What Is This Abuse? Part 3
For my third anti-abuse contribution, I'm tackling one of the most destructive type of abuse - Scam.
Scam is a notoriously demoralizing abuse on the platform. It can make you quit. Or for the better, it can make you less-clicky on links.
One thing we need to do while surfing the web is be leery of any links. Be leery of any screen asking for your password.
Main pic by https://unsplash.com/@timcollinsphoto
Points To Cover
- What is scam on the blockchain
- How to find scammy/phishy posts and comments on the blockchain
What is Scam
You might think it's only for emails and mails. No, you can also fall for it in the world of wide trappy web.
Let's see how else scam is defined.
Scam - Posting a scam designed to trick or defraud others. One example of that would be phishing, which is posting with intention of stealing account keys, passwords or credentials.
Malware/Virus/Phishing and other Attack Vectors
Any of these can compromise the security of Steemian’s account(s), computer, or steemit.com itself.
The most common downfall of this type of abuse is clicking on links. New Steemians, and even established ones, fall for this bait. Click an enticing link and give away your password.
How To Detect Scam/Phishing
If you are using Steemit, any links pointing to other sources will warn you that it's an external link.
Steemit post with external link
On the above screenshot, I hovered my mouse over the link on my post. The warning says that particular link will take you away from steemit.com. On the bottom left of your screen, you should also see where that link is going to take you. On this case, it goes to Utopian.io.
On Busy.org, check your settings:
My settings on Busy.org
If Rewrite links is checked, any link you click with steemit.com will open as busy.org. Otherwise, it will be an external link - going to steemit.com.
If Enable exit page is checked, any link you click going away from busy.org will open on a separate window. It will let you stop and consider before going to the website. If unchecked, Busy will let you go to the website without a prompt.
New tab opened from Busy.org if exit page is enabled
Looking for something to flag
If you don't already know by now, I'm scouting for abuse.
For this post, I'm going to look for abuse under artisteem tag.
New/Created page for artisteem tag
On my last post about copy/paste, this particular tip gave me 2 abuse leads.
Click on Steemit logo, click New and choose any tag. Since I'm targeting artisteem, I just typed artisteem on the address bar. Then take your pick! It's going to take some time so grab a snack and a drink...
This incident happened 4 days ago. I was looking for a material to write about plagiarism. Instead, I stumbled on a phishing comment!
I found an artisteem submission, checked if it was plagiarized, it's not. As I was looking through the comments (yes, I read the post and the comments too), I found a glaring advertisement.
Phishing culprit. The -2 rep is after Steemcleaners wiped out every comment.
If I was click-happy and wanted that exclusive 30 STEEM bonus, I'd jump right on it before they run out of Steem!
But I hovered over that link, noticed it was going to a website . I didn't want to click on it.
What do you do? How can I test if this is a phishing link or not?
On non-urgent abuse cases, I usually report them through the Steemcleaners website.
This is a destructive abuse and needs an urgent attention. I decided to drop this link at Steemcleaners Discord. I don't care if it's going to turn out as false alarm. What matters is if this link is safe or not.
Steemcleaners has a phishing channel. I reported the link and asked if they can take a look at it. Bullionstackers is usually the main guy and that morning was prime phishing morning.
Steemcleaners phishing channel was on fire that morning
Looking at the account's comment page, it's all greyed out now.
Nuked account to minus 2 rep
Another superb job by Steemcleaners!
Steemcleaners and plentyofphish hammering the phishing comment
You might think your Steemit life is over once a scammer gets a hold of your private keys, passwords, and/or credentials. Damages like the ones below would be devastating.
- Your funds were withdrawn
- Your rep is down to the negatives
- Your Steemit friends got phished too
- Your account is unrecoverable and you have to start another account
It takes a lot of work to start from scratch again. And how can you deal with your friends getting phished because you got phished?
You don't ever have to deal with it if you're careful, slow to click and aware. Multiple check everything! Be selfish with your password.
Flag a phishing link to help your friends not click on it when they see it on your post. It's time to stop ignoring the scammy links on comments you stumble on.
This is a community effort. Do your part and stop feeling sorry for others. You can help stop phishing from spreading on the blockchain.
If you give a subtle warning like @thekitchenfairy, even better! She's a witness too. If you have a spare witness spot, consider voting for her.
- SimplyMike authored a recent post on how to protect yourself from being a phishing victim
- Arcange authored this post on how a deceiving comment with images is used to trick you
- Surfermarly talks about what happened after she recovered her phished account
- Themarkymark talks about how a good password manager can help protect you from phishing attacks
If you missed the first and second parts to this series, check it out below:
Last on "What is This Abuse" Series
- Plagiarism: Your Hard Work, My Gain