I WAS HACKED! I'm not a spammer!
Hi everyone. Earlier this morning I received a comment on my post about Evie, A Day in the Life of My Toddler. Here's the screenshot of the comment:
I admit, I'm still a newb, and I liked the thought that my cute little post had made it to the trending page. So, naively, I clicked the link. I later noticed that I wasn't logged into Steem. My husband and I are at the library because we are out of power due to some heavy wind storms we had this morning. I thought it was just because we haven't been to the library in a while and my computer didn't recognize the network. So, I logged in, using my master key.
Next thing I know I'm getting GINAbot notifications that I upvoted my own comment, one right after another. I don't upvote my own stuff anymore, and getting notifications for something I know I didn't do raised many red flags. Especially when I saw the comments that had been made using my account.
And that's just a couple of them.
I changed my keys as fast as I could, and it instantly stopped, but not before about 10-11 comments had been made from my account. I was able to remove the upvotes from the phished comments, but for some reason I'm not able to edit them out. They all contain phishing links, so if you see those comments, DO NOT click the links. Please, I don't need anyone else to get phished because of my stupidity.
A huge thanks goes to @bex-dk for replying to my phished comments on my behalf, since I wasn't able to edit or delete them. Also many many many thanks to @neander-squirrel, the creator of @ginabot. If not for her notifications, this could've been FAR worse.
Hi there, I'm glad GINA has helped you!
Good news, the account was reported to @steemcleaners earlier.
I know it's a little late, but please always check the URL before login anywhere! Google, Facebook, Steemit, doesn't matter. Phishing sites are everywhere!
Thanks, @neander-squirrel, I'll keep that in mind. Definitely learned my lesson!! Thank you again for GINA!
I am writing GINA's next post right now.
Do you mind if I include a short version of your story above and mention your name?
Don't mind at all!
Great, thank you! :)
What a great way to help others know how to be safe, @therosepatch! I'm so happy to know you were able to hop onto this so quickly and reverse the attacker's ability to access your account.
I love GINA so much! What an incredibly cool bot. I love how she's helped me understand how people are interacting with my posts and friends, too.
I had some kind of weird stuff happen noticing how people were either upvoting, downvoting, muting, etc. It gives you a whole perspective as to how you are perceived in this ecosystem as well as who's who amongst the people around you.
My wife received a similar post and she casually mentioned to me that grumpycat commented on her post, which caused me to grab her iPad from her and check it out as I was experimenting on her post by trying to use some upvote bots and I thought the "upset kitty" was, well, upset and was going to flag her into well, "upset kitty land",
the screenshot was taken today and the comment has been hidden, and (at)prophet0's account was hacked as well and he will be commenting on it, and I am just guessing that honeybeee was just upvoting his comment as he has not posted in a few months. I will be posting my experience with this phishing incident, unfortunately my wife is not only a steemit noob, but also a computer noob, so I had some educating to do with her.
SDG
Thanks for your warnings @therosepatch and sorry for what happened.
Can I ask you how did you made the cool graphic with the rose (I suppose it's a gif) and what operating system where you using when the phishing attack happened?
You should always check https as well in the address bar
Luca 👋
Yeah, now I know to check the URL first, lol. I have Windows 7 on this computer. I don't think anything else has been hacked. It was just my Steem account. I have an antivirus installed, anyway.
All commercial hardware available to American consumers, all browsers, and operating systems are sold with backdoors installed at the factory.
Probably antivirus programs as well.
Security against organic hackers is one thing. Security from the state is nonexistent.
Glad you were able to limit the use of your Steemit account to you and the NSA. At least they don't bother with small change like ordinary crimnals.
Yikes! Oh my gosh thank goodness you caught it and were able to get back into your account!
Me, too!!
Wow, yes. I'm glad that you had the presence of mind to change your keys right away. I think that places you out of the noob category. 😁 Always good to remind people about the bad actors out there.
Haha, thanks, @jasonbu :) I'm glad I was able to do it before the phishers did. I can't imagine having to restart from scratch all over again!
Wow, that is so scary! Thankfully you were able to recover everything. Must have been an incredible scary experience... All the best and thanks for informing us!
here to support a bit.
I found there are a few other accounts also been affected and I wrote about this recently.
@therosepatch, ohh.... seems terrible.
One must keep their accounts safe and should not get trapped in these fancy little baits that offers upvotes or trending posts. Isn't it?
Good to see you were able to change your keys before the hacker did. Resteeming your post for visibility.
Thank you for the resteem! The more that learn before making the same mistake I did, the better!