The counter-strike was efficient - The scammer got beaten at his own game.
Early this moring, I informed the community of two phishing initiatives spreading on Steemit! You can read it here.
I quickly responded to this threat to users' accounts by creating a bot to thwart this attempt to steal keys from naive users.
The whole story step by step
It all began with a comment from @demotruk in the Witness channel around 10:20 PM (UTC):
Thanks @demotruk for being my whistle-blower!
Right after our short discussion, I started collecting and analyzing data, coding the bot and writing my explanation post between two cups of tea.
|2017-10-10 00:34:48||Published my post mentionning the coming work of the warning-bot|
|2017-10-10 00:41:51||The bot started to issue its warning payment/message to all the victims of the attack, starting from the first transaction to the more recent.|
|2017-10-10 00:43:24||It looks like the scammer noticed my move and made his last phishing attempt. He stopped definitively (until now) to send scam payments.|
|2017-10-10 01:31:30||@samstonehill start to retaliate against me and flag all my posts and comments.|
|2017-10-10 02:09:54||@accounttransfers comes to help of his wicked buddy and also start to flag all my posts and comments. They will also flag @samstonehilltube post and any comment made by you, the steemit users, on my posts and on any related posts|
|2017-10-10 01:55:39||My bot has issued 751 individual notifications. Users information campaign completed|
|2017-10-10 13:43:21||Both @samstonehill and @accounttransfers surrenders and stop flagging|
The retaliation campaign was useless because:
- They were flagging like crazy at full power (100%) and found themselves short of amunition, with no more voting power, after a mere 215 downvotes.
- As their reputation has already been lowered by previous @steemcleaners’ campaign, their flag has no effect on any user’s reputation
We won this battle. Even if today score is “Scammers 0 - White hat 1”, I guess it's not the last confrontation.
Anyway, we demonstrated that this community is not without defense and that some users wants and do care of each others.
A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:
Rule 1: NEVER, I repeat, NEVER use or give your owner key!
Write this on a paper, stick it on the wall on top of your bed and read it loudly every night before falling asleep. If your wife/husband think you are crazy, it is because she/he has not yet an account on Steemit!
You should only use your owner key to:
- recover your account
- change the other keys
- give a present to your children a few minutes before dying.
Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.
Rule 3: Use your active key for special operation like money transfer or account update on trusted websites like steemit.com
Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!
4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.
Spread the words, resteem this post to your friends, and you will make the platform safer.
A last word ...
Thank you all for the support you provided to my previous post. I didn’t slept much last night but I woke up with a big banana smile when reading all the supportive comments.
Thank you for those who voted my witness. I feel really encouraged to continue my work and remain committed to making Steemit such an amazing platform.
Thanks for reading!
@lovelygirl is also spamming with scam micro-payments
The Warning-Bot will now monitor this account.