SECURE YOUR FUNDS: How To Protect Yourself From The Ongoing Phishing Attacks

in mapsters •  6 years ago 

There seems to be a growing number of phishing attacks again. Make sure to keep your wallet and your funds safe from phishing attacks!

scam alert  Keep your keys safe.jpg
Source 1 - Source 2

Another SteemConnect Phishing Scam

About an hour ago I read a post from a lady who had lost all her liquid SBD and Steem to a scammer.

If you've been here longer than 6 months, you'll remember the huge phishing attack that took place in April or May. Lots of people clicked an innocent looking link, which redirected them to a SteemIt log in page which was set up to be able to get to your keys. Once you've signed up, your wallet was cleaned out and a powering down was initiated.

Lots of people lost their money, and the sad thing is that everyone's hands were tight. Once you had entered your key into the website, you were basically lost.

I had a front-row seat; I was one of the first people who fell victim to the scam.
Fortunately, I had everything powered up, and all they got away with was 14 SBD. Other people were less fortunate and lost truckloads of money.

dividerlines.png

Raising Awareness is Important

As soon as I got control over my account again, I started up an awareness campaign. I started warning people to not use their main password for daily logins, and to always check the URL of the site you're on before you enter your credentials.

I wrote a series of articles to teach people how they can use their SteemIt private keys responsibly, and even provided a step-by-step tutorial on how to regain access to your site a soon as possible, so you can block out those people with malicious intentions.

This was the main post at the time. The phishing method was different, but it can still help you to recover your account when it has been compromised.

what I learned from getting hacked.png
Click the image to visit and read the article

You'll find the step-by-step guide on how to recover your account as quickly as possible here: Got Hacked? Here's How To Get Your Account And Reputation Score Back!

dividerlines.png

Fake SteemConnect Sites

This approach has already been used in the past - but that was before I came here.

The nifty phishers are simply reproducing a perfect looking Steeconnect site, which is very hard to distinguish from the original one. The only difference you can spot is that the page has a different URL.

super important info.pngCreated with The Logo Creator 7

Which brings me to tip 1:

1 - Always check the URL before you enter your credentials.

During my previous experience, I noticed that a lot of people simply hold the door open for people with bad intentions, simply because they are using the wrong keys.

The reason why Steemit has so many keys, is because every key unlocks a specific functionality.

2 - Use Your Master password only once: when you sign in to the site the first time.

Once you're logged in, go to your 'Wallet' page and look for the 'Permissions' tab. When you click it, your public posting and active key will be shown. Underneath you'll find your owner's key and the memo key. Note down all your keys (public ´ánd private) and keep them in a safe place.

When you sign up, you receive a secret password. What they don't tell you is that if someone knows your secret password, he can control your entire account.

So after your initial log in, you store that password in a safe place, preferably offline.

NEVER, EVER use your ‘Master Password’ for daily logins!!

never.gif
Source

Like @rycharde from the M-A-P channel stated:

The Password is your "ultra-secret never to be revealed master key to the Steem universe"

I did read the FAQ, but I managed to miss the part about the roles every key fulfills, and I’m pretty sure a lot of you have too.

Here's what it says:

Save your master password and keep it somewhere safe.*

Only log into your account using the key with the appropriate permissions for what you are doing:

  • Private Posting key for every day logins

  • Private Active key when necessary for transfers, power-ups, etc.

  • Master password or owner key when changing the password

Again, save your master password and keep it safe!

Find it in the FAQ here

dividerlines.png

Summary

  • Keep all your keys and definitely your master password and owner key safe, preferably on an external hard drive.

  • If you are asked to log in with your active key (when you want to perform a transaction, for example), TRIPLE check the URL of the page. This is a lot more difficult when you are working on your mobile phone, but I strongly suggest you do put in a good effort trying to figure out the URL before you give away your active key - after all, it is the key to your bank account.

Better be safe than sorry...




Source



PROMO:


Share your Twitter tweets, your Instagram posts and YouTube videos on the Steem blockchain on autopilot with Share2Steem service.

share2steem.gif



signature2.gif

Graphic created with The Logo Creator Software

Subscribe Ro RSS Feed | Subscribe To Newsletter


More Posts You Might Like



Steemit Bloggers
Join us @steemitbloggers
Animation By @zord189



JOIN THE DISCORD


Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This post has received a 62.50% upvote from @kennybrown!



Want more views to reach your posts? Try BlockGators Army Advertising Network

If you like what I do please consider delegating 100+ steempower to @kennybrown. If you would like to join you can also send 2 Steem to @kennybrown for a 30-day subscription. All revenue will be used to increase the steempower on a monthly basis.

Thanks for the info. I've lost my key twice, second time steemit gave it back to me. I don't click on links these days and all is powered up

Smart move not to click on links and to power everything up. When it happened to me, I only had 14 SBD in liquids, so that's the only thing they could steal. That, and the time it took to chance all the phishing comments they had sent out through my account.
No real harm done. But this week I read a post from someone that was robbed for 2000 steem. Why on earth would you keep that much liquid steem in your wallet?

Yes My friend has also lost its account by scam. He read a comment that go to this web sign with steemconnect and get free upvoted he go there and sign up after some time the had changed and they start scaming from its account and then he recovered it account after some time when he get know that there is a way to recover steemit account.

Glad he was able to recover it.
To be honest, I thought it had stopped a couple of months ago, but apparently it is still going on...

Thank you for the reminders. We will keep that in mind. Being vigilant and extra careful, we work hard for it.

It was good reminder for myself too. I wasn't paying enough attention anymore lately.
You'd think I'd remember after being a victim only 6 months ago, but I was getting less careful every day.

I had been so determined in warning people and helping them to recover their account rright after it happened to me, but that was all gone.
The truth is that I thought it had stopped, because I hadn't seen a post about it for months. Apparently, I was wrong...

This post has received a 30.00% upvote from @amayahaley21!
Hi, my name is @amayahaley21 and this post has receive a 30.00% upvote. If you would like for me to visit your posts you can delegate 100+ steempower to me and I will visit your posts until you remove your delegation. You can also donate 2+ steem to me and I will visit your posts for 30-days. All Steem earned will be used to help me grow!


Want more views to reach your posts? Try BlockGators Army Advertising Network

This post has received a 15.00% upvote from @teevmoore!

Hi, @simplymike!

You just got a 11.42% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.

Hi @simplymike!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 4.550 which ranks you at #1842 across all Steem accounts.
Your rank has improved 5 places in the last three days (old rank 1847).

In our last Algorithmic Curation Round, consisting of 425 contributions, your post is ranked at #85.

Evaluation of your UA score:
  • Some people are already following you, keep going!
  • The readers appreciate your great work!
  • Good user engagement!

Feel free to join our @steem-ua Discord server

@smplymike this is very useful especially for me and in two this day new happened to my friend @abduljalil.mbo he seemed to cry because he lost his sbd, steem and account, which he developed for months without getting anything and so far he hasn been able to get his come back account..
.

He should be able to get his account back. I've added clear instructions in my post here: https://steemit.com/mapsters/@simplymike/got-hacked-here-s-how-to-get-your-account-and-reputation-score-back