Pull Request Submitted - Added spam and phishing warning to wallet history
There have been a lot of users sending malicious links (spam, phishing, etc.) to users using wallet memos. I submitted a pull request to warn users about clicking on links that they see in their wallet.
The text will read:
Beware of spam and phishing links in transfer memos. Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
It will be above the transactions in the history section of a user's wallet:
The pull request can be viewed here:
https://github.com/steemit/condenser/pull/1822
The PR is not accepted yet and there is no guarantee it will be approved, but I plan to work with Steemit, Inc. to make any edits necessary to try and get it approved. Hopefully we will see the changes up on the live site soon!
Thank you for bringing this to light.
It is amazing all the ways that people's accounts are being attacked. I guess the money is simply too tempting.
Perhaps the developers can establish some type of double opt in for any money transactions.
I use my posting key to log in..does this protect against the phishing scams?
It helps, but it doesn't make you immune.
Yes we need a fishing warning ;-)
I very much appreciate that u care, but I'm not sure weather this helps. User tend to click on everything even when there is warning.
Warning for users is ok, but there should be done something to stop spammers and scammers.
Just my opinion
J
We'd need to define what "something" is.
anything ;-)
Nah. I see that this is not so easy. I mean all these spammers they operate directly on the blockchain and theres no easy way to stop them.
J
Wow. Just wow!
This proposal is very helpful to us since nowadays so many "the so called hackers" took advantage to the unaware users and they do phishing on them to get their logged on their account.
This freature or update (i may call it update) will serve as a warning so that the phishing activity will be prevented. One of my friend was a victim on this modus.
Please push that feature @timcliff this is really a great improvement on the steemit world.
I just hope that new users dont fall for these scammer tactics and then quickly get a bad opinion of Steem. Thanks for posting this and doing what your doin @timcliff
Thee world is full of nefarious characters and theives. We livest among pirates! argggh.
Do not provide your private keys to any third party websites
would that include Busy and ChainCC or other 'spin-offs'
(how can we be sure they are legit?)
Suggestion...increase the cost of wallet spam to a substantial amount.
.001 steem doesn't discourage anyone from sending out thousands of spam
1.00 Steem would..but would still not be enough to discourage legitimate activity.
.
I think that is Steemit's official stance to warn users against it. If users trust third party websites though, it is their choice.
I'm for the idea. I'd actually like users to be able to set a minimum threshold to be able to send them funds with a memo. Users could set it to whatever they want. If someone wants to pay me $5 SBD to send me spam, then I suppose I'd be ok with that :)
Absolutely agree.
Completely agree with you.
Now this is a good idea I did not think about.
Hey Tim, I realize this post is months old but I'm a noob (12/17) and saw a user going by "hottopic" post the following in the memo line of my wallett - "Hello dissfordents. I Followed you.If you follow me, I'll be happy.Thanks :)"
I instinctually clicked on the username. Has the security of the wallet been compromised? I will never make that mistake again after seeing this post. Advice appreciated.
Clicking on a username should be fine. Just make sure you never leave the steemit.com domain, and that you didn’t have to re-enter your password.
Thanks a million Tim. I'm kinda low-tech, and appreciate your prompt reply.
Never go to any site you do not know or trust sent via memo here.
I am so tired of people spamming my wallet with 0.001 Steem or SBD transfers - just to advertise their stupid, over-priced resteem "service." Many of the followers of these so-called services seem to be full of fake & inactive accounts, or get followed by noobs to the platform who don't know any better. It's really annoying, but I suppose that the more successful that SteemIt becomes... the more attempts there will be to find ways to exploit the blockchain for free, low-quality advertising. 0.o
I look forward to the day when we can slap-down people who spam our wallet memos.
Upvoted and Resteemed.
you are the best witness @timcliff
I mean you are the only one who replies to his followers
Thanks :)