Three weeks ago I wanted to raise awareness of the ongoing phishing scams operating to steal your keys and used the power of the Steem blockchain to find skillful developers that will help solve this issue. CAUTION: Steemit Clone Stealing Passwords + 50 SBD Reward for an Anti-Phishing Browser Extension So many people showed interest that I needed to make it into a contest but in the end only two of them actually made the extension. I'm really pleased with the results and am hoping that we will once and for all prevent all phishing attempts on Steemit.
@quochuy made Steemed Phish
Download it here
The extension works with:
- a whitelist of friendly Steemit websites
- a blacklist of known scam websites
- checks of external links on friendly websites and make them obvious
This extension will validate Steemit related websites by changing its icon color:
- red is for blacklisted sites
- green is for recognised friendly sites
- grey is for unrecognised sites
When a site is neither whitelisted or blacklisted, Steemed Phish will try to check the URL structure to find known patterns and flag a link as supsicious by coloring it in pink.
There are currently 19 blacklisted websites and 31 whitelisted websites.
Phishing Alerts
If a user lands on a phishing website, Steemed Phish will display two types of alerts:
- a dialog that shows up even if the page was loaded in a tab in the background
- a full page alert, that covers the whole phishing page and offers a link to go back to Steemit.com. The full page alert also reminds the user of not using their Steemit Keys on unknown websites and keep their password (Owner Key) safe.
When landing on a phishing site the app will warn you and prevent any action untill you confirm the warning message
Once the page is loaded the app will display a full page warning when possible
Expand shorten URL
Some links are shortened using services such as bit.ly, this prevents people from easily analysing the URL of the link. Steemed Phish uses a link expanding API to determine the destination URL of a link and then compare it again against the white/blacklist logic above.
Making external links more visible
Ideally, a user should be more careful on links they are clicking on by always paying attention to the URL of an anchor. But this is easier said than done and even the most experienced user can let down their guard sometimes and get tricked by the scammers.
Recently, Steemit.com, has added a feature that marks external links with a grey icon on the right of each links. Steemed Phish will make that icon more obvious by coloring it in purple. On top of that, it will make a bubble appear next to the mouse cursor with a text explaining the fact that clicking on the link with leads you away so don't use your password. This bubble won't show up on friendly (whitelisted) websites.
Roadmap and potential ideas
- make a bot that browses steemit for reports and extract URLs to be added to the blacklist
- make a bot that follows another bot (@guard) and listens for its downvotes and update the blacklist accordingly
- monitor the https://steem.chat/channel/steemitabuse channel for more URls to be added to the blacklist
- If Steem Guard project goes live, use its API to update the blacklist: https://steemit.com/steem/@hernandev/proposal-steemguard-phishing-and-scam-protection-tools
@codingdefined made CheckSteemitLink
Download it here
CheckSteemitLink warns when going on a non Steemit link and it does the same for wallet messages containing links. Although this might be confusing for many users imo it's still a great tool for all the unsuspecting people rushing to throw their keys away.
For more info check his video and utopian posts:
Phishing Link Checker Chrome Extension
Phishing Link Checker Chrome Extension - Update V1.1 and V1.2
Now its your turn to test and vote for the best extension
As noted in the previous post I highly value communities opinion, so now is your time to test the extensions and let me know what you think about them. Especially if you have ideas or skills to make them better.
Currently operating phishing scams to test on:
https://sleemitdotcom
http://steemildotcom/
NOTE: Dot is in the links to avoid flags from project @guard aimed to protect and warn the community of phishing scams. To see the websites obviously replace dot with . and don't enter your credentials there there as this are known phishing scams. Just test the apps and tell me how you like them.
If you know of any other phishing scams please leave a comment so we can update the blacklist.
Winner will be announced in a week and rewarded with 50 SBD, the other dev will get 25 SBD donated from @ebargains
Then it's just a matter of promoting it and getting the word out
In a way that we get maximum coverage and visibility. Because if only 100 people will use it, we didn't do much.
You can help by:
- Writing a post or making a dtube/dlive video explaining the problem and solution ( use #nomorephishes tag so I can find the post and reward you for your efforts)
- Resteeming this and future posts about the extension
- Warning your friends about the ongoing phishing scamms
- Participating in the PR campaign that will be announced in a week
In form of upvotes I'll reward everyone who helps, so be on the lookout for my future post announcing the campaign that will last untill I feel like enough people have heard about and downloaded the winning extension.
thanks for the mention @runicar!
SteemGuard will be renamed because of an already existing bot called @guard.
The project development will start this week, I'll give you an update by the weekend.
