Phishing: Steemil, sleemit, steemiit... the list goes on.

in #phishing7 years ago
  • Firstly, be very careful when clicking on links that go off site.
  • Secondly, most people who say, nice post and are offering you stuff that take you off site are assholes.

Phishing is a problem here and it is one we need to take a serious look at considering there is 'actual' value and wallets involved. There are also many new users that come onto the platform and do not know what is bot/ human, what is spam, compliment or phishing and a whole range of other things.

So, here are some ideas.

1: Report phishing links to all the major search engines and browsers so users will hopefully be warned when confronted.

I think that someone hired by Steemit should be doing this already. Are they? Apparently not. Users can of course try to do this also.

2: Flag them all.

I have just spent about 2 full votes flagging a 25 rep Phisher down to 11 and now every comment at 1% to grey it out. I can't continue that. Here is the account, swing away.

3: Deputize some people.

Hmm, give some people the ability to grey out comment without it costing them VP. This could be a host of people that work with @steemcleaners etc as well as some high rep trusted users who can identify and grey out. Censorship concerns.

4: Blockchain filter phishing domains

I don't think this is tenable considering the endless stream but, I guess it is an option.

5: Browser add-ons

Third-party programs to either filter out or provide warnings for potential phishing links. Again, these have to be installed though and offer their own risks. Perhaps Steemit-backed versions would be safe.

6: Raise the 'Grey point'

At the moment, it requires a '0' reputation to be auto greyed. As a 70 rep with my SP, I can take a 25 rep to 15 with 100% vote but, it works in the same way as building reputation. The lower it gets, the harder to drop it. This is the easiest one to implement and try though as essentially as soon as a phishing account is identified, any number of relatively high rep people can knock it down and grey the account very fast and pretty much any user who comes across it can throw a message or comment to a high rep/SP user to take a look.

Raising the grey point to 15 or so gives enough chance for a new user to adjust if 'accidentally' behaving poorly and gets flagged but, it is easy enough for a higher rep to knock an account to. This way, the phishing/spam accounts will be auto-greyed soon enough without the need for any add-ons.

7: Auto mute

This is also an option where phishing accounts could get auto-muted by trained eyes. This way no one will ever see it once triggered.

8: The best solution?

This is actually the hardest one to implement. DON'T BE DICKS!

These are just a few ideas as I have been flagging that account. For now though, every user needs to be very careful when clicking on links and if you are asked to log back in for something, triple check you are at the site you intend to be at.

Taraz
[ a Steemit original ]

Sort:  

Hi, please send 1 SBD to @maltclarke and I'll give you a full upvote :)

Not again Malt, not again.

“There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again.”

One solution might be to only allow external links if an account’s reputation is above 50.

unfortunately, reps can be bought.

It’s not full proof but at least it’ll cost phishers money to maintain accounts.

Another option might be a browser plugin. Actually I might try and whip something up this week. I’ll get back to you on this one...

It would be a nice feature of Steemit, Busy, etc. to have a little notice to pop up after links, advising us as such. Computers can detect "one letter off" errors, that humans can gloss over.

There is a small notification icon after a link now if it will go out of Steemit.

I had a low life phishing scammer comment on one of my posts and I saw it.

Don't install unknown softwares or apps on your phone or computer or don't click unknown links. I will share one of my experience on how i got cheated by one scam software. I have installed one software for earning free cryptocoins. i didn't opened the software,but still it was running in background(Later I have seen this from Task Manager) . So i have copied one of wallet address for transferring coins from one wallet to other. While pasting I have not concentrated on the copied wallet address, the scam software pasted its wallet address in place of mine. Unfortunately I lost all my hard earned money through free faucets. I checked several times and not even one time my wallet address copied. finally i uninstalled the software and came to know that all the shit happening because of that scam software. So guys! be aware of such scam apps and softwares or unknown links

Ever heard 'nothing is for free'?

Yes. I learnt every thing from experience. Now I'm very cautious about everything. I want to share this to newbies so that they will not get cheated like me

Phising is really tricky, alot of people fall victim to Phising due to lack of know how. Your post has been really helpful

There are thousands of new users coming on every day and very few of them are going to have the know-how to recognise straight away. It is terrible for user experience and credibility.

I think that steemit thinks that it is protecting the users by adding that little square that warns users that they are about to go out of steemit!

Thank you for this post, it is very useful - of course resteemed and I truly hope that steemit starts to pay attention to some things that are becoming not only annoying but very dangerous.

The most difficult to understand are the domains that have a little dot at the bottom of the letters (not sure how it is managed)...

I agree with all the points raised above and If I think about anything else I will make sure to add it here for further reference..

Steemit needs to take actions, perhaps a more detailed edition could be sent to steemit via utopian?

I dished out about 30 flags on phishing comments, but hardly made a dent to the piss-ant's rep.

One way to stop this, or make it more difficult would be for Bittrex etc... to tie your Steem wallet to your wallet on the exchange, and for 2FA on any transfer to an exchange wallet like @bittrex or @blocktrades. If there is a many-to-one pattern between wallet, this should raise a red flag and the exchange account frozen and put under review. I'm sure they could work something out to add some better level of protection.

Obviously the first prize is to be alert and pay attention to what you're clicking on.

Thank you for this information.Flagging someone is risky for the people like me as we don't know what that account actually represents. Flag wars are going on. Hence, even a user having a rep as low as -1 can be harmful if we don't know the big account associated with that small account!

And I have a doubt..If someone having huge SP and very low rep than me flags me,will it decrease my reputation?

People involved in flag wars aren't phishing accounts generally. as far as I know, a lower SP can't do much to a higher rep but, most likely someone with a lot of SP won't bother.

A never ending battle it seems! I guess I shall start doing my part in the effort to sequester these spammers and such.

For I am.... HUMAN!

How do you report phishing links to search engines and browsers ? I never heard of it.

Once I almost was going to be fooled by Steemil, thankfully one curator saved me. These Phishers put some post luring people to click some links and that is where, people do not realize that they are now moved to a different domain, since the look and feel are exactly same.

Here is a link to a google one:

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Be careful and never log in anywhere without checking it first.

Thank you for that, bookmarked. Yes, now more cautious.