Like many other people I received this attempted phishing message today. It was pretty obvious to me, but a new user might be fooled enough to visit the site that apparently tries to get them to enter their Steemit key. That would give them access to whatever Steem that person holds. You need to be very careful with your active and master keys as they give others full access to your account. With the master key they can lock you out by changing it.
We need some ways to make it clear that the message could be a scam. I think the simplest is to use the account reputation. Showing it would be good, but I think it should be made more obvious when it is potentially a risk. Anyone who has been flagged is likely to be a risk, but a sneaky account would not have any posts, so I think it should have a message in red or something if the reputation is 25 or less. There could be a pop-up to give more information.
Everyone starts at 25 and any posts or comments can easily get that raised. I'm just wondering if they could be sneaky and have an old post that gained some votes before starting their spam. Can flags on an old post affect reputation? Does reputation fade if you don't post? I'm not sure about these.
I've submitted this suggestion to the Steemit Github. That's where developers will look.
It would be possible to detect known suspicious messages, but scammers could use the encryption option to prevent this. I've not received any encrypted transfer messages yet.
There are some protections in place already. The transfer screen indicates if you are sending to a known fake account that is similar to an exchange. I don't know what list it uses for this.
I saw a Github issue has been raised to indicate if you are sending to an account with a negative reputation. Something like that would be good. I think it should show if it's an account you follow too as you are more likely to transfer to those you know.
As there is money at stake Steemit is likely to attract crooks and the average users does not understand the risks. The site should help where it can to prevent fraud.
Any thoughts on this?
I'll buy guitar picks for Steem Dollars
Convert Steem to Bitcoin (and others coins) using Changelly.
If this post is over seven days old you can vote up one of my newer posts to reward me.
Spam comments will be flagged