Protect Your ASS... I Mean Assets

in #steemit7 years ago (edited)

There's a virus going around Steemit and it's not just stealing your password...

Untitled design (3).jpg

I don't like when people tell me what to do. I don't even like when my best friends do it. Dare I say, I don't even like when I'm asked not to do something when I know I have every right to as a grown ass adult.

Call me stubborn or whatever— I'm a Gemini on the Taurus cusp. That means I don't usually give a shit and I'm obstinate about it to boot. Further, I take a certain degree of pride in the fact that I'm a firecracker. I only make noise unless you're handling me wrong while I'm lit, then I'll probably take your fingers with me when I go off. Hey, I don't hide it. You've been warned.

So I was a bit shitty when I got a comment today by the wonderful @simplymike asking me not to hide my links with Google analytics because it's a link shortener.

Hide? B^tch holdup?! (lol)

tee-hee

Of course, my snazzy ass is thinking, "Can't you pick on someone your own size?" Then I realized, "Oh shit, we ARE the same size... doh!" Well, close. Her rep is 56.11 and mine is 52.11— how is this so? I was off Steemit for a whole year so how am I shyly behind her in rep after a month of activity?

It turns out, she was hacked. Hacked bad. I mean, bad bad. The reason she wanted me to ditch the shortener is there's a lot of funky spam accounts going around using short-links and raising hell around here. I knew about that, but I wasn't aware of what happened to her or how bad the Steemit phishing situation has gotten in the past few weeks.

Sigh

Begin tantrum sequence... "I need my analytics!" "I like my analytics!" (...my brain yelling to itself)

And I have a right to use them on the blockchain. Boss up.

Alas, all that being true— I can't be a total douchebag. I should at least consider the appeal because I would want the same if it were my appeal. "Fine," I think... stomping away like an angry toddler.

"Right now I should be posting, commenting, and engaging my readers. I just won a Curie and I left an armful of comments ignored on my post." Blah blah blah.

Why does this disturb me?

I almost got phished a few weeks ago too. I'm just a clever little nerd sometimes so I dodged the bullet. I could have the sentiment that I'm not responsible for people dealing with technologies they're not educated about. Simultaneously, the entire Steemit marketing pitch is kind of shady. It sucked me in too. Look how addicted I am. (smiles)

If I wasn't the benevolent filthy capitalist I am, and if I were not as clever as I am, I would be food here.

That translates to, pretty much all the other planktons and minnows are food here.

Okay sitting ducks, listen up!

I disclaim, I'm not telling you how to live your life or implying that you're an idiot with the following information.

What is Phishing?... In Plain English

Phishing is when a LINK is a BIG LIAR— basically. A link looks safe, but it's not. It could be a link similar to one like Steemit's, or it could be another link that takes you to a site that looks like Steemit or another app— like Steemconnect. Phishing happens on lots of sites as well, so you're never safe unless you're educated: even on Facebook, Twitter, etc.

These sites will usually hook you with a concerning message or huge opportunity.

Then they take all your money, infect you with viruses, and make you look like a fool.

It's sort of like a toxic relationship— except from a web page.

Oh shit! How can I avoid getting phished?

  1. You will be safer if you NEVER login to Steemit with your Owner Key, Master Password, or Active Key unless you are making transactions in your wallet on Steemit or a safe network. Once you've done making said transactions, you would be safer to log out and login again using only your Posting Key.

  2. You will be safer if you NEVER click on a link anywhere on the web — and especially on Steemit — without verifying its safe. If you don't know how to do that, you're safer if you don't click.

  3. Always check the address bar. Then check it again. And again. Make sure the link is spelled right. Make sure the site is using https. Look for the green lock symbol.

But, but, how do I check if a link is safe???

Ah, young grasshopper.

  1. On most computers, you can hover a link to see its destination. It will show up on the bottom left side of your browser. Or you can right-click and copy the link destination, and paste it into a note to read it.

  2. On a smartphone, you can usually copy a link destination and paste it into a note to read it.

  3. On regular mobile, why the hell are you surfing the web on regular mobile? It's 2018. Smdh. I can't help you.


ADVANCED NINJA SKILLS

There's a website you can bookmark for quick link expansion: http://checkshorturl.com

Or doing it manually:

  • If a link is shortened with google shortener, bitly, or steem.link— you can add a + to the end of the URL to open a preview page. For example:

http://steem.link/omitaylor

Just add a + like so...

http://steem.link/omitaylor+

Voila! Now you can see the original url that the shortener is pointing to without visiting it directly. This will give you the needed space to research the link before clicking on it.

  • For tinyurl you would add the preview. before the url

https://tinyurl.com/omitaylor

You would change it to

https://preview.tinyurl.com/omitaylor

You can also do this on MOBILE browsers.

