How To Prevent Losing Your Account to Basic, Advanced and Smart Phishers:

in #steemit7 years ago

Hello people,

Today I was alerted via @cryptoempire about a phising scheme that almost tricked @sames.

@Sames didn't fall for it, although he was close, and @eonwarped already flagged the guy, and he wasn't the first since his rep is 0.

However, this alerted me to the fact people need to be alerted not only towards basic phishers, but advanced ones using smart tactics as well.

I thought about it and since even basic phishers stole loads of accounts not long ago, people should be warned about smarter "hackers" who will try to steal their accounts.

Read below to learn more...

Basic Phishing: The Bread and Butter of STEEMit scams!

Now, first of all, do you remember when there were those comments taking you to steemil.com or something like that to get your password?

Well, those were basic phishers.

They were leaving comments from random accounts that linked to an external site to take your password.

And there were loads of victims.

Now, you may notice that STEEM now has a symbol that tells people that you're going towards an outside link or page... like this one.

Notice the little arrow?

That tells you you're going to go to an off-blockchain site.

But there are now new tactics, the one that @sames encountered and warned us about was one from the next category.

Advanced Phishers: Stealthy, Sneaky "Hacks"...

Now, advanced phishers worry about framing their little scheme just right.

They give authors a valid reason to click the link, and they highly customize the pages to try and look like SteemConnect or Steemit itself.

Here's the comment the phisher left @sames:

So, the comment refers to someone stealing @sames's content and the link apparently goes towards a report.

Not only that, do you see the little arrow pointing out you're going to an external site?

  • NO!

Why?

Well, that's what made me laugh at the resourcefulness of these people... they found a "homemade workaround".

Here's why you didn't spot it:

They spaced it and spaced it and spaced it to push the symbol to the page's footer.

At a first glance it looks legit, and people usually don't go peek the footer.

What a smart guy... but there are even more advanced phishers to be careful about.

Read below...

Smart Phishers: They Aren't Only Resourceful, They Know How to Segment Their "Markets"

Now, there are phishers out there who start via the advanced tactic, but they switch it up as soon as they get 1 or 2 bites.

After they successfully get access to an account, they use that person's identity to phish other people.

What does that mean?

Well, imagine if that above comment wasn't made by that 0 rep person, but by ME!

I'm a person @sames trust, I'm reputable on the blockchain, and I'm even the leader of the crypto empire community.

@Sames wouldn't have scrolled down to the footer, he wouldn't even read the link or search for the arrow, he would click right on it...

...and that's what a smart phisher do.

People, now matter how good a certain person is, don't click their links without checking it twice... it may be a smart phisher.

BE CAREFUL!


In Conclusion:

No matter how much you trust someone, never ever log in anywhere from a link, especially one marked as external.

Be sure of where you are, look at the URL and the page's certificate, or you may help spread the disease.

Cheers!

Join the Crypto Empire Community

Bucket of Goodies:

Sort:  

Don’t develop an unnatural fear of external links. After all, that’s how the Internet works.

The key learning here is DO NOT reveal your login info to anyone. The only place you enter them is on Steemit and type in the Steemit URL yourself.

And when I put a link in any of my posts, I leave it naked. You know where you are going when you click it.

And when I put a link in any of my posts, I leave it naked. You know where you are going when you click it.

I appreciate that idea; as someone who has learned a few tricks in markdown and suddenly think I'm the dog's bollocks, it is very tempting to figure out fun little teasers to be the link for an external resource. But by being naked, it is very transparent and if we're in this network, we like that. I plan to adopt your practice, can always just use a footnote to keep the flow of the piece while maintaining proper citations.

And even further protection with regard to logins, be familiar with the levels of security for the different keys so even if something is exposed, damage control is as high as possible.

Well, it's not my intention to trigger fear of external links, just to let people know what they look like and what they are so they dont fall for Steemit clones.

It’s always good to remind folks to keep their guard up.

Yes, used naked link for first time this morning. Felt more transparent. As @thisismework said, we like that here on Steemit.

Good info. People need to be made aware.
The trick with all the spaces is smart, very smart.

In your third scenario, it wouldn’t take long before the phishing comments sent out with your account got flagged, which would bring your rep score (and credibility) back to 0 rapidly. That’s what happened during the recent series of phishing scams. An account(like mine) was stolen and used to send out the messages. Before those got flagged, the sustem still said my tep was 53. So nobody saw anything suspicious. But the flags were there fast, bringing my rep to -1.
I wouldn’t click a link from anyone - not even my best friend - if there would be 0 or -1 next to his name..

Indeed, I remembered your case when writing this article... closest weirdest case I knew.

This disappoints me a lot , I put some external links in my articles to add extra information and sources, but now that everyone is paranoid (for good reason) I think no one will open any external link specially when it comes from a Minnow. Now I stopped making comments using external links, but when it comes to your post, you have to give it a little more context, now some of us will have to come up with new ideas to solve this issue, because every time a site becomes famous the cheaters come around.

Thank you for warning us @spiritualmax.

I think for now, we just need to elaborate more in our comments and posts about the external links that we are sharing. It sucks though.

Well, opening the links can't harm you per se, it's "logging in" on the site that gets you!

The reason I forward engineer is because I couldn't stomach the paranoia induced by spending all my time thinking like someone trying to trick people. I've learned though that it's a balance. You have to have a healthy skepticism in order to ensure you're not a target. Thanks for pointing this out.

No problem, glad you took value out of it!

Great insights to the phishing tactics. Thanks for the examples, it makes it clear. Keep educating everyone!

Very good information bro! I just got on Steem a little bit ago. I’m posting about Heroin Recovery coaching! I haven’t got any traction yet. I’m praying. Love the way you tell it straight.

Yes! These tips are really helpful especially if you are the type that likes to click any link sent to you

Where there's money, there are people who'll try to take that money... Amazing post that will surely help so many people!

Agree, human nature unfortunately.

wow! catch fishes.there are some amazing photo.really amazing...@spiritualmax.... visit my profile,upvote my post, support me,please

Thank you for telling us about smart fishers.

Coin Marketplace

STEEM 0.20
TRX 0.24
JST 0.037
BTC 96071.21
ETH 3327.74
USDT 1.00
SBD 3.21