Friends, bots and Steemians! (Phishing)

in #phishing7 years ago

Plainstraße_-_Salzburg_-_Skulptur2b_-_Elisabethkirche.jpg
Wikimedia Comons

Lend me your... Holy crap! That is one giant ear!

There has been a spate of bots and phishing attacks happening on Steemit. This is a pretty normal occurrence on the internet, but now that Steemit is gaining traction and there is real monetary worth stored in accounts there is now some incentive for the lowest of the low to move to fertile grounds.

So, this is an informative post about keeping safe on Steemit. There are other posts by @simplymike here and here, that will help deal with the after effects of being phished.

However, this is a post about prevention. Something about "prevention being the longer word than the cure" or "Prevention is a cooler band name than THE CURE"

YOUR KEYS

1200px-Anglo_-_Viking_Key,_Circa_900AD.jpg
Wikimedia Comons

So, when you first sign up, you are presented with your MASTER key and told to store it somewhere safe. Then you probably got all excited and wrote an #introduceyourself post and went off to start making SBD!

STOP!

You have four keys. If you go to Wallet --> Permissions, you will see 4 fields for each of the addess/key pairs. If you are interested in crypto or the mathematics behind it, you can read it here: Public-Private key cryptography

Your public addresses on Steemit start with STM and these are basically pointers to your "place" on the STEEM blockchain. The private keys should be kept safe and never made public (except if you are using services like Steemit), they authorise various actions to your "place".

In this day and age, "password123" and "letmein" are not appropriate on the wider internet anymore, seriously consider using a password manager (I use LastPass) to manage and generate random unique passwords for everything you do on the internet, also to manage your Steemit passwords (maybe not your MASTER).

Your 4 keys in order of importance and what they do:

Each key can do everything that the keys in the lower tiers can do.

MASTER

This is the ultimate key. With this, you can authorise anything to do with your place on STEEM, including changing the other keys. Although it may seem handy to just always use this key, so you don't need to swap between the posting/wallet keys, it is a seriously bad idea. Keep this one safe and preferably OFFLINE!

When should you use this key? NEVER. NEVER. NEVER. Okay, that's not quite true, you can use it if you need to recover the other keys or change the other keys.

ACTIVE/WALLET

This is the one that authorises access to your wallet. It is also sometimes used as an identifier on other sites that access the STEEM blockchain. Try to use this one only very very sparingly. If you are new to Steemit, then restrict yourself to using this key on when you are doing a financial transaction from your own wallet.

When should I use this key? ONLY when you are access trusted (see below) sites or doing transactions that you have initiated yourself from the wallet.

POSTING

This is the one that authorises the posting, commenting and upvoting from your account. It is the one that you should use most often, as it is the reason that you are on Steemit!

When should I use this? All the time for logging into Steemit and other condensers (ways of interacting with the STEEM Blockchain). It is the most commonly used key, be wary of anything asking for anything above this tier!

MEMO

This is the weakest key at the moment. As far as I can see, it really isn't used for much other than identity verification (proving that you can unlock the address) at the moment.

When should you use this key? Well, it is the lowest tier, so I would be using this if there was an option to use it instead of the others!

FREE SBD and UPVOTES and RESTEEM!

1200px-Fishy_fishy.jpg

Wikimedia Commons

Okay, if a stranger came up to you and offered you money (let's be generous 0.1 SBD is about 20 cents) and to be your friend for life, would you give him the keys to your house?

I know at the beginning it can be super frustrating to gather followers and audience. It feels like you are posting into an abyss and no one hears or reads anything you write. That dodgy post, offering you a short cut to Steemit superstardom is just too good to be true. And like all things, it is. Don't get blinded by the SBD numbers, remember a single loyal follower is better than 1000 followers who won't interact with you or upvote you anyway.

How do you get these magical followers? Write, comment and join communities! It takes time and effort, but like everything in life, there is no shortcut.

If it seems fishy, it is fishy. There is no Nigerian prince wanting to give you his wealth and no you didn't accidentally win a lottery on the other side of the world. The same is true here, stay wary but stay civil!

