SECURE YOUR FUNDS: How To Protect Yourself From The Ongoing Phishing Attacks

There seems to be a growing number of phishing attacks again. Make sure to keep your wallet and your funds safe from phishing attacks!

^{Source 1 - Source 2}

Another SteemConnect Phishing Scam

About an hour ago I read a post from a lady who had lost all her liquid SBD and Steem to a scammer.

If you've been here longer than 6 months, you'll remember the huge phishing attack that took place in April or May. Lots of people clicked an innocent looking link, which redirected them to a SteemIt log in page which was set up to be able to get to your keys. Once you've signed up, your wallet was cleaned out and a powering down was initiated.

Lots of people lost their money, and the sad thing is that everyone's hands were tight. Once you had entered your key into the website, you were basically lost.

I had a front-row seat; I was one of the first people who fell victim to the scam.
Fortunately, I had everything powered up, and all they got away with was 14 SBD. Other people were less fortunate and lost truckloads of money.

Raising Awareness is Important

As soon as I got control over my account again, I started up an awareness campaign. I started warning people to not use their main password for daily logins, and to always check the URL of the site you're on before you enter your credentials.

I wrote a series of articles to teach people how they can use their SteemIt private keys responsibly, and even provided a step-by-step tutorial on how to regain access to your site a soon as possible, so you can block out those people with malicious intentions.

This was the main post at the time. The phishing method was different, but it can still help you to recover your account when it has been compromised.

^{Click the image to visit and read the article}

You'll find the step-by-step guide on how to recover your account as quickly as possible here: Got Hacked? Here's How To Get Your Account And Reputation Score Back!

Fake SteemConnect Sites

This approach has already been used in the past - but that was before I came here.

The nifty phishers are simply reproducing a perfect looking Steeconnect site, which is very hard to distinguish from the original one. The only difference you can spot is that the page has a different URL.

^{Created with The Logo Creator 7}

Which brings me to tip 1:

1 - Always check the URL before you enter your credentials.

During my previous experience, I noticed that a lot of people simply hold the door open for people with bad intentions, simply because they are using the wrong keys.

The reason why Steemit has so many keys, is because every key unlocks a specific functionality.

2 - Use Your Master password only once: when you sign in to the site the first time.

Once you're logged in, go to your 'Wallet' page and look for the 'Permissions' tab. When you click it, your public posting and active key will be shown. Underneath you'll find your owner's key and the memo key. Note down all your keys (public ´ánd private) and keep them in a safe place.

When you sign up, you receive a secret password. What they don't tell you is that if someone knows your secret password, he can control your entire account.

So after your initial log in, you store that password in a safe place, preferably offline.

NEVER, EVER use your ‘Master Password’ for daily logins!!

^Source

Like @rycharde from the M-A-P channel stated:

The Password is your "ultra-secret never to be revealed master key to the Steem universe"

I did read the FAQ, but I managed to miss the part about the roles every key fulfills, and I’m pretty sure a lot of you have too.

Here's what it says:

Save your master password and keep it somewhere safe.*

Only log into your account using the key with the appropriate permissions for what you are doing:

• Private Posting key for every day logins

• Private Active key when necessary for transfers, power-ups, etc.

• Master password or owner key when changing the password

Again, save your master password and keep it safe!

Find it in the FAQ here

Summary

• Keep all your keys and definitely your master password and owner key safe, preferably on an external hard drive.
  
  
• If you are asked to log in with your active key (when you want to perform a transaction, for example), TRIPLE check the URL of the page. This is a lot more difficult when you are working on your mobile phone, but I strongly suggest you do put in a good effort trying to figure out the URL before you give away your active key - after all, it is the key to your bank account.

Better be safe than sorry...

^Source

---

PROMO:

Share your Twitter tweets, your Instagram posts and YouTube videos on the Steem blockchain on autopilot with Share2Steem service.

---

^{Graphic created with The Logo Creator Software}

Subscribe Ro RSS Feed | Subscribe To Newsletter

More Posts You Might Like

• Actifit Report Card: When Two Girls Go Shopping

• How To Write Powerful Headlines Your Readers Can't Resist (+ FREE EBOOK)

• 595 Power Words That’ll Instantly Make You a Better Writer

• Help Steem Get Listed On Niffler! Community Support Needed!

• 🏆 [CONTEST] What Did You Learn About SteemIt This Week? (+ Steem-Bounty)

• Understanding the STEEM Blockchain Economy | Free Beginner's Course

• Got Hacked? Here's Your Step-By-Step Guide To Getting Your Account And Reputation Score Back

Join us @steemitbloggers
^{Animation By @zord189}