commercials, there’s more.  

Again, Gina goes nuts.  As folk realised that I was back on track, posts that were “younger” than seven days start getting upvotes, comments and the odd re-steem.  I can’t keep up with her and the fantastic support.  

I begin to feel overwhelmed, and have a lump in my throat because, yes, there’s more:  @fates shares some of her Steem so that my posts get upvoted. 

Steemians are still not done:

On Discord, I get this question. 

As good as his word, @raymondspeaks did just that, and gave me the good news that my rep was being reinstated.  More to be grateful for when I check my wallet.  I can’t believe what I’m seeing.  The SBD that had been stolen, were back.  A gift from @raymondspeaks with the memo, “There!  Now you haven’t lost anything but some reputation.”

Then the floodgates did open.  The Husband who shares the office looked at me as I quietly lost the plot - tears were streaming down my face.  I am tearing up again, as I write.  I had told him about how supported I felt by this community, but hadn’t expected this level of support.  He is now a vicarious @steemit convert!  He's not online for anything other than email and the bank.

Over that thirty odd hours, my emotions went from a sense of desolate violation, not understanding why anyone would hack into any account, let alone mine which had virtually nothing in it, to humble gratitude for all the care and support from the Steemit community.

That day ended with another message from the trusty Gina: a comment on a comment on a post on which I had no recollection of commenting. 

Wow!  My reputation was not just back to where it had been, but it was slowly creeping up.  

All that was thanks, not so much to my hard work, but the support from the wonderful Steemian community and particularly #steemitbloggers and #teamsouthafrica.

So, what did I learn through this experience?

Clear your cache once you’ve recovered your account

A couple of days later, having recovered my account, I found myself “locked out” again.  Advice was to recover my account again.  I did.  I waited for a few days for THAT email.  In vain.  I reached out to @steemcleaners and in a private chat, was asked by @guiltyparties, both a witness (go and vote for him/her) and a Steemcleaner, about what I’d done on my account in the previous few days.  To cut a long story short, and thanks to him, I got back into my account: a cache issue.  Another lesson learned. 

NEVER use your master password unless you HAVE to

DON’T 

• save your password to Google or any other automatic password filler 

• use it as a means of logging in to another linked Steemit platform or app, like Steemconnect, eSteem or Steepshot

• use it to post or comment – use an ACTIVE key for this

Hackers are real, we see it happening everywhere, rather be safe, not sorry.

• Make use of a password manager – I am fortunate to have a lifetime subscription to Sticky Password which operates in the cloud and across a number of devices.  It has a number of features I really like, including a secure memo functionality and the automatic deletion of the contents of one’s clipboard.

Change your password

When you recover your password, CHANGE it.

And then

  • Save all your passwords and private keys into a “paper wallet”.  This post from @joanstewart includes information about where and how to securely save and store your personal information. 
  • Save all the public and private keys so that you have them on hand.  
    At the same time, and if you don’t know what they’re for, make a note of that so that when you do something and you’re asked for a DIFFERENT password or key, even if you’re logged in, you know what to do.
  • DO NOT change your password again in a hurry.  You can only change your password every 30 days.  If you try, you could get locked out of your account.

More about phishing and good advice on keeping your account secure comes from @jrswab here. Read it and follow the advice

Listen to that little voice

We have three voices – Me, Myself and I.  Do listen to that one that says to you that something’s not cool because it seems too good to be true.  That means that one mustn’t click on links that look like this 

It’s short and it’s too much like a steemit URL, but NOT QUITE. DON’T DO IT!

Have a PA

Had I not had Gina,  I would have been oblivious to what was going on until it was too late.  She is a bot and once you’ve registered with her, she’ll tell you about as much happens on your account as you need or want to know.  

And last, but not least:  Real, caring people live on Steemit 

Over the couple of days that I had this crisis, I was literally overwhelmed by the care and support from folk.  I have mentioned some that reached out to me and I want to mention two others.  Both of them reached out to me in the midst of their own life crises and my hope is that anyone reading this goes and upvotes a current post as they can use all the help they can get:  @lynncoyle1 and @simplymike

Humbly yours, and with gratitude
Fiona
The Sandbag House
McGregor
South Africa

Photograph:  Selma

Join us @steemitbloggers Animation By @zord189

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

All of the various passwords confuse me so much. It wasn't until your fiasco that I even got half a clue as to how important all of those things were. Thanks to @zord189 for his fantastic explanations and whatnot, I THINK I have at least somewhat of a clue now.

I'm sorry you went through all of that, but I think it's awesome that you're using your experience to highlight the issues for others.

·

Thanks, @byn. I also think that partly as a result of this experience I have some idea about the various keys. @zord189's help was invaluable.

·

Thanks for the shoutout @byn :)

It was indeed a rollercoaster for you but I'm glad after a week, you managed to get your account back up. I was so worried for you that time cause it is so scary and frustrating at the same time. I'm glad it's over!

