Steemit tips: BEWARE HACKER ALERT!!!! How to avoid Phishing Scams on Steemit!

in #steemit6 years ago (edited)

Phishing Scams


Source

What is Phishing?

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Nobody wants to fall prey to a phishing scam. There’s a good reason that such scams will continue, though: They are successful enough for cybercriminals to make massive profits. Phishing scams are now here in our beloved Steemit community and they attack any time and anywhere.

This is the example post of one steemian got hack by phishing site. The Dtube app on Google playstore.

A Sad Steemit Day: My Account Was Hacked!!! by @emdesan

@emdesan said:

Some devil hack my Steemit account and withdrew my earnings to@bittrex. I hope he goes to hell, literally!
So today I woke up doing my routine which is going to Discord and browsing through the notifications of @ginabot when I stopped in a Coin Transfer notice. Still feeling sleepy, my brain processed this awful information for a minute before reality hit me that my hard-earned SBD and Steem was withdrawn by an unauthorized user. I was mortified and can't believe what just happened.Some crypto devil withdrew all of my earnings!


Source


Source

@emdesan said:

Last Sunday, I got curious about @dtube so I search for an app on Google playstore and found one that was run by. I opened it and I signed up using my master key password on my Steemit account (yes, I know very wrong move!). After registering, I browsed through the DTube app and was confused because I can't do anything with it, not even uploading my own video. I search for the accounts of my co-Steemians who I know uploads videos through DTube also but nothing appears. This gave me cold sweat and I felt afraid because it struck me that this could be a phising app or something and so, I uninstalled it. Bad move that I didn't thought of changing my password after uninstalling which led me to this awful scenario.

What I did? I left a bad review on the app because of what happened to me. Gosh, there was also a bad review before me saying the app was a scam but I didn't listen because I thought it was still legit since the moderator replied.

Fortunately, there are ways to avoid becoming a victim yourself. Here are basic guidelines in keeping yourself safe.

* Think Before You Click!

Source

  • It’s fine to click on links when the one who post is you know well in this platform and link on trusted sites like steemauto, steemitfollowers, and etc. Clicking on links that appear in random comments and fake steemit websites, or whatever name of it, example ( This is a link and you don't know what is this ) and if you are not sure what is that link, Don't ever click that link its better to click this link www.steemit.com..because maybe that link will get all your information in steemit. however, isn’t such a smart move. A phishing link may claim to be from a legitimate steemit site or app on google and when you click the link to the website, it may look exactly like the real steemit website.


Example fake steemit site, Look the URL of this website

The site may ask you to fill in the information like your "master key or owner key". Or read @pfunk post about keys "A User's Guide to the Different Steem Keys or Passwords". Most phishing links now will ask your master key. When in doubt, go directly to the source rather than clicking a potentially dangerous link.

Sample:
This is the source: https://steemit.com/hack/@emdesan/a-sad-steemit-day-my-account-was-hacked
This is a link maybe a phishing link: Link.

* Never Give Out your Master/Owner Password


Source

Steem has five different keys or passwords associated with your accounts. Four of these are used with typical accounts and the fifth is used by witnesses. They are: owner, active, posting, memo, and signing keys. Each has its own set of functions and limits.


Source

@emdesan said:

Last Sunday, I got curious about @dtube so I search for an app on Google playstore and found one that was run by. I opened it and I signed up using my master key password on my Steemit account (yes, I know very wrong move!).

If you are the one who are still using their master key in their daily steemit journey, please change your master key to posting key NOW!! I highly recommend that you NEVER USE your master permission key because if you use posting key everyday, You will not afraid if ever you will click a phishing links because you still have master key and you can change or generate new master key.

KeysUse
Posting Keypost, comment, vote, follow
Active KeyTransfer funds, make trades, power up/down, change posting/memo/witness/active keys, vote for witnesses
Memo KeyThe memo key is used to create and read memos/Private message
MasterKeyThe owner key is the master key for the account and is required to change the other keys.

* Keep Informed About Phishing Techniques


Source

New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams. By finding out about them as early as possible, you will be at much lower risk of getting snared by one. For IT administrators, ongoing security awareness training and simulated phishing for all users is highly recommended in keeping security top of mind throughout the organization.

This is the Dummy Dtube app. DO NOT DOWNLOAD THIS!!

This is the Dummy DTube App on Google Playstore.

Source

Other post about phishing warning:

https://steemit.com/phishing/@goldkey/public-service-announcement-psa-fake-site-steemit-wrong-s-beware
https://steemit.com/phishing/@mrbloom/beware-i-got-hacked-yesterday-by-steewit-com-but-this-musical-phoenix-will-rise-again
https://steemit.com/phishing/@bullionstackers/warning-or-or-please-do-not-open-any-link-from-unknown-accounts-or-or-whalepower-message-eng-bahasa
https://steemit.com/steemit/@shortcut/warning-phishing-attempt-by-mrgunk

I hope this will help you guys.

To all Steemians, NEVER SHARE YOUR PASSWORD TO ANY THIRD PARTY WEBSITES!

These are my previous post that i compiled in one post




@dinmark09

#phishing #cryptocurrency #howto #philippines
6 years ago in #steemit by
$2.36
  • Past Payouts $2.36, 0.00 TRX
  • - Author $1.81, 0.00 TRX
  • - Curators $0.55, 0.00 TRX
36 votes
Reply 7
Sort:  
  • Trending
    • [-]
     6 years ago 

    Great Info an reminder. Thank you @dinmark09

    $0.00
      Reply
      [-]
       6 years ago 

      Your welcome. I hope not one of us will become victim of those hackers.

      $0.00
        Reply
        [-]
         6 years ago 

        I hope so! but your blog was surely a great help for us to be more vigilant. :)\

        $0.00
          Reply
          [-]
           6 years ago 

          Thank you for this!

          $0.00
            Reply
            [-]
             6 years ago 

            your welcome be sure follow me to get more steemit tips from me. :)

            $0.00
              Reply
              [-]
               6 years ago (edited)

              Thank you @dinmark09 for this reminder! It's ashame that there are hackers out there who are too lazy to make their own content or put their own effort in making money and resort to phishing hard-working and honest people. I am sad they have now come to Steemit, but cannot say I am surprised :(

              $0.00
                Reply
                [-]
                 6 years ago 

                Yeah, That was sad thing.. so that's why always check the url. some phishing site almost similar of steemit.com.. like steewit.com that was phishing site of steemit.

                Coin Marketplace

                STEEM 0.17
                TRX 0.15
                JST 0.028
                BTC 56677.48
                ETH 2329.02
                USDT 1.00
                SBD 2.36