Pull Request Submitted - Added spam and phishing warning to wallet history

in phishing •  7 years ago  (edited)

There have been a lot of users sending malicious links (spam, phishing, etc.) to users using wallet memos. I submitted a pull request to warn users about clicking on links that they see in their wallet.

The text will read:
Beware of spam and phishing links in transfer memos. Do not open links from users you do not trust. Do not provide your private keys to any third party websites.

It will be above the transactions in the history section of a user's wallet:

The pull request can be viewed here:
https://github.com/steemit/condenser/pull/1822

The PR is not accepted yet and there is no guarantee it will be approved, but I plan to work with Steemit, Inc. to make any edits necessary to try and get it approved. Hopefully we will see the changes up on the live site soon!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you for bringing this to light.

It is amazing all the ways that people's accounts are being attacked. I guess the money is simply too tempting.

Perhaps the developers can establish some type of double opt in for any money transactions.

I use my posting key to log in..does this protect against the phishing scams?

It helps, but it doesn't make you immune.

  ·  7 years ago (edited)

Yes we need a fishing warning ;-)
I very much appreciate that u care, but I'm not sure weather this helps. User tend to click on everything even when there is warning.
Warning for users is ok, but there should be done something to stop spammers and scammers.
Just my opinion
J

We'd need to define what "something" is.

  ·  7 years ago (edited)

anything ;-)
Nah. I see that this is not so easy. I mean all these spammers they operate directly on the blockchain and theres no easy way to stop them.
J

Wow. Just wow!

This proposal is very helpful to us since nowadays so many "the so called hackers" took advantage to the unaware users and they do phishing on them to get their logged on their account.

This freature or update (i may call it update) will serve as a warning so that the phishing activity will be prevented. One of my friend was a victim on this modus.

Please push that feature @timcliff this is really a great improvement on the steemit world.

I just hope that new users dont fall for these scammer tactics and then quickly get a bad opinion of Steem. Thanks for posting this and doing what your doin @timcliff

Thee world is full of nefarious characters and theives. We livest among pirates! argggh.

Do not provide your private keys to any third party websites
would that include Busy and ChainCC or other 'spin-offs'
(how can we be sure they are legit?)


Suggestion...increase the cost of wallet spam to a substantial amount.
.001 steem doesn't discourage anyone from sending out thousands of spam
1.00 Steem would..but would still not be enough to discourage legitimate activity.
.

I think that is Steemit's official stance to warn users against it. If users trust third party websites though, it is their choice.

I'm for the idea. I'd actually like users to be able to set a minimum threshold to be able to send them funds with a memo. Users could set it to whatever they want. If someone wants to pay me $5 SBD to send me spam, then I suppose I'd be ok with that :)

Absolutely agree.

Completely agree with you.

Now this is a good idea I did not think about.

Hey Tim, I realize this post is months old but I'm a noob (12/17) and saw a user going by "hottopic" post the following in the memo line of my wallett - "Hello dissfordents. I Followed you.If you follow me, I'll be happy.Thanks :)"
I instinctually clicked on the username. Has the security of the wallet been compromised? I will never make that mistake again after seeing this post. Advice appreciated.

Clicking on a username should be fine. Just make sure you never leave the steemit.com domain, and that you didn’t have to re-enter your password.

Thanks a million Tim. I'm kinda low-tech, and appreciate your prompt reply.

Never go to any site you do not know or trust sent via memo here.

  ·  7 years ago (edited)

I am so tired of people spamming my wallet with 0.001 Steem or SBD transfers - just to advertise their stupid, over-priced resteem "service." Many of the followers of these so-called services seem to be full of fake & inactive accounts, or get followed by noobs to the platform who don't know any better. It's really annoying, but I suppose that the more successful that SteemIt becomes... the more attempts there will be to find ways to exploit the blockchain for free, low-quality advertising. 0.o
I look forward to the day when we can slap-down people who spam our wallet memos.
Upvoted and Resteemed.

Came back to look for this to say something.
There's at least case of phishing by comments from cheetoh
Maybe, we need the some warning here too.