·

Thank you for that, and thank you, again, for all your help. It means more than you know!

·
·

awwww, :')

Wow, that is one heck of an annoying journey to go through. I guess that should be a lesson learned to everyone.
Glad you made it out :)

·

It was, indeed. I learned so many lessons, @mcfarhat, especially about this platform - glad to be back, thank you :)

Ai!!!! So sorry you had to have an experience like that @fionasfavourites - and so soon after joining too :( but I suppose... rather then than in 3 months time when you are a milliiionnaaaire ;)

Love you!!!

Sorry I was not around much at that time to assist :( I only caught wind of it after the fact and I felt terrible for not being there for you! But AM EXTREMELY grateful to the other @steemitbloggers and Mr. "Always there bear" @zord189 and the fact that they were in fact around to help xxx

·

Ah, @jaynie - you give me a lump in my throat xxx

Yes, better now than when there was a "decent" amount to pinch. A lesson learned and no reason to feel bad - you have a life outside Steemit, I know. Rather feel proud that the family you have created stepped up to the plate, in the absence of the Mama Bear.

Love to you all
xxx

·
·

MWAH!!!

Well, it's always fascinating how people can get really creative when there's money involved.

Sorry you have to go through this, but moving on, I'm sure it brings lessons that will be very useful in the future. Thanks for sharing your experience as there are still a lot of users out there who are really putting their accounts at risks, without them knowing.

Cheers!

·

Yes, @shoganii, it never ceases to amaze me, the ends to which people go for money. In this case, it was a paltry amount, but it is the principle. I remain startled at how I felt - helpless and violated. Weird, looking back. I do hope, though, that this post will serve as a warning and as a learning for other newbies and minnows on @steemit.

@fionasfavourites , If you do need any assistant , you know where to find me.

·

Many thanks, @bullionstackers, I do. I really appreciate your having offered to hold the balance of my wallet in trust. That was such a learning curve and I do hope that my experience - as a novice and a layperson - will be of use to other folk who may be as bemused as I am over some things. I have learned an inordinate amount through this experience, not least of which is how this community really should work. Again, many thanks.

Oh my word, I remember how upset you were but just reading all the details makes me truly understand how truly traumatic this whole experience must of been. Thank you for sharing the whole nasty experience so that more can be made aware.

·

Looking back, I don't know if I should have been so upset. I felt such an idiot, but more than that it was the sense of violation and helplessness. I do hope that this post wasn't too emotional. I wanted to take a slightly different look at things as well as to help people be more aware of things. Hopefully I've achieved that.

Shame man! (really South AFrican comment). I hate that you need to go through such steps to protect yourself, but it is all too real. Thank you for sharing your lesson, so we dont have to have that same blood spot on the wall next to yours.
Keep well

·

No, please no more bloedkolle! It seems that the skollies are everywhere, so do take care, @towjam

·
·

LOL, I loved that whole sentence!

·
·
·

Hahaha! Lekker naweek....😉

Hmm, you have done a great job

·

Thanks so much!

Wow, it really a roller coaster ride you have. Sorry to hear that half of your wallet gone.

·

Ah, but I got the money back, and more, thanks to the care of Steemians who took the time to upvote and comment, as well as because someone just put the amount back into my wallet.

·
·

Lucky you @fionasfavourites. This is the power of community, everyone help each other.

·
·
·

It is, indeed.

Wow. Newbie that I am, your fine post simultaneously alarms and encourages me. That such things can happen, and take so much hassle (on your and others') part to put right, makes me seriously question whether the whole thing is worthwhile; I doubt I'd have had the patience to go through all that, unless just to get financially straight. On the other hand the extent to which good people rallied round, and the fact your nightmare COULD be put straight says everything about this community.

Thanks for taking the trouble to provide this valuable warning, the fundamental lesson of which is surely: be careful what you click for. I hope you've now returned to an emotional even keel.

As a side note, I greatly enjoyed "all of a sardine" - a James Joyce fan, clearly :o)

What an ordeal!! I knew the gang at @steemitbloggers had helped out, but I didn't know all the details. I started to tear up by the time I hit the part in your story where @raymondspeaks too! So amazing.

Thank you for the shout-out as well...so not necessary :) I'm just glad you are back up and running smoothly. Lesson learned and hopefully others will see your post and not have to experience the same thing!

Cheers :)

·

We are part of an amazing community and your support, not then knowing your and @briancourteau and then finding out, meant a great deal. A shout-out is the least I could do!

·
·

That's sweet, thank you :)

Oh wow! What an experience. I am sorry that you had to go through all that. I pray thay it doesn't happen to anyone else. Thanks for sharing and bringing more awareness to everyone about phishing and using the right keys. A nightmare indeed but the silver lining was how the community supported you! So awesome and I am so happy that I am part of such an awesome community too.

·

Thanks @khimgoh. If my sharing experience and what I learned, can help others, it's all good.