Introducing @guard -- a Proactive Measure to Limit Phishing on Steemit

in steemcleaners •  4 months ago


As many of you might know, there have been several phishing attempts on users here on Steemit, aimed at stealing your private keys. As a reminder to all users, please be careful when clicking links and entering your private keys! Do not open links from users you do not trust. Do not provide your private keys to any third party websites.

Phishing is an extremely invasive attack that can become exponential if not contained early, similar to how a virus works. Once the phisher gets a hold of a posting key of another account, the newly infected account can then also be used as a carrier to try and spread the infection. The only way to immunize against such a threat is to start early, and pro-actively attack the commonality (the virus) rather than post-actively quarantine users as they become infected. Worse, users infected may have their funds stolen -- the damage has already been done. We want to prevent more users from being infected immediately.

To address this, I have created @guard. Rather than work of a list of known infected accounts, @guard instead searches for the phishing links themselves, and presents a warning any time one is detected. Despite attackers attempts to hide phishing links (such as with link shorteners), @guard will still catch them.

With this introduction to @guard, please understand the following two pieces of information on how to help us fight phishing.

1. How to Properly Warn Others of Phishing Links

While it is great that users are warning others of phishing links, including the phishing link itself in the warning can actually lead to accidentally spreading the infection! It is important to be careful. Try to make sure when commenting/warning about a phishing link, to avoid using the url itself. This includes links you think may not be clickable (such as removing the www, or http://), as some browsers / extensions can make them clickable anyway.

Furthermore, it is not possible to programically determine if a user is warning of a phishing link, or actively trying to phish, if both cases use the phishing link itself. To this end, please, when warning others, try to use something un-clickable like badwebsite(dot)com.

2. Reporting Discovery of new Phishing Links

As this method of prevention does need to be updated when new phishing links (e.g. new domains) are discovered, timeliness is important. If you find a link you believe to be phishing (and wasn't already automatically caught by @guard, or manually found by @steemcleaners), please report it immediately to @steemcleaners via our discord chat. If unavailable, you can try directly contacting a @steemcleaners member.


That's it. If you have any thoughts/questions/recommendations about the bot, feel free to comment below!



Like what I'm doing for Steem? If you want to see development of Steemcleaners and associated efforts continue, please vote for me as a witness here!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you @anyx......this is a much appreciated development.

Steemians appreciate all you do.

All the best.

Cheers.

·

Indeed, I had hated @cheetah, untill I read the cheetah's faq on @anyx blog. @anyx is indeed a blessing to steemit. Like @bentleycapital says,

Steemians appreciate all you do.

Thank you.

Hi @anyx . If it works as a cheetah, which accuses users of plagiarism without checking or thinking, it will still be a useless bot, even more damaging.

#steemcleaners for life! Nowa days it is very important to reconize phising links and ways how people try to phis you. Rule number one is, you never get something worthy for free. Second rule is, you never get more than you give when somebody promise that.

It is great to make an anti-phishing network, especially in crypto currency and the crypto rush where people find ways to get more and more from the everage joe.

Always think 3 times before you act on crypto guys, stay safe. PEACEE

interesting

NO more phishing on steemit

Phishers are increasing day by day on steemit
My friends account is compromised by phising attacks.
Thanks for @guard it will really helpful in preventing us from phishers.

·

I’ve had the same thing happen to me. I wrote a guide on how to recover your account https://steemit.com/mapsters/@simplymike/got-hacked-here-s-how-to-get-your-account-and-reputation-score-back (legit link)

This is awesome! This is a such a wonderful tool that you developed there. This way people will feel more confident when people who are genuine share a link with someone who is legit, like when I link my website to someone who asked for it, you know. Versus people just posting "great post thank you follow back" with a link.

Thank you so much for this. I think it's truly wonderful!

Good content and an interesting read. Thank you for sharing.

This @guard comment on one of my post really save me and I immediately flagged that phishing comment.