Don't click on links that take you outside the Steemit site. Or if you do, you will NOT NOT NOT need to log in.

If you do see something dodgy, there are bots protecting us (@guard by @anyx is one). If you aren't sure, report it to @steemcleaners, do your part in keeping everyone safe and possibly collect a bounty at the same time! Don't try to handle it yourself!

Trusted sites and services

1200px-Dandelion_Sisters.jpg
Wikimedia Commons

If you are being asked to log back in, take a moment and STOP! Why are you being asked? Check to see if you are on the site that you thought you went to? There are many impostor sites cropping up. Again, using a password manager helps with this, as it will not offer to fill the log on fields.

As you grow on Steemit you will hear of other sites that access the Steemit blockchain. At the time of writing here are some trusted sites:

SteemConnect: This is the intermediary that identifies you as being able to access your blog on other sites.
Blocktrades: This the easiest way to interact between Steem and the wider cryptosphere!
mspsteem.com: This is the condenser that the PAL group have set up to access the blockchain.
busy.org: Another version of Steemit, I use this one often as it allows me to adjust my voting power (you can't do this before 500SP on Steemit). I just wish it had a dark theme....
Dlive: Streaming site for STEEM
Dtube: The YouTube equivalent
Dsound
Dmania: MEMES!

For the moment, stick to these. When you learn more as you grow on Steemit, then you will learn of other services. But for the most part these are enough for the beginning blogger!

That's it for now, I have to prepare for work! Stay safe, stay on guard!

U5dsUfcvauXNAP4kT4SzwKQs8yV8c6Y_1680x8400.png

Referral links

Mene, Investment jewellery (5 dollars credit just for making the account).
Humble Bundle Monthly, PC games package every month!
Minnowbooster Bonus for the new account maker as well!
Coinbase, the biggest fiat on and off ramp.
Binance, the biggest crypto exchange.
Coinjar Fiat on ramp for Australia or UK!
Mannabase, Universal income in the blockchain, 50% bonus in the first year if you use this referral.
Cryptopia, Lots of lesser known altcoins.
HitBTC Even more Altcoins!

Airdrops

ETHIC
SWARM
MARGINLESS
ECHOlink
AirSave Telegram
TheKey Telegram link
THUG Telegram link
VEIRIS
PECUNIO
PRONTOPAY
MESH
AICT
STRYKZ

DQmXDFhqQrKJrKavGxmhTuLaF2iR3JkZKJzPPj4vFK6Pkvu_1680x8400.png

Horizontal Rulers by cryptosharon
Team Australia footer by bearone


Classical_Music_smaller.png

The classical music community at #classical-music and Discord.
Follow our community accounts @classical-music and @classical-radio.
Follow our curation trail (classical-radio) at SteemAuto
Community Logo by ivan.atman

Sort:  

Your Post Has Been Featured on @Resteemable!
Feature any Steemit post using resteemit.com!
How It Works:
1. Take Any Steemit URL
2. Erase https://
3. Type re
Get Featured Instantly & Featured Posts are voted every 2.4hrs
Join the Curation Team Here | Vote Resteemable for Witness

This has been resteemed for the benefit of our community. It will not be part of the curation and had not been upvoted from the community account.

You got a 1.43% upvote from @postpromoter courtesy of @bengy!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

Very informative post, @bengy.
Thanks for helping to spread awareness.

There is no Nigerian prince wanting to give you his wealth and no you didn't accidentally win a lottery on the other side of the world.

Can you imagine there are still people who fall fot that - lol

I have something for you though! Just send as much ETH as possible to

0x44Caae27D04B1e937a3dF4d9B210F0f6B7EA46F4

And I will tell you what it is!

Lmao!
I think I’d rather wait for my Nigerian prince... ;0P

Okay okay, just for you a special one time offer... Just a single ETH. But don't tell anyone else!

Lol. If the price of ETH would still be as low as when I bought it - which was like $8 - I would probably send it to you, lol. How about some Smartcash ;0P

Ha, it looks like we both bought into ETH around the same time!