THE MENACE CALLED PHISHING: WE SHOULD BE CAREFUL

in #phishing7 years ago (edited)

hacker-1944688_1280.jpg

source

Jimmy joined Steemit March 2017. By this year, he has grown tremendously. A day after he posted a motivation post about his year journey on Steemit, he got hacked - he clicked on a link a steemian posted and submitted his master key. He checked his account and discovered he just lost 568 steem, 210 SBD and his reputation dropped from 57 to 16. He was a victim of phishing attack just like many other Steemians in recent times. What then is Phishing?

WHAT IS PHISHING?

Phishing is an online crime in which the perpetrator disguise to be trustworthy to lure personal and private information from a target or targets. This personal information is then used to access target's account and later used for identity theft and loss of financial asset.

On Steemit, phishing is a cyber crime where a target is lured to click on a link or URL that leads to identity theft and financial loss. Under identity theft, the perpetrator takes over the victim's account and posts comments containing phishing link, this will eventually lead to flagging thereby reducing the victim's reputation. The perpetrator also transfers steem and SBD from victim's account to another account or directly to bitrex because the victim dropped his/her master key.

HOW TO EASILY DETECT A PHISHING COMMENT

  • SPAMMING: Check the poster's comment section. It will contain same message sent to many users with a phishing link.

  • SUSPICIOUS ADVERTISEMENT: The advertisement is just "too good to be true." It boils down to your gut to understand that hardwork pays not some shortcut to earn.

image

  • FREQUENT AND SUDDEN TRANSFER FROM WALLET: One thing is constant with a victim's wallet; there is immediate transfer of steem and SBD to a suspicious account and bitrex. When you suspect a steemian's comment on your post, check the user's wallet to detect frequent transfer.

image

HOW PHISHING ATTACK WORKS

They clone a website and include the link in a comment. When a victim clicks the link, it redirects to the phishing website that requires for password. Once the victim submits the password, it redirects back to steemit. Then the attack on the victim's account can start.

HOW TO PROTECT YOUR ACCOUNT

  • Backup your master key and keep safe: This is very important before you even start steeming. Keep your master key somewhere very safe but accessible whenever you need it. Your master key is important to retrieve your account in case of hacking or loss of your account.

  • Login with ONLY your posting key: This is the most important thing for your safety on this platform. There are 3 important keys: posting key, active key and master key.

image

Please let us endeavour to login to steemit on our phone or computer with posting key. With this, no transfer can be made from your account.

  • Be sure of URL link before you click it: These scammers are very smart, they clone websites or make a website URL that looks so much like steemit but it isn't. Be vigilant.

  • Never give out your password to any app or website without proper research: Sometimes we might get carried away and click a link that will request for our password or key. It is important to be sure of the page before dropping our key. Even if you have to, it should be your posting key. If you download an app that request for your master or active key, research or Google or ask people about the app. I can boldly say, it is only steemconnect I am sure of.

  • Report any suspicious account or link on @steemcleaners' discord channel: Many steemians do not know there is a discord channel for @steemcleaners. Well, now you do and it is our general duty to report all phishing comments, links or accounts to the channel for flagging. Flagging hide these comments and reduce the harm.


I hope this post helps to reduce phishing attack and create enough awareness but the truth is, some Steemian will still fall so it's important to write on what's next after a phishing attack.

HOW TO GET YOUR ACCOUNT BACK

Click on Stolen Accounts Recovery. Fill in your account name and recent password then begin recovery.

image

It takes up to 24 hours to get a recovery mail after filling in the email address you registered your account with.

Another phase after getting your account back is your reputation. Victim's account get flagged due to spamming and phishing link thereby reducing his/her reputation. The first thing to do is edit all the comments made via your account then report yourself to @steemcleaners. It may take time but it will eventually be unflagged and your reputation will be restored.


I want to make an important point before I end this article. Discord is important if you are a Steemian. Gina on discord will inform us of activities happening to our account. Also, a concerned Steemian can easily locate you on discord and inform you on what's happening to your account.

image

The above image is just an example of finding @simplymike on disord, it is that simple.


For additional information, visit @arcange, @bullionstackers, @simplymike and @guiltyparties blog. We should appreciate their effort to curb this phishing menace.

Other Images Source


This is an article for @simplymike contest and awareness against phishing, read the original post here. Thank you @simplymike for this, God bless you.

Sort:  

WARNING! A link in this post by @imbigdee leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.

The link has been removed, people! No worries!

The guard comment couldn't be edited, but everything is fine with the post :)

great work as always, keep it up

You just planted 0.30 tree(s)!


Thanks to @imbigdee

We have planted already 4643.09 trees
out of 1,000,000


Let's save and restore Abongphen Highland Forest
in Cameroonian village Kedjom-Keku!
Plant trees with @treeplanter and get paid for it!
My Steem Power = 18673.28
Thanks a lot!
@martin.mikes coordinator of @kedjom-keku
treeplantermessage_ok.png

Hello imbigdee!

Congratulations! This post has been randomly Resteemed! For a chance to get more of your content resteemed join the Steem Engine Team

Thanks for your entry, @imbigdee.
A bit unfortunate that you got flagged, but I went over to Steemcleaners Discord channel and was assured the flags would be taken away soon.
I should have mention in my contest post tha lt you should never use the domain name of one of the phishing sites.

Your entry is definitely valid, and I think you have done a good job informing people. Thanks for that.

Once the flags have been removed, don’t forget to leave a link in the comment section of the contest post :0)

Rule No. 1: Never lose money. Rule No. 2: Never forget rule No.1

I am so glad that I have learned how to make Discord robots and blocked all link dropping in our server. We should never click on things that look strange.

This post has been selected by Altruistic as a post of the day has been given an upvote.

You can join us on her discord server: https://discord.gg/KHB9eJk to know more about what we do and how we can be of help. To earn more curation reward, you can follow our trail on steemauto.com or streemian.com.

Please kindly upvote this comment in order to keep us helping plankton and minnows that their quality posts are undervalued.

#altruistic-steem

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by imbigdee from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.

You got a 17.29% upvote from @slimwhale courtesy of @imbigdee!

Did you know you can make a passive income by simply delegating steem power?
@slimwhale offers the best return on your investment, sharing 100% of the bidding pool rewards, daily, proportional to your investment.
Let's grow together, start earning now by clicking the following links: 10SP, | 50SP | 500SP, | any amount |
For more information, see here or join me on Discord

Coin Marketplace

STEEM 0.19
TRX 0.16
JST 0.031
BTC 81268.43
ETH 3146.04
USDT 1.00
SBD 2.76