WHAT IS PHISHING AND HOW TO AVOID IT?
Good afternoon steemians, for the past few weeks we heard lots of cases about steemit account being hacked and hundreds of SBD being ransack. It is so alarming and quite terrifying because I know the tedious work you did just to earn those SBD and STEEM. Indeed many people are trying to have money in an easy way with the expense of others.
Today I want to give some information about
- WHAT IS PHISHING?
- DIFFERENT KINDS OF PHISHING TECHNIQUES
- DIFFERENT KINDS OF PHISHING TOOLS
- HOW HACKER ATTACKS STEEMIT PLATFORM? - SOLUTION TO AVOID IT
- HOW TO AVOID PHISHING SCAMS
- WHAT SHOULD WE DO WHEN WE EXPERIENCE STEEMIT PHISHING
- STORY OF HACKED STEEMIANS - WE CAN LEARN FROM THEM
WHAT IS PHISHING?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
“Phishing” is when criminals use email, phone and online scams to purposefully and maliciously trick people into sharing information such as passwords, Social Security numbers, account and credit card details and even your mother’s maiden name! Phishing is Fraud and it is a crime.
Phishing attacks are "techniques" used by cyberciminals to entice users into revealing sensitive information or installing malware by way of electronic communication.
According to a Federal Trade Commission report, Information Theft is the fastest growing crime in the United States. It occurs once every 79 seconds on average. In 2005, the cost to consumers was in excess of $5,000,000,000, while the cost to businesses was in excess of $47,000,000,000. The average consumer loss from a phishing attack is $1200.
According to a Symantec presentation, 1 out of every 125 emails sent is a phishing attack. In 2005, phishing attacks rose by 90%.
There are three different kind of phishing techniques being used by persistent hacker.
DIFFERENT KINDS OF PHISHING TECHNIQUES
1 . MASS-SCALE PHISHING - Attack where fraudsters cast a wide net of attacks that aren't highly targeted. This is the most common type of phishing attack.
2 . SPEAR PHISHING - Tailored to a specific victim or group of victims using personal details. Highly targeted type of phishing attack.
Source Image
3 . WHALING - Specialized type of spear phishing that targets a big victim within a company, example CEO, CFO or other executive. The high level phishing attack.
DIFFERENT KINDS OF PHISHING TOOLS
1 . EMAIL PHISHING - Fraudsters send phony emails that appear to come from valid sources in an attempt to trick users into revealing personal and financial information.
Solution - If you have nothing to do with "doubtful" email better not to open any attachment or reply to those kind of sender.
2 . VISHING - short for "voice phishing", vishers use the telephone to solicit unsuspecting victims for financial or personal details. Vishers usually use the "time pressure" method wherein they will lead you into thinking that your money are in danger if you didn't change your password and they are the correct person to manage your finances to avoid those "danger". Sometimes they introduce themselves as bank agent, government employee, police etc.
Solution - Never ever give your personal information to the caller and always verify their identity first. Keep calm and relax to avoid mental block and caller's pressure.
3 . SMISHING - SMS messaging attacks where fraudsters send phony texts in an attempt to con you into divulging private information or infecting your phone with malware. In the Philippines, many SMihsers use text messages that the user of a particular number won 500,000 pesos and they need can claim it by sending them first promo tax, attorney's fee etc.
Solution - If you think that you don't even join any contest disregard those messages. If you really won a prize they should call and give you all the information you need and not the information you have.
4 . SOCIAL MEDIA PHISHING - Cybercriminals use your social media as a channel to carry out phishing attacks aimed at stealing personal information or spreading malware. Some attacks are even used to hijack your accounts such us facebook, instagram, twitter or steemit account.
Solution - Never ever give your personal information, keep it as much as possible.
HOW HACKER ATTACKS STEEMIT PLATFORM?
I consolidated some possible hacking strategy that are now spreading in steemit platform.
1 . COMMENTING TO THE POST - some of steemit hackers are using a low but sometimes high reputation account and leaving few comments with "links" in your post or others post. The objective of leaving their phishing link is for you to interact and click those links and through that way they have chance to take your private information. They are using different language, low reputation, very alarming comment so that your adrenalin rush will increase and it will push you to click the bait.