I've heard about them too. Not sure how to work them in though. If it makes the UI too cluttered, it won't fly. Any thoughts?

i did think it may get bit messy but maybe align to to the left all the way with the [Sort Order] may work but maybe a generic warning with the first sign up page on phishing can happen at comments and wallet.

you are the best witness @timcliff
I mean you are the only one who replies to his followers

Thanks :)

Having this

Beware of spam and phishing links in transfer memos. Do not open links from users you do not trust. Do not provide your private keys to any third party websites.

warning is a good thing, but as you saw from everittdmickey, who is a high-ranking individual, not everyone knows what is considered a 3rd party. I suspect over half the users don't fully understand that there are actually 2 parts to steem (the blockchain and the gateway). When these people are told there is now an alternate site for accessing steem, they may well think that all these additional sites are part of steem or at least sanctioned and monitored by steem. I feel it is important to make that distinction somewhere prominent so that EVERYONE right down to the newest newbie who is totally computer illiterate can understand the difference.

It's a good idea. Educating users on proper security is a huge task though. Unfortunately no matter how much we do, it will probably never be enough.

thank you my numero uno witness @timcliff your innovative ideas will ensure we get better privacy and security... keep it up... and hey...i mentioned you and your work on my blog posts of today...please hope you do not mind...
also what of issues related to extra log in security like google authenticatior... we need such since some of us wanna deposit some external funds and use steemit account as saving...look into it sir.. thanks

Implementing two factor authentication on Steemit would not do any good. The blockchain authenticates using your private keys, so even if Steemit.co would prevent them from accessing your wallet, it wouldn't stop a hacker from stealing your funds if they got your key.

Powering up is one way to prevent significant damage from a hacker. If your account gets hacked they can take your liquid funds, but they would not be able to get your SP without powering down first. Hopefully within the time they tried to do that, you could recover your account and change your keys.

Thanks for the info..i was thinking once one looses his key...no way to recover account...what's the option to do...or any code...key to save and use to confirm verification on password recovery?

If a user looses their key, there is no way to recover their account. Don't loose your key. Make sure you save it and back it up somewhere safe.

Ok...thanks.and this is why I always insist steemit should create additional option to help in recovery...like a serial code...hope in the future this issue will be looked into especially as we plan the next Fork and SMT where some of us planning to save huge amount of steem power now shall be millionaire through steem when steem will cross $100 mark... Thanks my witness for the answers... I appreciate and will more if sometime you check out my style if blogging..and comment...😎

Saw this in my wallet today! Good work!

spam notice.png

Thanks :)

I also recommend the need for pre-phishing for no installation
greeting

Can you elaborate?

this would be great and will help #steemians to be aware of this #fishing links so they can protect themselves ;) thank you for your contribution @timcliff you are the best and i hope that your request will be put in action soon .

The power of "Tim" is back in action! Thanks for the update

Cordial thanks for the warning. Don't know if I would have been careful enough within this system that feels safe to me.. well, will definitely not click on suspicious links now. Hope the PR will get accepted!

this is a good initiative. i have some memo like this before .

Thanks @timcliff for awaring people to secure their account and spreed love among the people.

thanks @timcliff, as always I appreciate the consistently great work you do here!

Hi mate, it's great that you came up with this one, but I really think to stop this kind of spamming, an increase in the minimum SBD to be send should be increase, like you said in another comment : 5SBD will work perfectly!

This is very good. I have been here only a few days and came across many pranks and memos etc.

@timcliff - IMHO asking for community contribution for translations will be a good idea

Great idea. Additionally, I suggest they put that warning as a sticky red button in the navigation bar.

Thank you good sir @timcliff for the heads up! So much to keep in the loop on with tha Steemit! I am forwarding this important bulletin to ALL of my followers ASAP!! Keep Rockin' . . .

Keep up the good work tim! Hopefully this gets approved and saves some people the headache and heartache of losing their account to phishing attacks!

Thanks for caring about our platform and being a model witness!

last week i heard huge trouble happened to wallet spam. useful info shared. @timcliff

@resteemia

wow excellent fish.

Yea bro you say correct There have been a lot of users sending malicious links spam to users using wallet memos. And there are many users who make spam links in comment also.

Thanks. You have helped me get the right information

This is great the spammer, scammers have been quite active.

wow ! very nice and good job @timcliff .Excellent post thanks for sharing.

awesome

nyc

Congratulations! This post was randomly selected and upvoted by @resteemr!


@resteemr is a new low price resteem service.
Check what @resteemr can do for you - Read More.

I agree with your friend's opinion, I hope so, what you want to achieve can be achieved. I support it Thank you for the information, I will share with my friends all, to be more vigilant. 😊👍