Phishing Messages + FAQ

in phishing •  last year

If you received this message from me it's because your account was compromised at some point or is still compromised. If you've recovered ownership since then, please let me know.

Currently there are 247 accounts on the compromised/recovered/spawned phishing list. The total of accounts that were restored prior to the list being made puts it well over 300.

Phishing FAQ

Q: How do I avoid being a victim?
A: Don't click on random links or trust websites that ask you for your keys/password unless you're 100% they're legitimate.

Q: What about mobile apps?
A: There are many phishing mobile apps out there. Don't install them unless you've verified them and don't put in your password.

Q: How do I keep my money safe?
A: Use your private posting key and don't trust anything that asks for your password.

Q: What do I do if hackers use my account to spam but I can still log in?
A: Change your password if you start seeing strange comments.

Q: What do I do if my money was moved to someone but I didn't move it myself?
A: Change your password immediately.

Q: How do I avoid phishing?
A: Don't trust comments and messages that promise you easy money -- there is no such thing. You wanting it to be true won't make it true.

Q: My follower asked me to click on a link, should I?
A: Don't click on things just because someone told you to.

Q: How do I speed up my account restoration?
A: Use the email address you signed up with when you do the account restoration.

Q: Should I wait to fill out the Stolen Account Recovery form?
A: No. Restore your account immediately after being locked out -- it can take well over 24 hours.

Q: Should I delete all the comments the hackers posted?
A: Don't delete flagged comments -- just edit them to change the text.

Q: I deleted the comments, can you take the flags off?
A: No. Remember that deleted comments can't be unflagged.

Q: How can I help fight phishing?
A: Tell your friends/family to be careful of phishing links and make a warning post to warn your followers.

Q: How do I get back the SBD/STEEM the hackers stole?
A: Stolen money can't be returned.

Like what we're doing? Support us as a Witness.
Go to
At the bottom, type in guiltyparties
Click VOTE

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you, dear @guiltyparties, you have the spirit of martial arts and you are fighting phishing. this is a very useful post. with this post I hope all users are more careful with phishing comments.
you are great. Thank you

Thanks man, I try to keep on top of things it's one of the reasons I won't use the botting services.
I just wish more people would follow me over here and we could roll together.
Problem is most of my people don't realize allot of what you read on-line is a lie.

It's sad that people work so hard on steemit and one false click can ruin them and their account as well as drain their SBD/steem.

I have seen so many people fall victim to these scammers.

Good work, team.

Thanks for the heads up. I plan to resteem this asap.

My favorite line: "Don't click on things just because somebody told you to." It's a brave new world, and we have to think for ourselves.

Thanks to @josephsavage, this post was resteemed and highlighted in today's edition of The Daily Sneak.

Thank you for your efforts to create quality content!

my account hi heck by unknown people can be taken back do not please help


Change your password.

Thanks a lot for the explanation! Sheds a bit of light. I just commented on @simplymike's post that I still have a hard time understanding the exact use of the various keys.

How do I keep my money safe?
A: Use your private posting key and don't trust anything that asks for your password.

I still don't get how (where) to use the Private Posting Key. I use chrome and my account is always logged in except if I clean the browsing data. So I am never asked to use the Private Posting Key... hence my confusion...

Thank you!


It could be that your browser saved your password the first time you logged in. This would mean you log in with your master password every time. Just to be sure, I would clean my browser data, and then use the private posting key to log in, so that one can be saved. You should keep your master password somewhere safe and use it only to change your keys (which is like never - lol)

Once logged in with your private posting key, you will be asked to log in with your private active key every time you send money to someone.


According to chrome, no password was saved. But I read somewhere that this is not the way Steemit keeps being logged in. I can imagine it's more with a cookie or something else..

Thanks again for taking the time to answer @simplymike!


Just clear your cookies and cache of your browser. I think that should do it

Thanks for the reminder! Just changed my pw just in case.

Hi @guiltyparties,

Thanks man for shared this post,This is very useful for all steemit users, if you allow me, I will make a similar post in Indonesian, this is useful for helping our common friends about hacking, perhaps by reading in Indonesian, they will understand it. do you allow it? Thank you!




Didn't see your comment. Go ahead and feel free to translate any of my posts at any time.


Well, thanks for your attention and permission.

Some tips from me:
1.Remember to check if a frontend site uses https.

  1. Only use well known trusted steem frontends: e.g or
  2. Make sure the computer you are using is free from malware and keyloggers
  3. Dont store your steemit password on your google account with chrome. Somebody just needs to compromise your google account to get your steem password.
  4. Don't just click on a link if it is a shortened url. Find out where it redirects to with this site:

I second what @guiltyparties is saying. Do NOT wait if you think your account might be compromised. Go on through with the stolen recovery asap. It saved my account and i didn't wait at all

my cousins account was hacked, he has been able to retrieve it back, however, his stats have gone all the way down to zero and his posts not visible due to low rations, how can he revive it back?
i saw this message from you on his wallet (transaction history) that is why i am asking.
this is his account


He has to make a post and we'll help get it upvoted. His account was used by the hackers and flagged too many days ago for the flags to be lifted but with community support the reputation can regrow again.


he made one already, thank u so much. this am sure will be very helpful.
heres a link to his first post after the hack.


Thanks, I just saw and upvoted and will pass that link around now. Edit: If he makes another post with 'rewards declined' it would be best. That'd encourage votes from users to purely boost the reputation.


noted, will advise him to do so.

"Good luck!" is hilarious.
A great test for people's intuition. No official message will ever wish you good luck recovering something from them ahahaha.


It's luck whether all of their money get stolen, their account is used to post phishing links or how long it takes them to get it back. The other day someone got lucky and they only used the account to cast a few votes. Someone else had to walk away from an account. All lady luck.

Very useful information. I’m going to link to this post in my footer, so it won’t disappear into the dungeons of SteemIt.

I’m about to run a contest to get people to warn others about the phishing scal. This will be a great resource for them.

Very interesting friends