Example A
Example B
Sometimes they are using different language to mislead you to click the link, if you notice the reputation of the account is (0) for what reason? I really don't know. The example number 1 is one comment in my post I give caution to those who commented in my post to not click the link, am I sure that it is a phishing link? No, but it is good to be cautious than to regret at the end. Let's be aware of those kind of phishing schemes.
SOLUTION - Never interact with some comments who are giving you some links that are not related to your post, or words that has hidden links. Never click, think before you click.
2 . DLIVE, ESTEEM, DTUBE APPLICATION - Some hackers are unstoppable in exploiting resources that are not theirs. They proceed to their next level using cell phone application like Dtube, some steemians download this apps and it will require you to input your master key and once you input your master key that's the time they will hack your account.
SOLUTION - Try to read the review first before downloading a specific application so that you'll have an idea of how it works.
3 . URL IMITATION - A phishing website (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate website. You could even land on a phishing site by mistyping a URL (web address)
Example 1 - steewit.com - It is a phishing site. It seems legit but if you check the security of the site it is not secured. It will ask you your login details. Be careful guys, it is so misleading.
Solution - Always check the URL if it spelled correctly - "steemit.com" no space, no different character, etc.
4 . EMAIL NOTIFICATION - Most of the time they will send you an email notification telling you that your steemit account are compromised and they will give you this feeling of urgency so that you'll give them your password.
Example 1
NOTICE! We have detected unusual or unauthorized activity in your account. Your account may have been hacked or otherwise compromised. As a precautionary measure we have secured your funds. We have frozen all funds in your account for your protection. There has been a breach of Steemit Security and several accounts have been blocked. No further transactions will be permitted in this account pending further investigation. Your funds are safe and secure and will be held in our trust account for 30 days pending return of these funds to you. In the event of any loss your account balances are guaranteed and secured by Steemit. We will notify you when we have completed our investigation. Please provide us with your email address and contact us regarding verification of your account. You will be required to provide certified copies of Government Identification Documents for account verification when claiming the return of your funds. Our email address is: [email protected]. Thank you for your patience. Please contact Account Security at:
HOW TO AVOID PHISHING SCAMS
1 . Know the phishing techniques - read and study how do the phishing works so that you can avoid it.
2 . Always think before you click - don't be hooked to those sugar coated words that could still your data and money.
3 . Always check and verify the URL - always double or triple check if you are using the correct web site.
4 . Be Wary of Pop-Ups - pop ups are another way of enticing you to get your details.
5 . Never Give Out Personal Information - never ever give your personal information to anyone.
WHAT SHOULD WE DO WHEN WE EXPERIENCE STEEMIT PHISHING
If your account was compromised, go to https://steemit.com/recover_account_step_1 and recover immediately.
WE CAN LEARN FROM THEM, Please read their post and we can learn a very important lesson from them
NOTE: IF YOU SEE SOME KIND OF PHISHING STRATEGY OR ANOMALOUS COMMENT OR LINK FEEL FREE TO COMMENT ON BELOW SO THAT WE CAN CONSOLIDATE ALL THE DIFFERENT FORMS OF THEIR HACKING TECHNIQUES AND MAKE OUR FRIENDS AWARE OF IT.
Follow me on Facebook
Follow me on Instagram
Congratulations Ohana! Your post has been featured to Steemit Family Ph Daily Featured posts 68th edition. Keep being awesome! :)
Thanks @steemitfamilyph, it's my fifth time to be featured by this awesome family. Thanks a lot.
Wow! Very informative post right here!!
I nominated this post to be featured for our 68th Daily Steemit Family Ph Featured Posts. Goodluck! :)
Thank you @itsjessamae, thanks for nomination. Hope it could help a lot.
This one is really timely especially a lot of folks are being scammed in the internet.
A constant awareness drive is a must! Especially for the newbies.
Thanks @tpkidkai
Very timely and informative, this post will surely help those people who are "not aware" that "Phishing" do exist in Steemit.
Thanks kaps!
upvote and resteem
Woooow thanks @albertvhons, i really appreciate your resteem and upvote
very good post and thanks for share it with us ... Need more this kind of post
Thanks @shakibul