As many of you might know, there have been several phishing attempts on users here on Steemit, aimed at stealing your private keys. As a reminder to all users, please be careful when clicking links and entering your private keys! Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
Phishing is an extremely invasive attack that can become exponential if not contained early, similar to how a virus works. Once the phisher gets a hold of a posting key of another account, the newly infected account can then also be used as a carrier to try and spread the infection. The only way to immunize against such a threat is to start early, and pro-actively attack the commonality (the virus) rather than post-actively quarantine users as they become infected. Worse, users infected may have their funds stolen -- the damage has already been done. We want to prevent more users from being infected immediately.
To address this, I have created @guard. Rather than work of a list of known infected accounts, @guard instead searches for the phishing links themselves, and presents a warning any time one is detected. Despite attackers attempts to hide phishing links (such as with link shorteners), @guard will still catch them.
With this introduction to @guard, please understand the following two pieces of information on how to help us fight phishing.
1. How to Properly Warn Others of Phishing Links
While it is great that users are warning others of phishing links, including the phishing link itself in the warning can actually lead to accidentally spreading the infection! It is important to be careful. Try to make sure when commenting/warning about a phishing link, to avoid using the url itself. This includes links you think may not be clickable (such as removing the www, or http://), as some browsers / extensions can make them clickable anyway.
Furthermore, it is not possible to programically determine if a user is warning of a phishing link, or actively trying to phish, if both cases use the phishing link itself. To this end, please, when warning others, try to use something un-clickable like badwebsite(dot)com
.
2. Reporting Discovery of new Phishing Links
As this method of prevention does need to be updated when new phishing links (e.g. new domains) are discovered, timeliness is important. If you find a link you believe to be phishing (and wasn't already automatically caught by @guard, or manually found by @steemcleaners), please report it immediately to @steemcleaners via our discord chat. If unavailable, you can try directly contacting a @steemcleaners member.
That's it. If you have any thoughts/questions/recommendations about the bot, feel free to comment below!
Thank you @anyx......this is a much appreciated development.
Steemians appreciate all you do.
All the best.
Cheers.
Indeed, I had hated @cheetah, untill I read the cheetah's faq on @anyx blog. @anyx is indeed a blessing to steemit. Like @bentleycapital says,
Thank you.
Hi @anyx . If it works as a cheetah, which accuses users of plagiarism without checking or thinking, it will still be a useless bot, even more damaging.
#steemcleaners for life! Nowa days it is very important to reconize phising links and ways how people try to phis you. Rule number one is, you never get something worthy for free. Second rule is, you never get more than you give when somebody promise that.
It is great to make an anti-phishing network, especially in crypto currency and the crypto rush where people find ways to get more and more from the everage joe.
Always think 3 times before you act on crypto guys, stay safe. PEACEE
interesting
NO more phishing on steemit
Phishers are increasing day by day on steemit
My friends account is compromised by phising attacks.
Thanks for @guard it will really helpful in preventing us from phishers.
I’ve had the same thing happen to me. I wrote a guide on how to recover your account https://steemit.com/mapsters/@simplymike/got-hacked-here-s-how-to-get-your-account-and-reputation-score-back (legit link)
I love a bit of proactive spam-phish fighting!
Great job!! This is something we need badly, and you stepped up and got it done!!!
Hopefully this helps stop alot of the phishing hacks
Excellent project and much appreciated!
This is innovative and life saving.
Humanity owes you.
Its really crappy how people do these things. Thank you for what you do.
WARNING! The comment below by @blockchainfiend leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
This is a very good thing. Thank you very much for your help. In most of my posts, many links are done, but I did not click anyone of them because i were new on steemit and I wanted to understand the steemit.
But because of being new on the steemit, I did not know the rules of the steemit, and I made a big mistake
I used to be copyrighted
And the cheetah became active
I have sent him a message on the Steem Chat This is the message:
Hello cheetah bot, i was new and didn't knew that we have to write source of the pictures as i was really new to the steemit. I am little bit weak in english so i didn't understand what you were trying to say, i am really sorry.. Hope you will understand i wouldn't repeat it. Please so stop in commenting now i will write source.
but bot is still active please do something m really worried guys please
Thank you for being proactive in this fishing scam.
https://steemit.com/deutsch/@janisplayer/phishing-die-alte-scriptkiddy-praktik-jetzt-auch-auf-steemit
Can you please delete my flag?
I wrote a phishing warning in this post.
The link was not clickable and it was explicitly warned against clicking on it without security measures.
I have now deleted the link.
You're doing a good job.
I have a link for you or a user I mentioned in my post.
This user posts such links.
He shortens them so they do not report him.
Hey, looks like a team member removed the flag already. Please make sure to read point #1 above; it's impossible to tell if a user is warning or trying to phish, if they are using the link itself!