Observe.

Hold down the link for a long time until the options panel pops up. Select copy link.

__.jpg

Paste the link into a note!

If the link is shortened by google, bitly, or steem.link you can check it on mobile also.

Paste the link from your clipboard into your mobile browser address bar, and add a + to the end.

__1.jpg

And boom!

__5.jpg

That's your preview. Now if the link is to Steemit or another safe website, go for it.

You can also do the same on mobile for Tinyurl as I mentioned previously...

__2.jpg

There are many websites that shorten links be these are the most common ones people use. When in doubt, you're safer not to click.

Once you have an original link, if you don't recognize it and don't want to click away you can also scan it.

Google has a tool that will let you check if a link has malware.
http://google.com/safebrowsing/diagnostic?site=YOURLINKHERE

You can also wait, and check the link later from a safer browser— like at home where you (hopefully) have an anti-virus on your computer.

And remember, technology isn't wrong. Link shorteners aren't BAD nor nefarious in nature. They were originally created for link tracking and to make long ugly urls easy to remember. But with every good invention, some dickhead has to come along and abuse it for their own corrupt reasons— and ruin it for everyone. Don't demonize link shorteners. Be educated about technology instead and use these wonderful features for good as there were intended for— and blame misusers for misuse.

OMG! I saw a phishing link! What do I do?

  1. DO NOT DOWNFLAG IT unless you have significant enough voting power to do so.

  2. REPLY to the comment: DO NOT CLICK ^^^ @guard @steemcleaners

  3. Immediately go to https://steemcleaners.org/abuse-report/ and report the link

  4. Head over to Steem Cleaners on Discord (if you have it) and report the link: https://discord.gg/WfBZAaH

  5. Create a NEW comment on the post saying: There is a bad link by NAME below! It has been reported. Do not click! And upvote your comment with the highest vote for visibility. Add a really alarming image to your comment for attention.

Like this...

Or like this...

Make sure the FIRST thing you do is report it BEFORE you go on a warning spree.

As an added bonus, Steem Cleaners will reward you for finding NEW threats.

You can get .001 or more just for reporting. Some people have gotten over 1 SBD for finding new threats.

Steemcleanerss.jpg

It's nice to know that you can be rewarded for your good deeds. Report away!


Bonus: Steemd Phish Plugin

If you use Google Chrome Browser (like I do) on your laptop or regular computer, @quochuy has created a really handy and advanced plugin called Steemd Phish that will help you detect funky urls before you click.

More Info Here

I use this plugin and I vote for @quochuy as a witness. Both I believe to be trustworthy.


Here are some more links about this issue and resolutions to common problems. Spending an hour out of your life to become educated will favor your safety online and on Steemit.

@simplymikeContest to Warn About Phishing Threat

@simplymikeHow to recover after being phished

@anyxIntroducing GUARD Phishing protector bot

@wizardaveHover before you click!

@imbigdeeRecognizing Phishing comments

@simplymikeMass spam-comment eraser script

@arcangeSteemit.com Virus Threat + List of Phishing Alerts


Craving exceptional content and accountable curation? Look no further...

smg100.jpg


Header created in canva from opensource images. Gifs hosted on giphy.

❤️
Are you online every day? Do you use all of your Steem Power?

If you can spare to loan 1 SP while I build up my own,

it will keep this little Minnow swimming.

Delegations are 100% refundable.


If this post is older than 7 days, you can still upvote my latest post. Thank you!


HAVE YOU RESTEEMED YET?

Sort:  

I am glad to see another post helping people avoid, and showing them where to turn when they have a suspicious link. I myself still do not like tiny URL's and even with the tools you showed will never click on one. Yes that means I amy miss out on some cool locations on the web, but I prefer the ugly URL. It shows in the browser, so if people use the full link in proper form to link words I see no need for the tiny URL example your page, people can hover the link and see where it goes. No ugly https style link or unknown destination tiny URL.

Once again thanks for the post warning and helping others.

Addendum:

  • Fixed a few typos. Sorry, I was sleepy when I wrote this. Let me know if you notice any others I may have missed.

  • I'm of the opinion that people have a right to use these link technologies on the blockchain and I'm not for bullying people around. However, I'm also of the opinion that a computer virus is not a person. So, I don't believe it to be over-reaching to report the activities of malicious scripts. They're not people, they're code zombies. Lol.

Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.

Good going madame, phishing on steemit feels like its on its all time hight at the moment how often it is going on.

good suggestions on checking how first!

Thanks for reading. Apparently, it's growing at an unfathomable rate according to Steemcleaners so it's worth getting the word out.

Congratulations @omitaylor, your post has been selected by the @asapers for a resteem and a feature in our brand new curation post. Issue 37

What does this mean for you? Well first an upvote from some members of the team, we are no @curie or @ocd but who is going to be unhappy with some extra upvotes. Also each post featured in the article will receive a 10% share of the SBD generated from the curation post.