@anyx, I've written a community database/tooling proposal on the subject, just a few minutes ago, I did not knew, you had already used the name "Guard", so my bad for the name overlap, I'll rename the proposal at your request.

https://busy.org/@hernandev/proposal-steemguard-phishing-and-scam-protection-tools

·

That's up to you really, the term "guard" is too common to restrict I think. :)
I think it would be polite if you changed the name though, since its early enough in your project, and then you can avoid confusion.

Thank you for being proactive in this fishing scam.

This is innovative and life saving.

Humanity owes you.

I got hit by it already today, when posting a psa about a phishing site:))
That was a quick lesson learned:))
But that is a good initiative!

https://steemit.com/deutsch/@janisplayer/phishing-die-alte-scriptkiddy-praktik-jetzt-auch-auf-steemit
Can you please delete my flag?
I wrote a phishing warning in this post.
The link was not clickable and it was explicitly warned against clicking on it without security measures.
I have now deleted the link.
You're doing a good job.
I have a link for you or a user I mentioned in my post.
This user posts such links.
He shortens them so they do not report him.

·

Hey, looks like a team member removed the flag already. Please make sure to read point #1 above; it's impossible to tell if a user is warning or trying to phish, if they are using the link itself!

Thanks @anyx for developing this phishing countermeasure!
Your tech already came to our community's aid on a post on my feed yesterday, where it was found in the comment section and readily dispatched.
Thank you for all you do Scott!!!
🤝🤜🤛

I love this idea so much. Thank you for your hard work.
I like all of your stuff because your content type is very educational

FANTASTIC initiative! Thank you!

All most everywhere Phishers have. Thanks for your guard .

wonderful.

Congratulations @anyx, this post is the second most rewarded post (based on pending payouts) in the last 12 hours written by a Hero account holder (accounts that hold between 10 and 100 Mega Vests). The total number of posts by Hero account holders during this period was 373 and the total pending payments to posts in this category was $5419.48. To see the full list of highest paid posts across all accounts categories, click here.

If you do not wish to receive these messages in future, please reply stop to this comment.

very interesting post. thanks for share

Great intuitive, I see too many phishing attempts lately.

Sounds like a good idea to me.

But you didn't mention how guard will work against phishing.

·

@katteasis, The answer is in pharagraph 3.
@guard will appear in the comment section of a suspected phishing link post to warn the user & flag that phishing link down.

@anyx This is very helpful to minimize these phishing crime. After my old account was hacked, I do love reading more about this anti hack/scam posts. Lol

Voted & resteemed

·
·

Hi @joyrobinson
Glad to see your slowly climbing up the ladder again. ;0)

·
·
·

Slowly but surely @simplymike. Thanks! 😀

Great job!! This is something we need badly, and you stepped up and got it done!!!

Hopefully this helps stop alot of the phishing hacks

Great initiative!
I wrote a chrome extension to flag those scam links and highlight external links: https://steemit.com/utopian-io/@quochuy/steemed-phish-v0-0-16-adding-a-tooltip-to-external-links

But @guard will help those who prefer not using extensions or are on other browsers and mobile devices.

Thank you - I'm relieved I came across this in my feed. I haven't been phished yet: your post's increased my self-confidence on this platform.

Excellent project and much appreciated!

oustanding man
kkep it up may god bless you21125846_10159280077600273_5223021183619825664_n.gif

Oh...Good posting. I very like it.

With people like you steemit would be a safe haven for people like us...thumbs up

I like.
You've created a great post.
Steemiant success.!

Are you able to program @guard to "listen" like (at)cheetah does?

For example, there is a comment in https://steemit.com/hyperwaves/@aggroed/hyperwaves-bubbles-and-bitconnect that uses URL shortening. It's be great to ask guard to check it.

·

Guard won't listen, it checks everything. Cheetah doesn't listen to @cheetah either, same deal.

It's supposed to check through URL shortening, but for some reason that one slipped through. Thanks for the heads up, I'll try and figure out why and fix it.

