Components
- A small tweak on the Steemit login page
Proposal
- Add a text in red to warn of potential Phishing attempts.
Mockups / Examples
Benefits
- New users will become more aware of the risks from the start and every login screen.
- It will also serve as a reminder at each login to check the URL.
- Because it is in red, it is more likely that it will be noticed if missing.
- Phishing sites are very unlikely to add the text which gives users a chance to 'notice something off'.
Since nothing seems to be getting done due to censorship concerns, we should be tweaking every bit of the UI to serve as education and reminders for all users to be additionally careful when going off site and especially when logging-in.
There are many ways to at least limit the damage of phishing scam attempts without encroaching on censorship issues and protecting users should be part of the community's responsibility. The UI is an easy place to adjust for improved security behaviours.
Taraz
[ a Steemit/Utopian.io original ]
Posted on Utopian.io - Rewarding Open Source Contributors
Thanks for sharing the world about the ongoing scams. I've got us browser extensions made to prevent this kind of attacks. Steemed Phish works 10/10 and I got a warning as soon as I opened the phish.
[ Powered by Steem ] Browser extension to prevent phishing scam attempts
Help us spread the word as far as you can!
Thank you for the contribution. It has been approved.
You can contact us on Discord.
[utopian-moderator]
I do hope that the developers get to take note of this and implement it. I know it will not solve all the phishing problem as some people will not still look at it even if it's in 16+ foot size. But there are those who will take this warning serious and to them, this suggestion will make all the difference.
It doesn't take much to at least save some.
I like how binance.com adds a warning on their login box:
If you simply tell users to check the URL, some will still screw it up. Binance tells you explicitly what URL to check.
Yes, it doesn't take much. Sure, some people will still fall victim but perhaps significantly less.
This is a great suggestion. It will be extremely helpful for the new users who still can't find their way around Steemit. There are too many similar websites, some are safe, some are not. I can't know it unless I find something about phishing like in this post.
It's not really just a Steemit problem, it's a browser problem. For a while I've been saying that it would be nice to have webpages go through a verification process so when you go to that page, it actually tells you you're on... say, Steemit.com. On the left end of the browser address bar, before the address, it would tell you if the site had been confirmed and what that site was. This may already exist, but I haven't really seen it.
would be interesting to know of there is an app that could store important addresses/bookmarked addresses and do this check.
If you "google" something, it will tell you next to the link that you've visited the site before and when that visit occurred. If it's a new site though, there's nothing you can do (that I know of). Anti-virus, I guess.
Would you consider putting a fake link into your messages...something which is tempting to noobs, and re-directs them to a short message about protecting their account?
that would be interesting but may just add to the issue.
Yes, I think this is the most important thing. Also, a member doesn't need to be a new user to make this sort of a mistake. We all make mistakes when we are tired, sleepy or when we don't pay attention.
yes, so having a reminder might create a habit to always check the URL which could save a tired mind.
Yeah, lately it was too many phishing attacks and stolen profiles.
Also, they should make those letters either bold or bigger, so user notice them easier.
Red letters are ok, but what if a person can't see well, or can't recognize colors. Would not be better if there is checkbox.
The little box which you have to check and then get inside? I am fast clicker so even red color might not be enough for some people.
The purpose of those boxes is to keep bots away. This is another type of issue we are talking about
I am thinking of something else too but this is for a quick change.
it is super important that at least some precautions are taken, this situation is getting worse every day, I have seen a lot of messages with unreliable links, it is important to alert
Nice post @tarazkp I love the photo nice information post nice photo
I mean, this seems extremely simple. Absolutely truly simple. And I really think this could help a bunch of new users to avoid being phised.
Really.
It's about small details and reminding people to notice them. I hope this will be implemented.
Yes, I think that with enough small tweaks, a lot of the problems can be avoided. At least, it doesn't take much effort to try simple before looking to add a great deal of complexity.
For new users it's very helpful.
This is a good suggestion. It would draw attention to possible security breaches.
Hey @tarazkp I am @utopian-io. I have just upvoted you!
Achievements
Suggestions
Get Noticed!
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x
You shared a great post ... I learned something new from your post ... waiting for your next post ... Thanks
please stop commenting this nonsense. You are adding to the problem.
Very informative post from you. Thanks