Some thoughts about phishing on steemit, my fathers account being compromised and wanting to bring more attention to the issue.

in #steemit6 years ago (edited)

I wanted to make a quick post to bring awareness to phishing for accounts on steemit.

dfges.jpg

(Image was found on Google images and does not belong to me. I'm using it in a fair use sense to raise awareness)

I've seen quite a few of these phishing sorts of things in my time and I've developed a pretty good eye myself and understanding to try to avoid such things.

BUT... Unfortunately I didn't warn my father of the dangers enough, and I had seen it happen to at least a few people in the past here on steemit in similar ways, so.. I really should have said more and I definitely feel partly responsible.

He was nice enough in his post and our conversations to not blame me and he's taken responsibility for it, but.. I feel like I should have been more proactive so I do feel partly responsible for it.

I thought he was sort of aware of this kind of stuff because he uses email and I thought he knew not to click on weird links and give important information to suspicious links but.. He told me he wasn't really aware of the email risks either so my it was partly my fault for just sort of assuming he kind of knew about these things when he didn't.

A few people clicked on the link and did not enter their PW in, I still suggested they change their PW.. But.. I was really worried someone else might have got infected and so far it looks like no one did. Thank goodness.

One of my friends who clicked on it had like 3000 SP sitting in their wallet and I almost cried thinking she could have lost all that. Thank goodness she didn't.. That would have been so horrible.

I spent most of my day when it happened just trying to figure out what to do and to try to push back against all the additional phishing links it was sending out on my fathers account.

I thought I knew more about how steemit worked in regards to recourse and such, but once again I was reminded I don't know that much either myself and had to ask peoples for help to figure out what the options were.

And.. Something that was really redeeming to me was seeing steamcleaners in action and also all the other thoughtful sentiments from friends or people who like my father or his photography work.

There's been a ton of support and a few have even been talking of doing a fundraiser of sorts to help try to get him some of his losses back.

I think it was around 270SBD and 10 steem and I don't expect to get that much back, but.. I do think it would be cool if he could get some of it back.

Is there no way for steemit inc to do anything about this? I've read of at least one case in the past where they returned funds to people in a sort of similar case with hacking and stealing money.

https://steemit.com/steemit/@steemitblog/important-security-announcement-steemit-ceo-ned-scott

"The hack has now been contained. User accounts and wallets are not at risk, and we hope to soon reactivate the Steemit website to normal order. Any users whose accounts were compromised will be completely reimbursed.

Though only a relatively small amount of Steem was stolen, we take any form of criminal activity against our community extremely seriously. We have reported the hack to police and other cyber crime authorities, including the FBI. A full, internal investigation is currently being conducted and we are working on an immediate solution."

So.. If they take it so seriously and have returned money in the past, does that not extend to phishing..? Like.. I don't understand.

I'm curious if there are any other options? I mean it's all on the blockchain.. It seems like there should be something we could do.. But.. Once again I admit I don't understand how it all works as well as I'd like to think I do.

After creating the IFC(Information Finding Championship) and having it become quite popular, I've got a little deeper behind the scenes and have learned a few concerning things about steem/steemit I didn't know before..

Nothing enough to make me want to quit, but.. I've seen a few concerning things for sure. And.. Now after seeing the community come together to help my father.. I once again am given a renewed hope in steem.

And. Don't get me wrong, I've seen the outpouring of support in others cases, but.. I think it's a little different when it happens to you, and people are helping you.. Or.. If they are helping a family member or someone you love.

I think then perhaps it takes on an even deeper meaning and I have to say that.. Despite how crummy this person was and how angry I am towards their actions.. I think some good things have come out of this.

For one.. It's helped me discover a few new witnesses who are doing some amazing work to help the community who I am now supporting and my father is interested in voting for witnesses now as well so I'm going to teach him how to do that soon also.

The couple extra new witnesses I learned about I'd like to mention are.. @patrice and @guiltyparties

Also a few I was already aware of but hadn't voted for yet were @arcange and @derangedvisions and I also had a helpful comment of support from @pfunk who I was already supporting for witness as well.

I would highly suggest checking them all out and consider voting for them as witness if you appreciate steem/steemit and what they do.

And while I don't think @bullionstackers @stitchybitch @naturicia are witnesses, they were very helpful as well! Additionally @enforcer48 helped! Who I've known for a while now. And.. There's probably a few other names too and I'm probably just scratching the surface with steamcleaners and the people involved there, but these were some of people I encountered during all this who I found helpful.

These people are doing such important work, it's some of the most important work on steemit in my opinion..
Why isn't steemit INC doing something similar? Like an official group they pay that goes around addressing issues like this..?

I'm not sure.. But I'm glad some people in the community are willing to stand up and do it. Gives me a lot more faith in the platform that even if steemit inc can't/wont do these things that the people of the community will.

You can find my fathers post here as well if you'd like to go over there and give him an upvote or a comment or some form of support.

https://steemit.com/photofeed/@irvinesimages/peaceful-essence

Would appreciate it if you resteem his post or any other posts related to this to get the awareness out there more as well.

Oh and.. I was just notified by a friend to check the scammers account again and it looks like they got a couple more victims, someone just lost over 1000 steem.. sigh..

The other one didn't lose that much.. But damn. That's a pretty significant loss there. Glad it wasn't connected to my fathers account.

I couldn't figure out where the smaller account got infected, but I did find the one on the one who lost 1000+ steem and it wasn't my father.. Hopefully no one else lost any money because of that and hopefully we contained it before anyone else clicked on any of those links.

