Whaleshares: https://whaleshares.io/bitshares/@cryptoninja.guru/warning-pishing-proposal-attempts-on-the-bitshares-dex
The freedom to propose anything at all
With BitShares comes a lot of freedom, and with freedom, comes lack of responsibility. Your responsibility .... to not click around carelessly or be unaware of things that could happen to your funds all too easily due to carelessness. Also, sadly, it's really in fact other users we need to look out for most of all. Remember if you have a censorship free platform, these things will happen. BitShares offers huge benefits, features, security and liberty to its users. However of course it is the moral obligation of cryptoninja.guru to keep our followers informed and safe from harm, and as such will post these warnings whenever the need arises.
The latest is an attempt by attacker to utilize the 'propose transaction' feature. A basic and useful feature that does exactly what it says on the tin: One account can 'propose' to another or many, a payment for example. Should the recipient see a pop-up in their DEX and not read it, just click ok, the proposal will clear and the transaction will have been made to the thief - and it's all your fault for accepting it! They didn't even break the law, they just asked and you gave - on the blockchain.
What's BitShares doing about it?
Since this occurred, community suggested a modification whereby users already have function of 'contact list', the 'proposee' must be there or proposed transactions will flash up to the user with a big red warning to not accept unknown proposals.
Decentralized means there is no party to go and ask for assets willingly sent back to you. There's no bank system to reverse transactions either. The best that could be done is reporting it to the committee and hoping for the best, that the account gets frozen or even the thief tracked down, which they could be even if their IP address isn't stored on the blockchain - supernodes and API access points all have logs, and hardcore admins and witnesses do work together sometimes. Thieves, should be wary also with what they are playing - in any case, any exploit you do find will give you a lot more to gain (esp. potential reputation and respect) by going hackthedex.io route, and amateurs are asking for jail time, because these folks will find you ....
If you see these, and you don't know what they are, reject them.