Jimmy joined Steemit March 2017. By this year, he has grown tremendously. A day after he posted a motivation post about his year journey on Steemit, he got hacked - he clicked on a link a steemian posted and submitted his master key. He checked his account and discovered he just lost 568 steem, 210 SBD and his reputation dropped from 57 to 16. He was a victim of phishing attack just like many other Steemians in recent times. What then is Phishing?
Phishing is an online crime in which the perpetrator disguise to be trustworthy to lure personal and private information from a target or targets. This personal information is then used to access target's account and later used for identity theft and loss of financial asset.
On Steemit, phishing is a cyber crime where a target is lured to click on a link or URL that leads to identity theft and financial loss. Under identity theft, the perpetrator takes over the victim's account and posts comments containing phishing link, this will eventually lead to flagging thereby reducing the victim's reputation. The perpetrator also transfers steem and SBD from victim's account to another account or directly to bitrex because the victim dropped his/her master key.
SPAMMING: Check the poster's comment section. It will contain same message sent to many users with a phishing link.
SUSPICIOUS ADVERTISEMENT: The advertisement is just "too good to be true." It boils down to your gut to understand that hardwork pays not some shortcut to earn.
- FREQUENT AND SUDDEN TRANSFER FROM WALLET: One thing is constant with a victim's wallet; there is immediate transfer of steem and SBD to a suspicious account and bitrex. When you suspect a steemian's comment on your post, check the user's wallet to detect frequent transfer.
They clone a website and include the link in a comment. When a victim clicks the link, it redirects to the phishing website that requires for password. Once the victim submits the password, it redirects back to steemit. Then the attack on the victim's account can start.
Backup your master key and keep safe: This is very important before you even start steeming. Keep your master key somewhere very safe but accessible whenever you need it. Your master key is important to retrieve your account in case of hacking or loss of your account.
Login with ONLY your posting key: This is the most important thing for your safety on this platform. There are 3 important keys: posting key, active key and master key.
Please let us endeavour to login to steemit on our phone or computer with posting key. With this, no transfer can be made from your account.
Be sure of URL link before you click it: These scammers are very smart, they clone websites or make a website URL that looks so much like steemit but it isn't. Be vigilant.
Never give out your password to any app or website without proper research: Sometimes we might get carried away and click a link that will request for our password or key. It is important to be sure of the page before dropping our key. Even if you have to, it should be your posting key. If you download an app that request for your master or active key, research or Google or ask people about the app. I can boldly say, it is only steemconnect I am sure of.
Report any suspicious account or link on @steemcleaners' discord channel: Many steemians do not know there is a discord channel for @steemcleaners. Well, now you do and it is our general duty to report all phishing comments, links or accounts to the channel for flagging. Flagging hide these comments and reduce the harm.
I hope this post helps to reduce phishing attack and create enough awareness but the truth is, some Steemian will still fall so it's important to write on what's next after a phishing attack.
Click on Stolen Accounts Recovery. Fill in your account name and recent password then begin recovery.
It takes up to 24 hours to get a recovery mail after filling in the email address you registered your account with.
Another phase after getting your account back is your reputation. Victim's account get flagged due to spamming and phishing link thereby reducing his/her reputation. The first thing to do is edit all the comments made via your account then report yourself to @steemcleaners. It may take time but it will eventually be unflagged and your reputation will be restored.
I want to make an important point before I end this article. Discord is important if you are a Steemian. Gina on discord will inform us of activities happening to our account. Also, a concerned Steemian can easily locate you on discord and inform you on what's happening to your account.
The above image is just an example of finding @simplymike on disord, it is that simple.
For additional information, visit @arcange, @bullionstackers, @simplymike and @guiltyparties blog. We should appreciate their effort to curb this phishing menace.
Other Images Source