Keep yourself safe from phishing scams on Steemit!

in #safety7 years ago

Upon scrolling through my feed last week I came across a contest by @simplymike where you could go into the draw to win a share of 20SBD by writing a post about the phishing scams going around on Steemit. Awesome, I thought, I will get onto that when I get time. Fast Forward a few days and I saw this post from @simplymike, about how few people had entered the contest.

It made me think that Steemians (me included) haven't been taking these scams seriously enough and it is up to us as a community to share and educate each other and try to stop these phishing scams.

hacker-3081816_1280.jpg

Phishing scams


Before we talk about the phishing scams that are happening on Steemit, lets first look at exactly what phishing scams are:

‘Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication’ - Wikipedia

The fishing analogy


Think about the ametuer fisherman - he baits up his fishing rod and throws it over the boat and expects to catch some fish with ease, I mean there must be thousands of fish about! After a few hours and no luck he decides to try some new bait. And just like that, within 5 minutes he is reeling in a huge fish.

angler-3308264_1280.jpg

This is how the phishing scams work - the scammers throw out bait (in the form of malicious links and websites) and wait for someone to take the bait. Like fishing, there are many fish in the sea but not many take the bait. This is why the scammers work on numbers and send out these scams en masse to thousands of people. As people become aware of the scams the scammers have to come up with new ways to try and steal people's information (changing their bait)

How phishing scams work


Probably the most common phishing scams in the past have been through email. The scammers set up and email to look very similar to a company for example [email protected]. They then send you an email with a link to a website that again looks very similar to the original website - and this website will ask for your credentials. Obviously this site is owned by the scammers who now have your credentials and can steal from you.

There has also been reports of similar phone scams in the past, where people call you saying they are from Microsoft/Apple and that your account has been compromised and they need to reset your account. Again they check your credentials with you and then steal your information.

email-3249062_1280.png

In these cases it is important to remember that companies will never call/email you and ask for your credentials (why would they need them if they already have them?). If you are suspicious the best thing to do is ring the company and try to verify and details with the company.

Steemit phishing scams


Alot of people (again me included) come to Steemit and dont even give a thought to phishing scams. I mean lets be honest a lot of us have migrated to Steemit from Facebook where there aren’t really any phishing scams - there's no money on people's accounts so no real reason for them to try and compromise your account.

Again like email scams the scammers leave comments on your posts trying to redirect you to sites that look similar to Steemit, but are created to steal your information and compromise your account. Another common scam is for the scammers to leave comments such as ‘join SteemXYZ for free resteems and upvotes’. But again it will be the same thing - taking you to a website that is made to look legitimate but will take your password and then steal your hard earned money).

cartoon-character-2934389_1280.jpg

Pretty much exactly the same phishing attempts are now happening more and more through your wallet. The scammers send similar messages as memo to your wallet - and I suggest treating these the same way as the phishing attempt comments.

With these scams the biggest red flag is when a link take you to a 3rd party website and asks for your credentials! 9/10 times this will be a phishing scam - if you are not sure about it then you're definitely best to avoid it.

What can we do to protect ourselves


The most important and #1 thing you should do is to only use your posting key when logging into to 3rd party websites (such as Dmania, Dtube etc). You only need your master key for transferring funds between accounts (such as paying for bots, or transferring funds to Bittrex).

Yes you have more than one password - took me a while to realise this!

Your master key is THE MOST IMPORTANT - once scammers have this they have full access to your account! With the posting key scammers can still access your account and post, vote and resteem but they cannot take funds out of your wallet.

I always look at someone's reputation score - if is below 25 then it means they have been flagged in the past and is a cause for concern. These scam comments are often littered with grammatical errors and poor english, so this is something else to look out for - but im sure this will change as the scammers get smarter.

There is some debate about whether you should be flagging potential scams yourself - some say that unless you have sufficient SP then your flag won't make a huge difference.

flag-153968_1280.png

In the fight against these scammers I have noticed more and more bots popping up who automatically flag know scam attempts. Unfortunately although these are doing a great job it is still not enough as new and more elaborate scams are coming out every day.
I suggest following @arcange for his reports and updates on all of the different scams going on and what to look out for - its been really helpful for me! @steemcleaners is also another good page to follow and you can report suspected scams to their Discord group

I dont generally ask my followers to resteem but if you resteem this post (or write your own post about the phishing scams) your are keeping your followers more informed about this menace! Lets all work together to make Steemit a safer place!

References - Wikipedia

All images downloaded from royalty free website pixabay.com

DQmQzFM2sDp5wYpaoktgk9L8RzJCCwPgheNTHo23JUwfAGZ.jpeg

Sort:  

Resteemed to over 17600 followers and 100% upvoted. Thank you for using my service!

Send 0.200 Steem or 0.200 Steem Dollars and the URL in the memo to use the bot.
Read here how the bot from Berlin works.

@resteem.bot

We are happy to be part of the APPICS bounty program.
APPICS is a new social community based on Steem.
The presale was sold in 26 minutes. The ICO is open now for 4 rounds in 4 weeks.
Read here more: https://steemit.com/steemit/@resteem.bot/what-is-appics

@resteem.bot

Very informative post, @conradt. Thanks for helping to spread the word.
I did noticed you confused the master password with the private active key.

Your master password is the one you got when you first signed up for SteemIt and logged into your account. That master password should be stored in a safe place, preferrably offline. You only need it when you want yo change your password and keys, which won’t happen very often.

For transactions, you need your private active key, which can be found in your wallet under the ‘permissions’ tab. This is the one you need to send money or a delegation to someone.

I like your analogy with fishing. It is indeed probably where the term phishing comes from - or so I think. Anyway, I liked the way you used it to explain.

Again, thanks for spreading the word. The more people know how to protect their account, the les ms people will fall victim. I really appreciate your help.

Great post on the issue, i nearly fell foul of this early on tha kfully one of the bots you mentioned flagged the comment before i had a change to reclaim my 100k+ upvotes 🤔 lesson learned without loss thakfully .upvoted and resteemed 👍


This is a curation bot for TeamNZ. Please join our AUS/NZ community on Discord.
For any inquiries/issues about the bot please contact @cryptonik.

Your Post Has Been Featured on @Resteemable!
Feature any Steemit post using resteemit.com!
How It Works:
1. Take Any Steemit URL
2. Erase https://
3. Type re
Get Featured Instantly & Featured Posts are voted every 2.4hrs
Join the Curation Team Here | Vote Resteemable for Witness

You have been resteemed by @resteemy, courtesy of @conradt!
Want to increase your following? Read more about me here

This post was resteemed and upvoted by @anupbose and @apukb for Upvote and Resteem to 1,855+and 1040+ Followers Send 0.100 SBD or STEEM to @anupbose with URL in the Memo thanks to @conradt for using my service.

Coin Marketplace

STEEM 0.21
TRX 0.19
JST 0.033
BTC 88143.70
ETH 3251.58
USDT 1.00
SBD 3.00