Beware of Phishing - What is it? / How is it affecting users in the community? / How to prevent it?


 Phishing is a  fraudulent practice that we see every day in the world of the internet,  people with computer knowledge and social engineering (Phisher), create a  means of communication supplanting the identity of a company or  institution to obtain the data of its affiliates. 

 To understand more  graphically, we have the famous case of TrustedBank, where the Phishers  sent an email to all the users of the same, informing them to check  their accounts since "from another country" they withdrew $ 135.25, so  they had to enter the link if that transaction was  not made by them, people usually seeing a news like this, knowing that their money is in danger ENTER WITHOUT THINKING.

 It is there when  you are really compromising your account, filling out forms with all  your bank details directly to the Phishers database. 

 But ... and how do we know if the link is safe or is a malicious link? 


  •  Any serious and reliable organization will never ask you for your confidential data via email or common messaging. Already this is a sign of distrust. 
  •  Enter your data in only secure webs; they start with https and a green color padlock 

  •  Always check the link where the information comes from, and enter google or your favorite browser to see if it is the real one. 
 As we saw in the  previous case with the TrustedBank, the link sent by the Phishers was  www.trustedbank.com, when the trusted bank's real domain is:  www.trusted-bank.com (separated by  hyphen ). 


Phishing in Steemit.


For a few days, anguish has been observed in the community for the commitment of the credentials of many users, more and more sources appear leaving messages in our post with malicious code, which go unnoticed at first sight, wanting to steal our keys to make improper use of our accounts, whether it is stealing money, massively posting, etc. 

 We have the case  of the propagating account ibemorah who for a few days was dedicated to  sending messages to many users with the following format:   

Making users believe that they were committing plagiarism, of that supposed article, when the indignant user clicked on the link, they were automatically sent to a "visually exact" website that we know of steemit, with the small but great detail that This is called STEAMIT.GA asking us for our username and password.

When the user completes the form with their name and password and presses the "Login" button, their data will be totally compromised. 

 If a Phisher  obtains our publication key he will use our account as a propagation  focus of "virus", sending many more messages to all the rest of users in  the community to do this way an exponential growth of the infection,  imagine that of each 10 messages, 1 people fall  into the trap, and from the account of that person forward the "virus"  to 10 more people, in a matter of hours we would become hundreds.   

 What is the community doing to prevent these attacks? 


 Work  is already being done by the account @steamcleaners who are dedicated  to the cleaning and care of the platform in many aspects, creating a bot  called @guard, which looks for links of identity theft and sends a  warning once it is detected, if the phishing is covered under a link  with shortener in the same way it will be detected

 If you as a user manage to visualize a message with an indication of phishing, whether  it was sent to you in the form of a memo with a transfer or perhaps a  comment in one of your posts, but this is not a link, but only induces  you to enter in a certain web, you could also send that information to the discord chat of Steemcleaners, to contribute your grain of sand.    

 Recommendations for safe surfing in Steemit. 


  •  BE SURE to always be connected under the domain of: https://steemit.com/ or https://busy.org/ are the only and true secure sites. 

  •  NEVER log in  with your Owner key, since this allows you to perform all the functions  of the account, as well as transfers and management of your wallets,  without mentioning the power to change the other keys. 

  •  USE as much as  possible only your publication key, if you are only going to enter the  platform to post a content, read comments and answer them, this code is  more than enough for that task. 

  •  If you need to  make an important transfer, just use the active key, make the transfer,  disconnect and re-enter with your publication key. 

 Well friends, I hope this information will help you to walk carefully on the platform, and we can enjoy a pleasant stay in it. 


 Original Content 
 Source of Images: 

Imagen 1

Imagen 2 

Imagen 3 

Imagen 4 

H2
H3
H4
3 columns
2 columns
1 column
Join the conversation now
Logo
Center