For the last month we've focused on fighting phishing on the STEEM blockchain. We dedicated countless hours to routing out and neutralising the threats and to providing victims with assistance.
Development of Reporting Mechanisms
- We have leveraged our existing Steemcleaners.org website and both our chats (Discord and steem.chat) to gather and evaluate reports of phishing links and infected accounts.
You can report phishing in three easy ways:
- Submit the Abuse Form https://steemcleaners.org/abuse-report/
- Contact us on Discord https://discord.gg/pQCnTjE
- Contact us on Steem.chat https://steem.chat/channel/steemcleaners-public
Development of Anti-Phishing Tools
- @guard bot was developed to unfurl short-link URLs and seek out links to known phishing websites. This development was undertaken as a response to the criminals' use of shortlinks akin to
bit.ly. The @guard bot unfurls these links, seeking out those pointing to phishing websites.
- @mack-bot was adapted to flag phishing comments of accounts placed on the Phishing tracking list. The tracking list is updated when a new infected or spawned account is discovered or when a victim restores their account.
- The goal of these anti-phishing tools is to flag and hide malicious comments while doing minimal damage to the infected account.
Discovery and Neutralization
- Both infected accounts and accounts created purely for phishing have been systemtically identified and flagged to hide their comments. This was done manually through the @steemcleaners and @spaminator accounts and automatically through the @mack-bot and @guard accounts. For this, we leveraged a variety of monitoring mechanisms and reports by our fellow STEEM community members.
- A Phishing Master List was created and is being regularly updated to keep track of the current wave of infected and spawned accounts and to be used as a reference going forward.
- Numerous requests to registrars and hosts of phishing websites have been made by our team and a portion of these websites were taken down as a result.
- We are actively working on various methods of organising and retaining historical data on phishing and other related attack vectors. One of these methods is the aforementioned Phishing Master List.
- We are persuing speeding up discovery of phishing links and other malicious attack vectors.
- We will be employing reporting mechanisms that filter information based on "abuse types" with notifications to members of the @steemcleaners team.
- We are available in both Discord and Steem.chat to assist phishing victims and have done so by walking them through the password roll-back process, helped them edit comments, and worked with them every step of the way.
- On average, we have spent 2-3 hours with each individual requesting our assistance.
- In cases where accounts sustained irrepairable damage, we helped victims restart anew by creating new accounts for them free of charge.
- We are actively seeking volunteers with high-reputation and high-SP (Dolphin and Whale) accounts to upvote recovered phishing victims in order to help restore their lost reputations. Unfortunately, we are unable to use the @steemcleaners and @spaminator accounts for this purpose. Please let us know if you can help!