Phishing is the malicious act to obtain sensitive data from somebody, specifically done by “baiting” them into handing over that data.
Steemit, and the Internet in general, are absolutely not safe havens and one can be phished at any time.
Many phishing attempts online will try to imitate a site, or possibly a project which would seem to be a part of the site where they attempt to phish people. Phishing can also happen in email, instant messaging, or on social media. Fake airdrops are often also phishing efforts where the organizers want to obtain access to one’s account and social media profiles where possible.
On Steem(it) most phishing attempts known so far aimed to obtain one’s master key so they could highjack (and empty) the account. Sometimes this happens by tempting somebody to login to a steemit alike website (using condenser) or the phishers have setup a site which imitates SteemConnect but your account name and key are sent to them.
In worst case within seconds only they may have logged in (via a script) and reset your master key.
How to protect yourself?
Only you can protect yourself from phishing attempts on the internet, and also on Steem.
Always check the URL. If not sure do not click the URL and definitely do not enter your user details on any site you do not trust 100%. On the Steem blockchain most sites do not need your admin or master key and are happy with only your (private) posting key. Because both other keys are only required for wallet operations or account settings.
Ergo, only use your posting key on Steem. If a site wants a higher level of access, more often than not they will offer SteemConnect Authentication as login method. When using SteemConnect the site only receives tokens but not your password. These auth tokens can only be used by the app which received them. This means that Musing could not use the tokens generated from logging in to Musing with SteemConnect to post in name of your account via Steemhunt, for example.
Physing as regards to cryptocurrency is basically a type of cybercrime in which people are duped into giving out personal details of their various crypto assets e.g a private key or a master key or recovery file etc. This is done by the use of emails, texts and so many others. The fraudsters tend to pretend to be administrators of certain crypto sites so as to make people feel they're legitimate after which they steal your crypto assets and you most probably never hear from them again. People have actually gotten phised on steemit alot. I have a friend who was tricked into giving up her steemit password which led to her losing her account.
The most frequent type of phising I see on steemit is what I call the 'crypto-exchange scam'. People tend to make mistakes when typing the names of the accounts that they're sending their funds to and accounts like bittrex, poloinex and deepcrypto8 which serve as gateways for people to send their steem or and to and from their bittrex, binancr and poloinex accounts respectively are the major targets. Fraudsters open accounts with similar names to the above stated accounts and wait for people to make the mistake and transfer funds to them. Such accounts include bittrexx, polionex, deepcrypto88 and so on.
Upvote and steem delegation services like minnow booster aren't excluded, as they are also targeted by fraudsters.
Phisihing was an act to obtain a person's personal information having an evil intent. This often happens in the digital world where we are using usernames, passwords, credit card details, bank account details and many more that usually involved money. So basically it was an act to get an access to your personal account.
Was steemit safe from Phishing? well I really do believe that steemit was not safe in this act. There were case where users received some transferred SBD or STEEM with url that will lead you to a page very similar to steemconnect. Once a user entered his/her password to this site, his/her password will automatically saved into the database of that website and Viola ! ! ! they got your account already. Better be careful in opening some untrusted websites.
Another was by using another computers some computers have keyloggeres which enables them to all the characters that was typed in the computer. Better be careful also in opening steemit account to internet shops as they might steal your precious account
Phishing is the malicious act to obtain sensitive data from somebody, specifically done by “baiting” them into handing over that data.
Steemit, and the Internet in general, are absolutely not safe havens and one can be phished at any time.
Many phishing attempts online will try to imitate a site, or possibly a project which would seem to be a part of the site where they attempt to phish people. Phishing can also happen in email, instant messaging, or on social media. Fake airdrops are often also phishing efforts where the organizers want to obtain access to one’s account and social media profiles where possible.
On Steem(it) most phishing attempts known so far aimed to obtain one’s master key so they could highjack (and empty) the account. Sometimes this happens by tempting somebody to login to a steemit alike website (using condenser) or the phishers have setup a site which imitates SteemConnect but your account name and key are sent to them.
In worst case within seconds only they may have logged in (via a script) and reset your master key.
How to protect yourself?
Only you can protect yourself from phishing attempts on the internet, and also on Steem.
Always check the URL. If not sure do not click the URL and definitely do not enter your user details on any site you do not trust 100%. On the Steem blockchain most sites do not need your admin or master key and are happy with only your (private) posting key. Because both other keys are only required for wallet operations or account settings.
Ergo, only use your posting key on Steem. If a site wants a higher level of access, more often than not they will offer SteemConnect Authentication as login method. When using SteemConnect the site only receives tokens but not your password. These auth tokens can only be used by the app which received them. This means that Musing could not use the tokens generated from logging in to Musing with SteemConnect to post in name of your account via Steemhunt, for example.
Physing as regards to cryptocurrency is basically a type of cybercrime in which people are duped into giving out personal details of their various crypto assets e.g a private key or a master key or recovery file etc. This is done by the use of emails, texts and so many others. The fraudsters tend to pretend to be administrators of certain crypto sites so as to make people feel they're legitimate after which they steal your crypto assets and you most probably never hear from them again. People have actually gotten phised on steemit alot. I have a friend who was tricked into giving up her steemit password which led to her losing her account.
The most frequent type of phising I see on steemit is what I call the 'crypto-exchange scam'. People tend to make mistakes when typing the names of the accounts that they're sending their funds to and accounts like bittrex, poloinex and deepcrypto8 which serve as gateways for people to send their steem or and to and from their bittrex, binancr and poloinex accounts respectively are the major targets. Fraudsters open accounts with similar names to the above stated accounts and wait for people to make the mistake and transfer funds to them. Such accounts include bittrexx, polionex, deepcrypto88 and so on.
Upvote and steem delegation services like minnow booster aren't excluded, as they are also targeted by fraudsters.
Phisihing was an act to obtain a person's personal information having an evil intent. This often happens in the digital world where we are using usernames, passwords, credit card details, bank account details and many more that usually involved money. So basically it was an act to get an access to your personal account.
Was steemit safe from Phishing? well I really do believe that steemit was not safe in this act. There were case where users received some transferred SBD or STEEM with url that will lead you to a page very similar to steemconnect. Once a user entered his/her password to this site, his/her password will automatically saved into the database of that website and Viola ! ! ! they got your account already. Better be careful in opening some untrusted websites.
Another was by using another computers some computers have keyloggeres which enables them to all the characters that was typed in the computer. Better be careful also in opening steemit account to internet shops as they might steal your precious account