·
·

please do something i request you

·
·

thanks you very very muxh

So, if anybody wanna help,or maybe finds a phishing site... contacting @steemcleaners is a way.

Reposted to help boost the message. Thanks for the heads up.

I love a bit of proactive spam-phish fighting!

Thank you so much for all that you do to keep this platform safe. I have a couple of friends whose accounts were hacked, and I know it was totally their fault for not paying close enough attention to what they were clicking on, but the fact remains, it's a rotten thing to happen to anyone! I just noticed your new "guard" pop on in a comment section of a post and came here to say thank you!! You have my witness vote for sure ;)
Cheers!

pleas look..warning @rajeeb
have a problem link.click link,after exit steemit..

Added to a few discord promo drop boxes, and to a library/reading room in greetersguild discord so that if questions arise we will know where to turn. Thank you for the work you are doing.

Well done and thank you! I'll have to research this more tomorrow though, for I'm only at my PC briefly this evening. Goodnight!

I hacked my posting key, but I change my password. can you check my account and stop downvote. Deeply thanks for your help

Whats your algorithm that it is a scam link? Or is it entirely labour effort? maybe steemit.com can introduce something like a verified check on the account. If users can't see the check sign they can be wary instead of finding all kind of phish link. Or even make a plugin for different browser?

very great essential for me

WARNING! The comment below by @blockchainfiend leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.

I am about Bot @guard on my post in Bahasa Indonesia. so many people know it. Why I am downvote by @guard
https://steemit.com/scam/@amriadits/bot-khusus-pendeksi-komentar-phishing
Capture.PNG

Please help, to revoke the flags in this post. Because it is beneficial to Indonesian audiences. So they also know the news about this.

FYI: autosteem.com has moved to autosteem.info!

I'm glad there is good guys out there looking out for us minnows

Cherish them or abhor them...these bots are here. While I comprehend the potential disappointment or financial inspirations that accompany paid voting administrations (...heck, would we be able to simply call them publicizing already...), it's as yet critical to take a gander at they positive and negative impacts they have here on Steemit.

Thanks for sharing valuable post.
I continue follow your post.
I appreciate your contest @anyx

good job @anyx, @guard is a good bot, maybe put up a bigger warning symbol?

This includes links you think may not be clickable (such as removing the www, or http://), as some browsers / extensions can make them clickable anyway.

o/. What extensions are that? ... why is guard triggering when you use scamsite.domain without any protocol mentioned? ( http, www, etc )

i understand this initiative

but i want to request those 2 flags i got here to be removed, i was making a decent comment me thinks, and now is hidden. and i appear as a shady person to that new steemian and all the ones that read that post #introduceyourself

https://steemit.com/@zee007/helo-my-name-is-zeenia-mir-and-i-am-new-to-steemit-community-3eca6a5c631d8

i do not think i deserve this bad rep...
my comment was not shady or something... i think i was giving good advice @guard and @mack-bot think the opposite, please review it

·

RTFA.
Even if you "think" removing the www or http doesn't make it clickable, there are plenty of ways to get around that. There is no way to determine if the link is phishing or not just because you "think" it doesn't link.

<a href="google.com">google</a> or [google](google.com)
appears as:
google

Solution is simple. Don't use a real link.

·

you leave me this reply @anyx

Hey, please avoid using real links when referring to or warning of scam sites! See point #1 in my post here for why.

I was not providing real links, i do not provide real links in my posts, comments.. precisely to remember people about phishing . Used scamsite.domain without any http or www.. and i was being very clear that was a site i almost got scam into.

·
·

also was not just site.domain. it was "site.domain" to add more to the context it was a scam site.