I like.
You've created a great post.
Steemiant success.!
This @guard comment on one of my post really save me and I immediately flagged that phishing comment.
I got hit by it already today, when posting a psa about a phishing site:))
That was a quick lesson learned:))
But that is a good initiative!
Thanks @anyx for developing this phishing countermeasure!
Your tech already came to our community's aid on a post on my feed yesterday, where it was found in the comment section and readily dispatched.
Thank you for all you do Scott!!!
🤝🤜🤛
Thank you - I'm relieved I came across this in my feed. I haven't been phished yet: your post's increased my self-confidence on this platform.
With people like you steemit would be a safe haven for people like us...thumbs up
Thank you very much my account @steem4depoor was hacked and now all my hope is lost. I have to start all over again and it has not been easy. now my account is @steemgh. hmmmmmmm
Good content and an interesting read. Thank you for sharing.
@anyx, I've written a community database/tooling proposal on the subject, just a few minutes ago, I did not knew, you had already used the name "Guard", so my bad for the name overlap, I'll rename the proposal at your request.
https://busy.org/@hernandev/proposal-steemguard-phishing-and-scam-protection-tools
That's up to you really, the term "guard" is too common to restrict I think. :)
I think it would be polite if you changed the name though, since its early enough in your project, and then you can avoid confusion.
https://steemit.com/adsactly/@louismata/fear-the-heart-heartbleed-steemitschool
I love this idea so much. Thank you for your hard work.
I like all of your stuff because your content type is very educational
FANTASTIC initiative! Thank you!
All most everywhere Phishers have. Thanks for your guard .
wonderful.
Congratulations @anyx, this post is the second most rewarded post (based on pending payouts) in the last 12 hours written by a Hero account holder (accounts that hold between 10 and 100 Mega Vests). The total number of posts by Hero account holders during this period was 373 and the total pending payments to posts in this category was $5419.48. To see the full list of highest paid posts across all accounts categories, click here.
If you do not wish to receive these messages in future, please reply stop to this comment.
nice
very interesting post. thanks for share
Great intuitive, I see too many phishing attempts lately.
Sounds like a good idea to me.
But you didn't mention how guard will work against phishing.
@katteasis, The answer is in pharagraph 3.
@guard will appear in the comment section of a suspected phishing link post to warn the user & flag that phishing link down.
@anyx This is very helpful to minimize these phishing crime. After my old account was hacked, I do love reading more about this anti hack/scam posts. Lol
Voted & resteemed
Hi @joyrobinson
Glad to see your slowly climbing up the ladder again. ;0)
Slowly but surely @simplymike. Thanks! 😀
Great initiative!
I wrote a chrome extension to flag those scam links and highlight external links: https://steemit.com/utopian-io/@quochuy/steemed-phish-v0-0-16-adding-a-tooltip-to-external-links
But @guard will help those who prefer not using extensions or are on other browsers and mobile devices.
oustanding man
kkep it up may god bless you
Oh...Good posting. I very like it.
Are you able to program @guard to "listen" like (at)cheetah does?
For example, there is a comment in https://steemit.com/hyperwaves/@aggroed/hyperwaves-bubbles-and-bitconnect that uses URL shortening. It's be great to ask guard to check it.
Guard won't listen, it checks everything. Cheetah doesn't listen to @cheetah either, same deal.
It's supposed to check through URL shortening, but for some reason that one slipped through. Thanks for the heads up, I'll try and figure out why and fix it.
please do something i request you
thanks you very very muxh
So, if anybody wanna help,or maybe finds a phishing site... contacting @steemcleaners is a way.
Reposted to help boost the message. Thanks for the heads up.
This is awesome! This is a such a wonderful tool that you developed there. This way people will feel more confident when people who are genuine share a link with someone who is legit, like when I link my website to someone who asked for it, you know. Versus people just posting "great post thank you follow back" with a link.
Thank you so much for this. I think it's truly wonderful!
Thank you so much for all that you do to keep this platform safe. I have a couple of friends whose accounts were hacked, and I know it was totally their fault for not paying close enough attention to what they were clicking on, but the fact remains, it's a rotten thing to happen to anyone! I just noticed your new "guard" pop on in a comment section of a post and came here to say thank you!! You have my witness vote for sure ;)
Cheers!
pleas look..warning @rajeeb
have a problem link.click link,after exit steemit..
Added to a few discord promo drop boxes, and to a library/reading room in greetersguild discord so that if questions arise we will know where to turn. Thank you for the work you are doing.
Well done and thank you! I'll have to research this more tomorrow though, for I'm only at my PC briefly this evening. Goodnight!
I hacked my posting key, but I change my password. can you check my account and stop downvote. Deeply thanks for your help