🚽I Don't Know If This Is An Informative Phishing Awareness Post Or Just A Wall Of Text🚽
Today let's learn about different phishing techniques, specific to Steemit.
Many of you know what phishing is. If you don't...the most basic explanation I can give for phishing is the practice of misrepresenting oneself through email, a web link, or identity misrepresentation with the goal of getting the unexpected user to unexpectedly give some sort of important information... it could be your web login with password to a site, your social security number, address, and even password reset questions.
Some hackers will build a profile with the gathered info and eventually have enough info to open credit accounts in your name using different pieces of gathered intel.
Ok...So now let's move on to Steemit.
There have been many accounts hacked recently on Steemit because of phishing links on the platform. This came to my attention because one of the military veteran witnesses(@guiltyparties) has been helping @steemcleaners identify compromised accounts and help to reset passwords of those accounts(among other things).
Without Further Ado...Let's identify some phishing techniques on Steemit so you have an idea of what to look for and be more vigilant with your account.
First, I noticed Steemit has changed the color of external links that have been embedded as steemit. com.
For example:
This is a link that is supposed to land you back on steemit...https://steemit.com...see how it is green?
This is a link presented as a steemit link but directs you to another site:
Mardown Code- [https://steemit.com](www.googledotcom)
Output: 
...See what steemit has done? The presented site is placed first and the embedded link is placed second, both in red. Pretty Nifty.
So, this got me thinking....What about sites linked to the Steemit Blockchain? For example...d live., d.mania, d.tube, and parley?
D.Mania
This is how a regular dmania.lol post would look from Steemit. All the links are green. Looks Real Nice.
This is what the code would look like. I do believe this is html.
<a href="https://dmania.lol/post/wolf-dawg/this-post-is-for-a-phishing-link-article-i-cant-decline-payout-on-dmania-please-do-not-downvote-zg1hbmlh-l4ifd">
<img src="https://s3-eu-west-1.amazonaws.com/dmania-images/hate-on-crypto-8pl1bmn.jpg">
</a>
<h3><a href="https://dmania.lol/post/wolf-dawg/this-post-is-for-a-phishing-link-article-i-cant-decline-payout-on-dmania-please-do-not-downvote-zg1hbmlh-l4ifd">View post on dMania</a></h3>
<a href="https://dmania.lol">
<img src="https://dmania.lol/assets/img/dmania_steemit_post.png">
</a>
</center>
Let's change it up a little bit(changes in yellow)
Below Will Be The Output that would be presented on a Steemit D.Mania post. BEWARE ALL PICTURES AND LINKS GO TO YOUTUBE CAT VIDEOS! But what if this was a post that directed you to a DMania fishing site? Are you familiar enough with D.Mania to know the regular sign-in process? The site uses uses steem connect btw.
Parley.io
Ok. I got a little ahead of myself... Below is what the code should look like for Parley.io. If you noticed I have already changed two of the embedded links to a youtube video. But I am sure you get the idea.
<center></center>
<center><h1> [View on Parley](https://www.youtube(dot)com/watch?v=xGgk1sYY3GI) </h1></center>
<h1>What is Parley?</h1>
Parley is a Steem-based Reddit competitor that allows users to submit links and curate news they find around the web in order to promote discussion on the Steem platform. [Read more](https://www.youtubedotcom/watch?v=xGgk1sYY3GI)
Below is what you would see on Steemit. Links are green. Looks pretty good, right? Sure, if you want to go to a youtube video with boni fides in the top 100 most annoying sounds on Earth.
If you are not familiar with Parley.io, the site asks for your posting key without any use of Steemconnect.
Someone having only your posting key may not seem like a huge deal but what if someone used that posting key to impersonate you? The phisher person makes an awesome post on your account about some fabulous product or service. Other Steemians believe it's you and make credit card purchases at a fraudulent site to try this awesome product your impersonator recommended.
That would suck...I think there is a term for that somewhere...
D.Live
Dlive is interesting. It does use Steemconnect to log in.
I'll give suggestions at the bottom of how to avoid phishing but I need to dive into this for a moment. Most know by now when using steemconnect to check for the site address.
https://v2.steemconnect.com or https://steemconnect.com/
Most phishers understand that users are paying close attention to the proper steemconnect address.
But what if someone created a site that looked exactly like the screenshot above where the steemconnect link leads to the correct destination and the only the other sign up processes are to phishing sites targeted at the other three accounts? Would you know the correct login web address for those other logins?
At this point it is redundant to show the code because I think you get the point. I will, however, give you the changed output.
These links lead to a "How to avoid phishing" article. If you notice I changed my account name to a link. It still shows up green BUT Steemit has inserted the "will take you away from Steemit.com" warning. Wanted to make you aware of the difference.
D.Tube
D.Tube has a multi-option login like D.Live.
This would be a good opportunity for someone phishing to try and obtain your posting key if you are someone who chooses not use Steemconnect. Once again I will not input the code But I will the output.