I got to know about the cool work you do by @thekittygirl Well done @anyx 🤜🤛

thanks for @anyx. Im a newbie. I have a question, where to report scammer account? Here's my post about a certain user account that spread the pishing site.

https://steemit.com/news/@purepinoy/scam-warning-alert

Good job @anyx
But please do remove the flag on my comment, I was warning against phishing and your bot flagged it because I included popular phishing links in the writing.
Thanks a lot.
https://steemit.com/steemit/@hanen/my-steemit-account-was-stolen-and-recovered#@petermarie/re-hanen-my-steemit-account-was-stolen-and-recovered-20180325t212433180z

This is great, this will help a lot, we all appreciate your efforts for all steemians. Thanks

This is a very good thing. Thank you very much for your help. In most of my posts, many links are done, but I did not click anyone of them because i were new on steemit and I wanted to understand the steemit.
But because of being new on the steemit, I did not know the rules of the steemit, and I made a big mistake
I used to be copyrighted
And the cheetah became active
I have sent him a message on the Steem Chat This is the message:
Hello cheetah bot, i was new and didn't knew that we have to write source of the pictures as i was really new to the steemit. I am little bit weak in english so i didn't understand what you were trying to say, i am really sorry.. Hope you will understand i wouldn't repeat it. Please so stop in commenting now i will write source.
but bot is still active please do something m really worried guys please

follow and vote me please

A new guard shield very nice

Thank you @anyx ...i.m under panic state...i didn t got your message in first place and i didn.t click the pishing link but wrote manually the nickname in browser..and then i got guard bot message...i can.t believe my work of 3 months could have gone in 2 seconds:((((((...can.t we do something against these attackers?:(

Thank you very much my account @steem4depoor was hacked and now all my hope is lost. I have to start all over again and it has not been easy. now my account is @steemgh. hmmmmmmm

This sounds useful, but I do not see any info as to how I should use it to protect myself - or have I misunderstood what this is?

Its really crappy how people do these things. Thank you for what you do.

Hi @anyx, I found out about you through this post: Steem Witnesses, and why they matter!
I already joined the Steemcleaners Discord Server to have access to post that could keep us up to date! thanks!
I do have a question though, it will be cool to know if there is a way we can find out if we are infected before anything bad happens. Any ideas?

i would like to bring witness t0 me ye i.d. 0 w/(h) e (a)d https://steemit.com/g0fig/@xubrnt/ned-steemit

Thanks for being such a useful witness, I've included you in this post and I hope that you will do much more for steemit. ☺

@anyx
The posting key of my account was hacked leaving many weird phishing comments on various posts. I changed my account password successfully.
I also updated all the comments to make sure that no one falls into the trap of the phishing website.
Now, I want to get all the downvotes removed from all the comments from mack-bot and guard because seeing those, many Steemians are still downvoting on those comments. Please, am waiting for it to be done on urgent basis.

Thanks @gaurd.
I have just been notified by you on my most recent post that a link could be a known phishing.
In fact I unintentionally misspelt an link.
Please respond to my reply and let me know.
I have since corrected the misspelt link, as no harm was intended.

Thank you @anyx......this is a much appreciated development.

Steemians appreciate all you do.

All the best.

Cheers.

@anyx please consider removing your comment from this post. I did not know how to warn people about phishing links until after your robot had spammed my post with the implication that my username is trying to steal accounts, or is not to be trusted.

I appreciate the service your bot is attempting to provide, but I would suggest implementing a protocol where the bot looks for multiple back-to-back instances where the same username is spamming a phishing link in a short span of time.

This way, innocent people who are simply trying to warn about phishing links, they won't be accidentally flagged by your bot. There has to be some type of intelligent way to tweak the algorithm more optimally.

What happened with my post was someone posted a phishing link, and I had no clue it was a phishing link. Then a bot warned that it was a phishing link so I up-voted that bot, and left a comment of my own stressing that that url was a phishing link and that they attempt to spoof steemconnect.

Then the same bot that I upvoted, warned that I was a scammer. So I censored the link, and managed to get that bot owner to delete, but two seconds later your bot is warning about mine warning. It's pretty much a nightmare, there has to be a better way.

Good to see you are addressing phishing problem.

Congratulations @anyx! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!

hi how r u

One very useful post and so perfect.@anyx