I was thinking.. People get hacked on Facebook all the time and it's no big deal, you might inconvenience some of your friends but you usually get your account back and move on. Not that I ever got hacked on Facebook but I saw it happen a bunch.

Yet.. Here on steemit! If you get hacked.. You could lead to someone losing a lot of money. And I think that should hopefully remind us all to try to be a little more careful. If you get hacked here on steemit.. Not only could you lose a lot of money.. Other people might as well.

Once again.. I have to wonder.. Why can't the community or steemit somehow be able to do something here? This account is there for everyone to see just stealing money and apparently cashing out through blocktrades with new victims each day, can't we at least get them blacklisted on blocktrades or something...? Is there nothing we can do..???

Additionally.. I'd like to include simplymikes guide for people to check out as well even though it is already linked in the post above that my father shared.. I just think it's good to share and to get it out there for more to see.

https://steemit.com/mapsters/@simplymike/got-hacked-here-s-how-to-get-your-account-and-reputation-score-back

I typed most of this up last night and just checked again and it looks like the phisher got two more accounts. Smaller ones.. But.. Damn.. They are racking up the victims.

Fortunately it looks like neither of those were connected to my fathers account either, I think we were able to get to it quick enough that no other accounts were infected by my fathers, I'm not positive.. But.. So far thank god I haven't seen accounts that were infected because of our mistake.

Oh and.. I was just talking to my father on the phone and thinking.. It would be a good idea if there was a welcome bot that warned people of these kinds of things and to not click on links unless they know they are secure and such.

I just looked and I didn't see any bot doing this, but maybe there is already a bot doing that? Either way.. I think it would be good to implement right away if it's not already being done, to bring more awareness to these kinds of things especially for new users.

Another thing I wanted to stress is to be extremely careful which links you click on.. In regards to the web address https:// the S means secure. I'd suggest checking to make sure your link has the S and that also the webpage is spelled right or from a trusted source.

If it's questionable, ask questions. Wait to hear what other people think before you risk your account and money and potentially other peoples as well.

Finally I'd just like to repeat, please support @steemcleaners in whatever ways you can, they really do some amazing work on here that in my opinion steemit inc should be doing itself.

Thank you so much for the outpouring of support and understanding and sorry for the mistake, hopefully no one else was harmed because of it and we can create some positives out of this and help bring more awareness to the issue. <3

Sort:  

Why isn't steemit INC doing something similar? Like an official group they pay that goes around addressing issues like this..?

I am 95% sure that @misterdelegation, which @steemcleaners receives delegation from, belongs to STINC.

And to reemphasize @derangedvisions's comment:

The main thing that we as a community can do is to remind each other about the importance of using our POSTING KEYS to log in with. NEVER use your MASTER KEY. If you get hacked and have only used your posting key to log in, your money will be fine. All they will be able to do is post in your name and drain your VP, but if you have made a habit of logging in with your Master Key, then you gave them access to the whole account if you are hacked.

Oh I see. Thanks for the correction. I never got the impression I was working with steemit inc in any sense, it seemed like totally grassroots community stuff. And in regards to the master key point, maybe we could have a bot that reminds people to do that and to not click on suspect links as well.

Hey this is a bit off topic, but is there a problem with bots on steemit now? I haven't been on for a year, but I literally hopped on like 30 minutes ago and have since gained 100+ followers. It's kind of weird. I kept refreshing the page and I got extra followers, although it has stopped now.

Hey shamic! Long time no see. Hope you've been doing well!
And yeah.. I think there's almost always been a problem with bots, depending on how you look at it of course.. Some people love the bots, some hate them.. I'm a bit somewhere in the middle and more neutral.

Yeah I'm doing fine, haven't been on steemit for ages though lol. I mean I don't understand much about them, but if there is a tonne of upvote bots around won't that kind of devalue steem?

It could devalue steem or it could add more value, I don't really know. I liken them to billboards people put up on the street or advertising, it's very similar to the advertising Facebook or YouTube allow, except.. Non centralized and from individual people instead of a mega corporation.. So.. You know.. I don't really know.. As I mentioned my opinion on them is sort of neutral.. I'm not totally sure what to think. I don't use them myself, but.. I try to stay open minded. Glad to hear you've been doing well!

Perhaps one day STINC will provide a means for a trusted delegate to completely block a person's account, (freeze all STEEM POWER), so the account can take no actions at all. It is my understanding no SP means no Bandwidth for actionable items such as voting, posting, and transferring funds. Lock the account down until it is determined that the funds were intentionally transferred by the fund owner. Of course the only time the account would be locked down would be if the original fund owner made a complaint. Also all other accounts the hacker account sent funds to would also be frozen.

That sounds like a pretty good idea to me. To be able to freeze suspicious accounts until an investigation is done and such. I admit I don't totally understand how all this works, but it just seems weird and wrong that we can all see a crime taking place and do nothing.

Phising is serious problem on this wonderful community

Hello my dear friend @apolymask. I am so sorry about what happened to your father's account. But i really want to thank you very much for raising an awareness for this phising issue happening just around us.

To be honest, I've been hearing about this already but didnt pay much attention to it and thought that maybe this has been solved. However, today my eyes was opened wide because of your article and i didnt realized how serious the issue was until now.

You've helped a lot of people thru your informative and detailed post. With aim to made awareness, critical analysis and team work to resolved this on going issue. I want to extend special thanks to all the people or witnesses who made a remarkable work, so as @steemcleaners.

Again, thank you. Bless your heart dear friend @apolymask.

Coin Marketplace

STEEM 0.15
TRX 0.17
JST 0.028
BTC 69075.42
ETH 2475.71
USDT 1.00
SBD 2.35