Thanks!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Np, thanks for working on keeping the community safe!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
WARNING! A link in this post by @runicar leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nice to see guard working his magic but sad in the same time because of the downvotes, hope I wont get attacked by a bot army for this.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @runicar
I have tried extension steemed phish and check steemit link. And I've created a tutorial of use for both with indoensia language. I choose and recommend steemed phish to users. Because steemed phish has the ability to unshorten phishing links and has a blacklist that is always ready to update. Thanks to @quochuy for his great job
Here is my post related steemed phish
Steemed Phish :
and this link about check steemit link :
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great work, thanks for spreading the word and giving input about the extensions. Will upvote your posts tommorow when I recharge a bit.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks @runicar for your support
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Resteemed and will encourage others!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks, much appreciated!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is great news! I might reference this post in my next issue of Unlocking the Power of Chrome, if that is okay with you. Probably just a couple of sentences since you have already covered everything really well here!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Of course you can! Throw a link back to this post for people who want more info :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Awesome, Thanks! I will probably write about it in my next post on Wednesday.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nice! Hit me up when you post it.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Here you go! https://steemit.com/chrome/@bozz/unlocking-the-power-of-chrome-issue-28
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
@quochuy did a pretty great job out there :)
It sure is a great help and will be of help to many :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hey @runicar. I originally heard about this from @codingdefined when he began work on his extension.
As the leader of a community (@thesteemengine), extensions and resources like these can be incredibly valuable to protect the accounts of our members. This is also useful information since I am working on a project called The Beginner's Guide to Steemit, and I addressed phishing briefly in the Security lesson.
I'm going to share this post with my community, which will hopefully get some more people to try out both extensions and give feedback. I'm going to use the extensions also and hopefully be able to also provide input.
Once again, from myself and the members of @thesteemengine, thank you for hosting this contest and seeking to help keep Steemians safe from scams.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks for the support! It's highly appreciated.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
We really need it. Looks like many scammers are here lately. My account was stolen yesterday and abused :( They upvoted their own comments and downvoted other users. They stole many accounts and transferred money to their other account.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Sad to hear that, do you know how you landed on the phishing site? And which one was it so we can add it to the blacklist.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yes one user commented on my post and I followed the link :(
I wrote this post yesterday regarding the what happened and shared more photos.
https://steemit.com/steemit/@hanen/my-steemit-account-was-stolen-and-recovered
They steal accounts with high reputation to make people trust them :(
I hope this can be helpful.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Can you send me the exact comment youclicked on so I check which clone is it. The one we already got blacklisted or a new one.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
yes it is this one:
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Also check the comments from their other account:
https://steemit.com/@angela-noel/comments
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks, the extensions work great and warned correctly. Be sure to get them installed so that you never have to worry about this issue any more.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
OK great. i will install it. Thank you very much :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Okay I gotta catch some sleep but I promise to do this first thing in the morning. WIll edit my comment :)
Thank you!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hope you didn't forget about it :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I resteemed so I would not forget for sure, but here we are. Having this convo lolz Gonna put my mind to it in a min!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great, btw you missed my last comment from yesterday. Dankweedguyz, can't wait to get back to Slovenia for some fire skunk :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
oh, I guess I did. Mahh man, make sure to hit me up when you visit! Did you join the weed challenge=? Its super easy and fun!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Will do :) Where are you at if it's not a secret? I try to help @ggirl with the challenges but we are somehow always off. Dunno why but your nugs always look lighter than they actually are :) But I'll start participating on my own from now on.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @runicar, this post is the forth most rewarded post (based on pending payouts) in the last 12 hours written by a Superuser account holder (accounts that hold between 1 and 10 Mega Vests). The total number of posts by Superuser account holders during this period was 1357 and the total pending payments to posts in this category was $7153.72. To see the full list of highest paid posts across all accounts categories, click here.
If you do not wish to receive these messages in future, please reply stop to this comment.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
sorry for the downvote but because of the vote you got here it just ruins the flow of my comment section
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks! Congrats to quochy, he is French ^^! Thanks again
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This extension is a must have for every user. I've seen many people have fallen for such attacks.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wonderful post ..thanks for sharing...Best of luck @runicar ✫
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Is there not anything for us Firefox users?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Sadly no, better switch to chrome :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I’m investigating on porting mine to Firefox but I have to verify if all the features I used are available in Firefox. It’s won’t be for very soon though
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wonderful update more grease...... no way to those heart in here
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's very interesting informations! Thank you!!!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It is very useful, congrats for their work. I can't wait to test them
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This platform really need it . to kick out scammers
Thanks,good work
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
it sounds really very helpful , steemit is so strict about password still people fall into the trap.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit