Upon scrolling through my feed last week I came across a contest by @simplymike where you could go into the draw to win a share of 20SBD by writing a post about the phishing scams going around on Steemit. Awesome, I thought, I will get onto that when I get time. Fast Forward a few days and I saw this post from @simplymike, about how few people had entered the contest.

It made me think that Steemians (me included) haven't been taking these scams seriously enough and it is up to us as a community to share and educate each other and try to stop these phishing scams.

Phishing scams

Before we talk about the phishing scams that are happening on Steemit, lets first look at exactly what phishing scams are:

‘Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication’ - Wikipedia

The fishing analogy

Think about the ametuer fisherman - he baits up his fishing rod and throws it over the boat and expects to catch some fish with ease, I mean there must be thousands of fish about! After a few hours and no luck he decides to try some new bait. And just like that, within 5 minutes he is reeling in a huge fish.

This is how the phishing scams work - the scammers throw out bait (in the form of malicious links and websites) and wait for someone to take the bait. Like fishing, there are many fish in the sea but not many take the bait. This is why the scammers work on numbers and send out these scams en masse to thousands of people. As people become aware of the scams the scammers have to come up with new ways to try and steal people's information (changing their bait)

How phishing scams work

Probably the most common phishing scams in the past have been through email. The scammers set up and email to look very similar to a company for example [email protected]. They then send you an email with a link to a website that again looks very similar to the original website - and this website will ask for your credentials. Obviously this site is owned by the scammers who now have your credentials and can steal from you.

There has also been reports of similar phone scams in the past, where people call you saying they are from Microsoft/Apple and that your account has been compromised and they need to reset your account. Again they check your credentials with you and then steal your information.

In these cases it is important to remember that companies will never call/email you and ask for your credentials (why would they need them if they already have them?). If you are suspicious the best thing to do is ring the company and try to verify and details with the company.

Steemit phishing scams

Alot of people (again me included) come to Steemit and dont even give a thought to phishing scams. I mean lets be honest a lot of us have migrated to Steemit from Facebook where there aren’t really any phishing scams - there's no money on people's accounts so no real reason for them to try and compromise your account.

Again like email scams the scammers leave comments on your posts trying to redirect you to sites that look similar to Steemit, but are created to steal your information and compromise your account. Another common scam is for the scammers to leave comments such as ‘join SteemXYZ for free resteems and upvotes’. But again it will be the same thing - taking you to a website that is made to look legitimate but will take your password and then steal your hard earned money).

Pretty much exactly the same phishing attempts are now happening more and more through your wallet. The scammers send similar messages as memo to your wallet - and I suggest treating these the same way as the phishing attempt comments.

With these scams the biggest red flag is when a link take you to a 3rd party website and asks for your credentials! 9/10 times this will be a phishing scam - if you are not sure about it then you're definitely best to avoid it.

What can we do to protect ourselves

The most important and #1 thing you should do is to only use your posting key when logging into to 3rd party websites (such as Dmania, Dtube etc). You only need your master key for transferring funds between accounts (such as paying for bots, or transferring funds to Bittrex).

Yes you have more than one password - took me a while to realise this!

Your master key is THE MOST IMPORTANT - once scammers have this they have full access to your account! With the posting key scammers can still access your account and post, vote and resteem but they cannot take funds out of your wallet.

I always look at someone's reputation score - if is below 25 then it means they have been flagged in the past and is a cause for concern. These scam comments are often littered with grammatical errors and poor english, so this is something else to look out for - but im sure this will change as the scammers get smarter.

There is some debate about whether you should be flagging potential scams yourself - some say that unless you have sufficient SP then your flag won't make a huge difference.

In the fight against these scammers I have noticed more and more bots popping up who automatically flag know scam attempts. Unfortunately although these are doing a great job it is still not enough as new and more elaborate scams are coming out every day.
I suggest following @arcange for his reports and updates on all of the different scams going on and what to look out for - its been really helpful for me! @steemcleaners is also another good page to follow and you can report suspected scams to their Discord group

I dont generally ask my followers to resteem but if you resteem this post (or write your own post about the phishing scams) your are keeping your followers more informed about this menace! Lets all work together to make Steemit a safer place!

References - Wikipedia

All images downloaded from royalty free website pixabay.com