Public Wallets And The Target On Your Back (Original Article)
They're coming for your wallet. But not with code.
Words by me: @condra
Steemit is unprecedented, and utterly revolutionary. A blogging platform and social network with built in currency, essentially "INTERNET MONEY", and everyones financial status on full display to everyone. That is an irresistible cornucopia of opportunity for the hoards of unscrupulous cyberthieves out there.
Factor in the somewhat uncomfortable detail that Steemit is, at least in this early stage, populated by people with sophisticated technical ability, and indeed, something of an interest in MONEY. Yes ladies and gentlemen, they walk among us.
Imagine now, if you will, that your name is @laurapalmer.
You do a few travel blog posts and suddenly things start taking off. Your latest article got you 2000 dollars and the previous one did almost as well. You've talked about growing up in Twin Peaks and working at One-Eyed-Jacks, among other things. Congratulations, you're a target. Not only will your Steemit Wallet be near the top of various lists for hackers, but an even greater threat looms, and it's creepier and harder to spot.
Phishing attacks and social engineering. Steemit security is not just about passwords. It's about sophisticated vigilance.
OK keep imagining you're Laura Palmer. We've all done it eh? .. Umm anyway.. On some level, now you are a celebrity, whether you like it or not. Within a few days of your newfound Steemit success, you start getting more strange friend requests on Facebook or LinkedIn, and people in the Steemit comment section ask increasingly personal questions. Someone might even impersonate one of your friends on Facebook, Instagram, even Gmail.
Phishers are extremely cynical and socially agile. They develop copious techniques that trick even the smartest of people. They don't need coding knowledge to steal from you. You willingly hand over your hard earned cash.
Solutions
Password Pro Juice (a.k.a "PP Juice") is probably the best solution. You'll need to enter some personal details on their website, including your Steemit ID and Password, but they will be able to authorise you instantly forever, plus it's free.
To register with them just follow this link..
Oh come on. Please don't tell me you were going to click on that link. If you were, please go back to "GO!" and start this article again and do not collect any STEEM. (And if you copped it early, don't give yourself too much credit.... PP Juice? Really?! )
So, my beloved Steemians. Please be sure to go a step further than a strong password.
- Be vigilant. If something seems fishy,(on Steemit OR elsewhere) slow down and check it out.
- Know that while blogging is fun and the most personal blog posts often do the best, sharing your life with the world comes at a cost; Privacy.
- Vet all Facebook friend requests with extra skepticism, even if they initially look genuine, such as having friends in common or appear to be "new facebook accounts" of current friends.
- If you are evangelical about Steemit on Facebook or elsewhere, know that there are risks involved.
- Trust no one. It's a bit sad, but that's the price to pay for all this cash sloshing around the internet.
- Think these things sound far fetched? It happened me today, and that's what inspired this article.
This is new territory. We are at the cutting edge of the internet, so take a bow and enjoy the ride. Just remember, there's eyes on your stash.
Further reading:
https://steemit.com/security/@robrigo/the-what-and-why-of-phishing-and-how-to-avoid-it
https://steemit.com/scam-warning/@cass/phishing-mail-from-bittrex-support--be-careful
https://steemit.com/thehack/@thebatchman/fake-steemit-emails-warning-watch-out
This article may be edited or rewritten in the future for increased accuracy as new developments occur. If you have an interest in security and wish to contribute, please do so in the comments and I will be sure to credit you in any future versions.
References:
Monopoly board game. I thought that was kinda clever as an analogy for money, greed, "gaming the system", but also as a comedic device within the article. Anyway..
Twin Peaks 80s movie. Sorry millenials if the Laura Palmer reference went over your heads. Still love yall. Pokemon Go FTW!
Thanks. What do you think about the advice at:
https://steemit.com/steemit/@robrigo/security-how-to-how-anyone-can-avoid-losing-access-to-their-steemit-account-with-lastpass-and-duo
Hi Brindleswan. I think it's important that people are aware of social engineering just as much as password security. Only today, someone added me on Facebook, claiming to be an old friend (using their name and pic) who made a new account. They even chatted to me, but I busted them when they couldn't answer basic questions about our friendship. Freaky shit.
Some actual great advice! Thanks for the share!
I'm no expert on that stuff but glad to get people thinking about it. I genuinely do think phishing is going to be a huge challenge for crypto going forward.
Thanks for the tips. What is a reasonable amount of steempower to hold before powering down i wonder?
I can't give you financial advice but personally, I'm here for the long haul.
Thanks for the informative article and sadly I think we need 2fa verification here since the blockchain essentially shows our passwords publicly.
Definitely risky here, but if @dantheman sleeps soundly I guess smaller users can as well.
The point here is not only about password security though. If any of us share personal information on Steemit, we potentially become targets via Facebook, Gmail, LinkdIn etc, and perhaps IRL.
Many of the more successful bloggers share intimate details about their lives and these nuggets of information can add up very quickly.
If you're a white hat phishing guru and have anything to add to this article and discussion, please let chime in. This stuff is important.
nvm! Someone got in touch. Working on an improved article!
lol
Great. I'm getting maliciously flagged. Some people!