Sign-in warning tweak to remind/limit phishing attempts
Components
- A small tweak on the Steemit login page
Proposal
- Add a text in red to warn of potential Phishing attempts.
Mockups / Examples
Benefits
- New users will become more aware of the risks from the start and every login screen.
- It will also serve as a reminder at each login to check the URL.
- Because it is in red, it is more likely that it will be noticed if missing.
- Phishing sites are very unlikely to add the text which gives users a chance to 'notice something off'.
Since nothing seems to be getting done due to censorship concerns, we should be tweaking every bit of the UI to serve as education and reminders for all users to be additionally careful when going off site and especially when logging-in.
There are many ways to at least limit the damage of phishing scam attempts without encroaching on censorship issues and protecting users should be part of the community's responsibility. The UI is an easy place to adjust for improved security behaviours.
Taraz
[ a Steemit/Utopian.io original ]
Posted on Utopian.io - Rewarding Open Source Contributors
Thanks for sharing the world about the ongoing scams. I've got us browser extensions made to prevent this kind of attacks. Steemed Phish works 10/10 and I got a warning as soon as I opened the phish.
[ Powered by Steem ] Browser extension to prevent phishing scam attempts
Help us spread the word as far as you can!
Thank you for the contribution. It has been approved.
You can contact us on Discord.
[utopian-moderator]
I like how binance.com adds a warning on their login box:
If you simply tell users to check the URL, some will still screw it up. Binance tells you explicitly what URL to check.
Yes, it doesn't take much. Sure, some people will still fall victim but perhaps significantly less.
I do hope that the developers get to take note of this and implement it. I know it will not solve all the phishing problem as some people will not still look at it even if it's in 16+ foot size. But there are those who will take this warning serious and to them, this suggestion will make all the difference.
It doesn't take much to at least save some.
This is a great suggestion. It will be extremely helpful for the new users who still can't find their way around Steemit. There are too many similar websites, some are safe, some are not. I can't know it unless I find something about phishing like in this post.
It's not really just a Steemit problem, it's a browser problem. For a while I've been saying that it would be nice to have webpages go through a verification process so when you go to that page, it actually tells you you're on... say, Steemit.com. On the left end of the browser address bar, before the address, it would tell you if the site had been confirmed and what that site was. This may already exist, but I haven't really seen it.
would be interesting to know of there is an app that could store important addresses/bookmarked addresses and do this check.
If you "google" something, it will tell you next to the link that you've visited the site before and when that visit occurred. If it's a new site though, there's nothing you can do (that I know of). Anti-virus, I guess.
Would you consider putting a fake link into your messages...something which is tempting to noobs, and re-directs them to a short message about protecting their account?
that would be interesting but may just add to the issue.
Yes, I think this is the most important thing. Also, a member doesn't need to be a new user to make this sort of a mistake. We all make mistakes when we are tired, sleepy or when we don't pay attention.
yes, so having a reminder might create a habit to always check the URL which could save a tired mind.
Yeah, lately it was too many phishing attacks and stolen profiles.
Also, they should make those letters either bold or bigger, so user notice them easier.
Red letters are ok, but what if a person can't see well, or can't recognize colors. Would not be better if there is checkbox.
The little box which you have to check and then get inside? I am fast clicker so even red color might not be enough for some people.
The purpose of those boxes is to keep bots away. This is another type of issue we are talking about
I am thinking of something else too but this is for a quick change.