Phishing:
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. - Wikipedia
They are everywhere! They are even on the Steem blockchain! I remember my first encounter with an phishing attempt as a university student. An email was sent to everyone at the organization I worked at, posing as Wells Fargo & Company. I heard several employees fell for the scam and they were frantically trying to damage control.
I was fortunate because I did not use Wells Fargo. When I received the email, I deleted it on the spot. Today, I often receive phishing calls over the phone. Again, they tend to claim to be services which I have nothing to do with or know anything about, and I am able to ignore their enticements.
I have personally witnessed several people falling for phishing scams in the past few weeks. Much like their off chain counterparts, they often pretend to be a trustworthy service or another link on the blockchain. Here are some examples:
What is so malicious about these attacks is that all the accounts you see in the screenshots were VICTIMS that fell for the trap and ended up having their own accounts become the tools of further scams. Some accounts were stolen for so long that they became permanent fixtures in the phishers' resource pool.
If you paid attention to the links they provide in their comments, they are not Steemit links. When you click on them, they will ask you to log in as if you were logged out of the UI. That is how they get you.
How to recover account?
A general process can be found in @firepower's past post about account recovery or visiting the @steemcleaners Discord for assistance. People such as @bullionstackers and @arcange work tirelessly to contain the phishers' attempts to gull other hapless Steemians into their jaws.
Phishing accounts are generally flagged into invisibility. When you have recovered your account, make sure you delete all traces of phishing elements on your profile and notify quarantine personnel to remove the flags before seven days, or your reputation damage could be indefinite.
How to stay safe?
The Witness @quochuy has a useful signature that serves as a PSA for phishing protection. I recommend everyone to read them. Basically, it involves using each of your unique keys for specific purposes. In the event that you do become a victim, the damage would be limited.
What about lost funds?
I am sorry to say that they are good as gone. As a precaution, there are ways to make sure your funds are difficult for the phisher to extract. A makeshift cold wallet, as suggested by @themarkymark can minimize losses should your active social account becomes compromised. In addition, putting your funds into savings, a relatively unused feature, can buy you three days before the phisher can move your funds.
What can exchanges do?
I was informed by @steemflagrewards lead admin, @anthonyadavisii, that @blocktrades, Witness and exchange, is willing to blacklist known cash out accounts used by phishers to slow down thefts. This is under the condition that users provide details about the timeframe which accounts were stolen. They would also be willing to provide extra information for tracing the funds if necessary.
While it would be nice if all exchanges chose to participate in slowing down wrongful transfers, let us all remember that our accounts are our own responsibility and money is involved in all accounts.
Abuse Series is a record of witnessed events as I move about on and off the Steem blockchain.
Previous post: Memes #2
Next post: What Is Spam?