Keep up the great work and please consider supporting the @asapers with an upvote and/or a resteem on the post you feature in. Please wait seven days for payout.

Your friendly @asapers

Giving back A.S.A.P

Read Me ASAP.png

Holy cow!!! Thank you!!! I will resteem right away! Thank you SO much!

Do what you love @omitaylor the Tigress
Don't worry about wolves!!
People usually has tendency to pull successful person down!
Also, thanks for raising awareness and suggesting tool for phishing links!!

Thank you my friend. Most are well intended. Some are right, I admit. Some are just trolling. Idk. I'm doing my best. Can't make everyone happy but keeping me happy seems to be working for everyone else too, so it's all good. Thanks for reading and for supporting me.

Congratulations! Your post has been selected as a daily Steemit truffle! It is listed on rank 14 of all contributions awarded today. You can find the TOP DAILY TRUFFLE PICKS HERE.

I upvoted your contribution because to my mind your post is at least 21 SBD worth and should receive 99 votes. It's now up to the lovely Steemit community to make this come true.

I am TrufflePig, an Artificial Intelligence Bot that helps minnows and content curators using Machine Learning. If you are curious how I select content, you can find an explanation here!

Have a nice day and sincerely yours,
trufflepig
TrufflePig

Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.

Good job. Very informative and very entertaining! @omitaylor

  • I did not know how to check the actual link of shortened urls. Thanks for that heads up!!!

My pleasure Wizard dave!

Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.

I’m very happy I was able to trigger you firecracker ass into writing such a valuable educational/informational post.

I don’t like people to tell me what to do either. But I had to learn that sometimes they had a point, and that I had to take that point into consideration when I made my decisions (not fun)

Anyway, I’m planning on making a DBook with information on how to protect yourself, so the information won’t be buried in the dungeons of SteemIt and we have to write awareness posts over and over again.
I still need to figure out how the DBooks site exactly works, but I think this information about link shortneners is important to add.
I’ll get back to you soon

You made a valid point with a reasonable argument. I'm no crusader but I thought it through completely and you're right; malicious scripts aren't people. Script activities have no inherent rights of their own. I don't believe it is over-reaching to downvote viral comments.

And anyone has a right to use their stake to downvote the human accounts planting the initial viral seeds on the blockchain. It's not really my war, but I understand why no-one would value content containing destructive code.

I've decided to refrain from using analytics for now. I'd like to try to track down the owner of http://steem.link and see if they are still actively maintaining the project. If not, perhaps someone can take it over. Either way, I'd like to see Steem.link work with Steemcleaners, Guard, Quochuy, and others on sharing a universal blacklist. That way Steem.link could be used to shorten benign links. I don't see why they can't scan links before they shorten them.

I also think it would be a good idea to compile a list of reasonably safe Steem sites. I believe Busy, Steemconnect, Steembottracker, Dlive and many others are all as safe as Steemit to login to with an Active key for the sake of transactions. It may be worthwhile for a small group to be formed to verify a list of safe Steem websites. Steem projects, Steem tools, and Utopia are all directories that could easily feature a verified badge. And not saying other tools should not exist, or unverified accounts either— I'm for choice anonymity. However, I think for those willing to volunteer to be verified and provide extra information for the trust and safety of others would only benefit (in traffic) from participating in such a verification program.

I don't know what Dbook is. Let me know.

The Wiki is also a good place where such information could be compiled. While the Wiki is editable by anyone, it's peer reviewed I believe. And they pay rewards for updates. There is no Wiki page under Phishing.

https://steemit.com/steem-project/@seablue/steemcenter-wiki-the-wiki-for-steemians-posted-from-chainbb

What do you think?

Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.

Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.

I think you have a point there, about implementing some kind of safety label. Because I’m aware of the fact that the message I’m spreading could lead to paranoia against a lot of sites that are actually safe to use...

I did hear about the wiki before, but haven’t taken the time to check it out. I will. If there’s indeed nothing about phishing on there, it definitely needs some updating...

I wouldn't mind (as time permits) adding what techy stuff I know about phishing to the wiki. I don't know yet how to make pages on the wiki yet. It would literally take a day for me to learn how to wiki. Lol! The dbook idea is good too. Or both. Can't hurt to get the info out there.

I guess the bot stopped.

Well written article. Thanks for contributing to raising awareness of this plague!

My pleasure. @simplymike had a reasonable appeal. And I support your plugin. It rocks. Thanks for your work as a witness. I'll be mentioning you and your contributions in a future article. :)

Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.

In all my years on the World Wide Web this is the first time hearing about the + sign at the end of a url. It deserves its place in some Life Hack top 10. 😎