So we've established DTube. DMania. Dlive, and Parley posts on steemit allow for embedding of external links that do not go to their intended sites. This needs to be pointed out because so many are used to clicking on those links to go to these popular Steemit connected sites. * I haven't tried any other sites, but I'm sure the ability is there to accomplish what I have with the aforementioned posts.
We'll discuss @steemcleaners', @guard further down.
Some other phishing schemes to remember. Does anyone remember the unicode Binance phishing site?
It seems steemit has disabled unicode. I've tried many variations that are unowned and each of the links end up looking like the one below. Even if there is a Unicode character that would work for this type of scheme, the "This link will take you away from Steemit.com" logo would be present.
It's a phishing scheme to be aware of especially when you accessing steemit via a third party site or link.
Some other phishing scams involving steemit(real links to real stories):
Fake D.Tube App
Clone Phishing Accounts AKA Hi I'm @lxikon082!
Using Steemians Personalities As Trust
Fake phishing site, for example...We have a new Steem Site that uses Steem Connect. This specific post highlights a phishing site WITH a fake SteemConnect login
I've not read a story about it but I know the Steemit community uses telegram and discord. Beware of fake telegram and discord names promoting steemit contests and stories.
A TIP...hover your mouse on the link and look to the bottom left hand corner of your screen and it will show the link's landing URL.
Chrome:
Brave:
Internet Explorer:
In the middle of writing this I discover something interesting to be aware of....
D.live
The D.live Saga
Ok. So...I wanted to see what D.Live looks like with links. I do believe all links appear as **plain text. This does not stop copy and pasting into the browser and you can see the difference in links is not very noticeable. The middle link is the only legit one.
Then we have @fnryask. I saw he had a live test feed and I wanted to see how links appear in chat. Below is our story:-)
So be aware of plain text links given in d.tube.
The @guard phishing link bot
Is a bot created through @steemcleaners for the purpose of identifying phishing links. The phishing link will be flagged and a message identifying the suspected link to the community. I write suspected because bots are not perfect.
This will help alleviate the threat but it won't eliminate it. There is also the battle of time How long does it take the bot to identify phishing links?
This is why it is still beholden to you to be vigilant of phishing links and I hope these examples and tips throughout the post will help you.
IF YOU HAVE MADE IT THIS FAR. GIVE YOURSELF A PAT ON THE BACK.
</centerCredits:
Top picure, fishing-lures.org
Screen shots from these sites(in no particular order): dmania.lol, d.tube, dlive.io, and parley.io
"Big Balls" Picture: Pixabay.com
Veterans Logo designed by @gultyparties and for fellow Veterans Use.
DISCLAIMER: dropahead Curation Team does not necessarily share opinions expressed in this article, but find author's effort and/or contribution deserves better reward and visibility.
to maximize your curation rewards!
with SteemConnect
12.5SP, 25SP, 50SP, 100SP, 250SP, 500SP, 1000SP
Do the above and we'll have more STEEM POWER to give YOU bigger rewards next time!
News from dropahead: How to give back to the dropahead Project in 15 seconds or less
Quality review by the dropahead Curation Team
According to our quality standards(1), your publication has reached an score of 85%.
Well said Gabriel García Marquez: "You learn to write by writing" Keep trying, you will soon achieve excellence!
(1) dropahead Witness' quality standards:
- Graphic relation to the text (Choice of images according to the text)
- Order and coherence
- Style and uniqueness (Personal touch, logic, complexity, what makes it interesting and easy to understand for the reader)
- Images source and their usage license
Hey @lexikon082,
Your post "🚽I Don't Know If This Is An Informative Phishing Awareness Post Or Just A Wall Of Text🚽" hast just been resteemed !!!.🙂🙂🙂
I've done this for following me..
🙃😝🙃 Thank you for using our FREE Resteem Service @tow-heed🙂🙂🙂
(you hear an engine rev and horn honk)
MEEP! MEEP!
(the window on the humvee rolls down to reveal a warm smiling face)
"Hello! I'm @shadow3scalpel and with the help of my protege, @chairborne, we are actively assisting veterans, retirees and active servicemen and women here on Steemit. We feel it is our 'duty' to support each other. Any questions or comments you may have, simply respond to this comment, thank you!"
(the window rolls up and the engine roars as it drives to the next person on the list)
Comment by @killerwhale. This is a opt-in bot.
Nice Post nice work Good Job
Leaving comments asking for votes, follows, or other self promotional messages could be seen as spam.
Your Reputation Could be a Tasty Snack with the Wrong Comment!
Thank You! ⚜
Thank you.
Tons of information here. Thanks for taking the time to post it.
you are welcome
you very great because your posts very good, I love like you.
Please Stop
In your your last 100 comments you used 55 phrases considered to be spam and you made this exact same comment 1 times. You've received 0 flags and you may see more on comments like these. These comments are the reason why your Steem Sincerity API classification scores are Spam: 52.70% and Bot: 4.90%
Please stop making comments like this and read the ways to avoid @pleasestop and earn the support of the community.
Good to see you still out there @lexikon082 . Great post!
Hi @steemitqa. Nice to see you too! Thank you.
This is really educative. One ought to be careful cos hackers are on the rise in steemit currently