How to Avoid Being Hacked Through Phishing Attacks? (A Steemit Friend's Account was Hacked and Funds Stolen. Let's Help Her!)
There is only one way to be hacked on Steemit and that is when you give away your password or keys to someone else. No sane person likes to give the keys away just like that so hackers have to work hard. Unfortunately, hackers are smart people too and they have developed techniques to hack other people. What a negative use of IQ and ability!
One such technique is called phishing. Phishing attacks are rampant these days!
...the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
My Friends Have Been Phished Already!
Phishing is what has happened with two of my Steemit friends so far. One of them is @hamzayousaf who was happy to have the account recovered last month. The latest victim of this menace of phishing was @jennyluv, who is from Nigeria and trying to make things right in life.
Her account was hacked through a phishing link and then used to spread the same phising link (because password/keys are compromised). She was so depressed because Steemit matters a lot and means a lot more than just a website. How do I know this? Because I interact with a lot of people around the globe and they share their issues with me; especially when they pertain to Steemit.
It was a depressing time. It would be for you too if your account is hacked and all your Steem/SBD is stolen. As a result of posting phishing links (hacker did that), she (her account) was flagged to 0 reputation score. Losing funds is one issue. Losing all the reputation is another. I had to counsel her and asked her to stay calm because everything will be good again.
Her account was recovered and the reputation score reverted back to the previous one after removal of flags. But the problem of lost funds still remained. To pull her out of that depressing scenario, I promised her that her loss will also be recovered. Guess what? Payout of this post will be utilized to send her all the funds she lost. So, do contribute with your votes to help a fellow Steemian.
How to Avoid Phishing Attacks?
Let's start by understanding what phishing is. Phishing and fishing sound similar because both have the same purpose; to induce to do something that is harmful. Some sort of a bait is used for both. While fishes like insects and stuff, people free money and stuff. Hackers offer some attractive thing and provide a link where that thing, free tokens for instance, is supposedly available.
When you click the link, you are taken to a sign in page of the website. The page asks you to enter your username and password. You do that considering it's Steemit asking for your password. But it's not Steemit. It's something like Steemît, Steêmit, Steemlt, Steemt, Steemiit, Stemit, Steemit.in, Steemit.cn, Steemit.me etc. etc.
In simple words, if you enter your credentials, you have been hacked and all your liquid funds will soon be taken out of your account. It can be a big loss depending on how much money you have in your wallet, or how much the amount mattered to you. I can afford to giveaway 15 Steem and 10 SBD in a single contest but 15 Steem is a considerable amount for many Steemians. What I mean to say is that a loss is a loss, no matter how big or small it seems to us.
Rule # 1 : DO NOT CLICK EXTERNAL LINKS
In a comment or a post from a dubious account, if you see a link which takes you outside Steemit, DO NOT click it. If it is a phishing link, your username and password is going to be compromised if you are not careful enough. External links are clearly marked with a sign these days. Here's an example from this post by @lukestokes.
The link to my blog is an external link and you can see the indication icon. All phishing links are external links. Do not click external links directly, never from doubtful sources (or an already compromised account).
Rule # 2 : Copy External Links, Paste in Browser, Examine and Only Then Visit Trusted Links!
Saftey comes with some inconvenience. You will have to do it to minimize the risk or hacking. If you are okay with losing your money, be lazy and click whatever you come across. But if you wish to keep your account safe from hackers and phishers, then do the following.
- Right click/long press the link and copy link address.
- Paste the link in your browser and examine it. If it's one on the Stéèmit.com type, do not open it.
If it seems legit, you can open it.
But if upon opening it asks you to give your username and password, do not enter your information at all. (SteemConnect logins are exception to this because the app is trusted).
But even SteemConnect can ve SteemConñet, SteemÇonnect, SteemCónnect or any combination of deceiving spellings. So, you have to be very vigilant.
Stay Safe!!!
I hope you understand phishing and how it works (if you didn't know already). I thought it's important to educate people about the risk of being hacked through phishing after seeing people hacked. I also hoped to recover losses of one of the victims through the payout of this post (because it will be a community powered rescue mission).
It is up to you to resteem this post to make people aware and safe. Your upvote will contribute in recovering the loss of a fellow Steemian, as well as give some visibility to this post.
Thanking you all I remain,
Ilyas Tarar
Thanks @Ilyastarar for your kind hearted gesture. I really appreciate. You are indeed a good man.
@jennyluv
Some Lesson to learn.
Do not simply click and provide your Account Password.
What you have cause other because of your carelessness , they not only Hacked you , thru you many other have also become Victims of The Cyber Criminals
Let pass this message to other so they will not become another victim of Bad Links
Thanks, @bullionstackers, for leaving a message. This chain reaction is why I wanted to warn people and let them know how they could avoid being phished.
I know for sure that if my account is compromised, dozens more will be compromised within hours due to the level of trust people have. One must not let it happen.
Thanks @bullionstackers, I have learnt my lessons. Such thing will not happen to me again.
If you see one of this, you know where to Report to.
What a nice gesture! I hope you manage to collect enough money for @jennyluv!
I got very cautious these days. I publish daily and whenever I do, right after publishing the spam bots leave their automated messages, sometimes with external links. I don't click them of course. But I flag them and report them to steemcleaners.
I really think, it got out of hand with spamming on steemit. Is there actually anything else one can do beside flagging and reporting to steemcleaners?
My brother @drqaisarbashir has also been the prey of some miscreant due to which he lost some funds and lot of enthusiasism.He almost gave up.Now i am trying to rehablitate him back in my own way(minnow myself).
That's very nice of you to help someone out. It's crazy how rampant the phishing attacks have become. Thanks for doing what you can to raise awareness.
The first day I registered, I was almost phished. I was just lucky that day. Immediately I posted, an account made a comment about resteeming.
I suspected initially, but, the reputation of 45 on the account deceived me. I was still contemplating on opening it when another account made a comment that it's a pishing link.
Thanks for preaching this...
This is great and wonderful post, thanks for sharing this, I'm so glad @ilyastarar
Thanks brother for aware of us. We often forget these and you have notified us again. Thanks again for the useful awareness content.
It really makes me angry that this keeps happening to good people that are just trying to make a better life for themselves. Its great of you to step up and help out.
Once again very informative post, this is very important issue for everyone but we do not give proper consideration until unless we faced this type of issue. Thank you reminding us :)
I like to ask one question that sharing Keys with sites like steemfollower is also dangerous or not ?
Vow that was a viscious hacker who not only stole but also brought down the victim's reputation to 0. Really happy to see her reputation being restored though, and like you said, we should also help recover her funds. So good to see that the rewards from this post would be given to her.