Introducing @guard -- a Proactive Measure to Limit Phishing on Steemit
As many of you might know, there have been several phishing attempts on users here on Steemit, aimed at stealing your private keys. As a reminder to all users, please be careful when clicking links and entering your private keys! Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
Phishing is an extremely invasive attack that can become exponential if not contained early, similar to how a virus works. Once the phisher gets a hold of a posting key of another account, the newly infected account can then also be used as a carrier to try and spread the infection. The only way to immunize against such a threat is to start early, and pro-actively attack the commonality (the virus) rather than post-actively quarantine users as they become infected. Worse, users infected may have their funds stolen -- the damage has already been done. We want to prevent more users from being infected immediately.
To address this, I have created @guard. Rather than work of a list of known infected accounts, @guard instead searches for the phishing links themselves, and presents a warning any time one is detected. Despite attackers attempts to hide phishing links (such as with link shorteners), @guard will still catch them.
With this introduction to @guard, please understand the following two pieces of information on how to help us fight phishing.
1. How to Properly Warn Others of Phishing Links
While it is great that users are warning others of phishing links, including the phishing link itself in the warning can actually lead to accidentally spreading the infection! It is important to be careful. Try to make sure when commenting/warning about a phishing link, to avoid using the url itself. This includes links you think may not be clickable (such as removing the www, or http://), as some browsers / extensions can make them clickable anyway.
Furthermore, it is not possible to programically determine if a user is warning of a phishing link, or actively trying to phish, if both cases use the phishing link itself. To this end, please, when warning others, try to use something un-clickable like badwebsite(dot)com
.
2. Reporting Discovery of new Phishing Links
As this method of prevention does need to be updated when new phishing links (e.g. new domains) are discovered, timeliness is important. If you find a link you believe to be phishing (and wasn't already automatically caught by @guard, or manually found by @steemcleaners), please report it immediately to @steemcleaners via our discord chat. If unavailable, you can try directly contacting a @steemcleaners member.
That's it. If you have any thoughts/questions/recommendations about the bot, feel free to comment below!
Thank you @anyx......this is a much appreciated development.
Steemians appreciate all you do.
All the best.
Cheers.
Indeed, I had hated @cheetah, untill I read the cheetah's faq on @anyx blog. @anyx is indeed a blessing to steemit. Like @bentleycapital says,
Thank you.
Hi @anyx . If it works as a cheetah, which accuses users of plagiarism without checking or thinking, it will still be a useless bot, even more damaging.
#steemcleaners for life! Nowa days it is very important to reconize phising links and ways how people try to phis you. Rule number one is, you never get something worthy for free. Second rule is, you never get more than you give when somebody promise that.
It is great to make an anti-phishing network, especially in crypto currency and the crypto rush where people find ways to get more and more from the everage joe.
Always think 3 times before you act on crypto guys, stay safe. PEACEE
interesting
NO more phishing on steemit
Phishers are increasing day by day on steemit
My friends account is compromised by phising attacks.
Thanks for @guard it will really helpful in preventing us from phishers.
I’ve had the same thing happen to me. I wrote a guide on how to recover your account https://steemit.com/mapsters/@simplymike/got-hacked-here-s-how-to-get-your-account-and-reputation-score-back (legit link)
I love a bit of proactive spam-phish fighting!
Great job!! This is something we need badly, and you stepped up and got it done!!!
Hopefully this helps stop alot of the phishing hacks
Excellent project and much appreciated!