Since it's launch 6 months ago, @plentyofphish intercepted hundreds of phished and hacker accounts.
A. Phishing/phished accounts
B. Hacking/hacked accounts
C. Suspicious transactions indicating A or B
@plentyofphish is a flag/upvote account: it flags phished and hacked accounts but can also upvote victims to help them restore a bit of reputation. It's upvotes are reserved for cases of need and are given as resources allow.
Readme Document for more information.
The following individuals have the posting keys to @plentyofphish. Four of them are from the
@steemcleaners team and two are independent abuse hunters.
@bullionstackers (lead user)
@guiltyparties (+ master password)
@pjau
@logic
@arcange
@patrice
https://github.com/gryter/plentyofphish
The @plentyofphish repository ensures there is a centralized point of contact. It will also give support for all individuals who fall victim to phishing.
The @plentyofphish repository and project now has a brand new website:
Why 'pofpofpof'? It's actually 'pofp pofp pof(p cut off)' to play on the repetitive nature of phishing. It's also easy to remember.
As you can see, the majority of the accounts that are compromised are never recovered. Most are abandoned by the victims who lost everything.
The official list of accounts that are either infected, spawned or irreversibly controlled. It is stored online (on-chain and off-chain) and offline.
Manipulation of the list is impossible.
This is a screenshot of the Excel list.
If you recovered your account but we didn't catch it, let us know in the comments below or on the Steemcleaners Discord.
Same as above.
Several guides were added to the repository to provide helpful information. Below are two of the newest guides. Additional guides can be found at the Repository.
This is how most users become victimized.
Many users click on phishing links that lead to look-alike websites that trick them to input their master password.
This is a screenshot of one of the fake websites the hackers made earlier on.
The second most common way to lose control over one's account is by accidentally copy/pasting the master password in a memo or in a post. Hackers run "scrapers" that stream the blockchain looking for these accidental reveals.
In several cases, hackers targetted specific individuals, tricking them in chat into clicking on phishing links or otherwise revealing their master password or keys.
At least one user had their home computer compromised in search of their master password. The best way to remedy this sort of attack is to keep your master password in an encrypted container and backed up offline.
There are numerous cases of users downloading mobile apps from varous appstores that may look legitimate but are actually phishing.
Accounts can be "recovered" after a password change within 30 days of the change. After 30 days have passed, the new password becomes permanent and irreveribly applied to the account.
The "recovery account" or "trustee account" is the account that has been set in the Steem blockchain to act as an administrator of your account. Typically, it is the account that was used to create your account. All accounts must be created by other accounts.
If you signed up through the Steemit.com website, your recovery account is @steem. You can check your recovery account by going to https://steemd.com/@yourusernamehere and searching for "Recovery account" on the left-hand side.
Each account creation service has its own recovery request form and is solely responsible for recovering the account. Steemit Inc has no way of conducting password recoveries of accounts made through 3rd party services.
There are three main things that hackers do to keep control of the Steem wallets and their funds.
If your trustee account has been changed, the password recovery procedure can still be initiated through your old trustee account. Trustee account changes take 30 days to become permanent. Watch for trustee account changes in Steemd and ask for help immediately after spotting them.
You may still have control of your account but your active key has been compromised and altered. One tool to revoke the active authority is https://thenoblebot.herokuapp.com.
A changed vesting route above is routing a victim's power down straight into the hacker's account.
The vesting route controls what account your account powers down into. Hackers often set it to their own accounts while they have control of their victims' accounts. The vesting route may be revoked to default using eSteem and Vessel.
Website: https://www.pofpofpof.com
GitHub Repo - Hacked List: https://github.com/gryter/plentyofphish/blob/master/phishing.txt
GitHub Repo - Guides: https://github.com/gryter/plentyofphish/tree/master/guides
Steemcleaners Discord: https://discord.gg/kZ56egV
Like what we're doing? Support us as a Witness.Go to https://steemit.com/~witnessesSelect or type in guiltypartiesClick VOTE if typed in |