RE: If Something Smells Phishy, It Most Likely Is!
Hey @originalsimulant! Long time no see. :)
I’m not sure how a platform can ever possibly ‘catch-on’ when it’s single line of user-protection is advising it’s users not..to..click..on..any..links..
Sadly, the advice extends beyond the platform into the real-world because there isn't much else that can be done with phishing scams, aside from user education. Even at my workplace, the only advice that is given to users about email-phishing is not to click on any links. Those fake websites are complete replica of the real one, and maybe only one letter inserted that is different, and users don't always pay attention.
It especially sucks when trying to use other platforms running on the Steem Blockchain which require your password such as Dtube for example.
I do see the problem here as well. Different dapps require different passwords to login, for instance, Busy and DLive require you to give your active key to login to use. If users are "actively" using this active key, it opens the door for hackers to come in and "phish" the active key and steal the steem/sbd funds. Steemit require only the posting key which does lessen the risk of funds being stolen since hackers wouldn't be able to make wallet transactions with a posting key.
I did hear on the MSP show last night that yabapmatt (witness) is in the process of building an extension for STEEM, similar to Metamask, which is an extension on the web browser that is used to store passwords and can use be used on the different dapps on the STEEM blockchain. I don't understand the technical details very well, and it hasn't been released yet, but what I got out of it is that users could now save their password in this extension which will allow safe access into dapps like steemit, busy, and dtube/dlive. My hope is that with the release of the extension, users that click on a "phishing link" would know it is a scam because they are asked to enter a password. Because if the site was legit, the password would already be saved in the extension and the user wouldn't be asked! I hope that is how it works. That would require the usage of browser extension addon but decrease the chance of phishing activities.