Phishing is a fraudulent practice that we see every day in the world of the internet, people with computer knowledge and social engineering (Phisher), create a means of communication supplanting the identity of a company or institution to obtain the data of its affiliates.
To understand more graphically, we have the famous case of TrustedBank, where the Phishers sent an email to all the users of the same, informing them to check their accounts since "from another country" they withdrew $ 135.25, so they had to enter the link if that transaction was not made by them, people usually seeing a news like this, knowing that their money is in danger ENTER WITHOUT THINKING.
It is there when you are really compromising your account, filling out forms with all your bank details directly to the Phishers database.
But ... and how do we know if the link is safe or is a malicious link?
- Any serious and reliable organization will never ask you for your confidential data via email or common messaging. Already this is a sign of distrust.
- Enter your data in only secure webs; they start with https and a green color padlock
- Always check the link where the information comes from, and enter google or your favorite browser to see if it is the real one.
As we saw in the previous case with the TrustedBank, the link sent by the Phishers was www.trustedbank.com, when the trusted bank's real domain is: www.trusted-bank.com (separated by hyphen ).
Phishing in Steemit.
For a few days, anguish has been observed in the community for the commitment of the credentials of many users, more and more sources appear leaving messages in our post with malicious code, which go unnoticed at first sight, wanting to steal our keys to make improper use of our accounts, whether it is stealing money, massively posting, etc.
We have the case of the propagating account ibemorah who for a few days was dedicated to sending messages to many users with the following format:
Making users believe that they were committing plagiarism, of that supposed article, when the indignant user clicked on the link, they were automatically sent to a "visually exact" website that we know of steemit, with the small but great detail that This is called STEAMIT.GA asking us for our username and password.
When the user completes the form with their name and password and presses the "Login" button, their data will be totally compromised.
If a Phisher obtains our publication key he will use our account as a propagation focus of "virus", sending many more messages to all the rest of users in the community to do this way an exponential growth of the infection, imagine that of each 10 messages, 1 people fall into the trap, and from the account of that person forward the "virus" to 10 more people, in a matter of hours we would become hundreds.
What is the community doing to prevent these attacks?
Work is already being done by the account @steamcleaners who are dedicated to the cleaning and care of the platform in many aspects, creating a bot called @guard, which looks for links of identity theft and sends a warning once it is detected, if the phishing is covered under a link with shortener in the same way it will be detected.
If you as a user manage to visualize a message with an indication of phishing, whether it was sent to you in the form of a memo with a transfer or perhaps a comment in one of your posts, but this is not a link, but only induces you to enter in a certain web, you could also send that information to the discord chat of Steemcleaners, to contribute your grain of sand.
Recommendations for safe surfing in Steemit.
- BE SURE to always be connected under the domain of: https://steemit.com/ or https://busy.org/ are the only and true secure sites.
- NEVER log in with your Owner key, since this allows you to perform all the functions of the account, as well as transfers and management of your wallets, without mentioning the power to change the other keys.
- USE as much as possible only your publication key, if you are only going to enter the platform to post a content, read comments and answer them, this code is more than enough for that task.
- If you need to make an important transfer, just use the active key, make the transfer, disconnect and re-enter with your publication key.
Well friends, I hope this information will help you to walk carefully on the platform, and we can enjoy a pleasant stay in it.
Original Content
Source of Images: