HEADS UP: Just Got A (Spear?) Phishing Email! WARNING & Advice BelowsteemCreated with Sketch.

in scam •  2 years ago

When running through my Email, I saw an Email purporting to come from "noreply[at]steemit.com". It had this Subject:

Welcome to Steemit! Confirm Your Email

And this in the body:

To continue, please confirm your email address by clicking on the link below

[link snipped]

I immediately spotted this as a phishing Email - quite possibly a spear-phishing Email - because my account is months old. That's why so many phishing attempts go wrong, by the way: they don't make sense.

But it would have made sense had I just signed up. (!)

So, please use this guide to spot a phishing Email especially if you're a newcomer:

Spotting The Phish!


It says noreply@steemit.com via sendgrid.net Look carefully at the "From" field. You should see that it was sent through sendgrid.net. If that's not there, delete it!!

Remember to hover over the link before clicking it!

When you hover over the link, the domain for the link should include sendit.net. (I know this because I deliberately signed up for a new second account so as to get a legitimate confirm Email.)

If you haven't picked up the habit of hovering over all Email links, now's the time to get into the habit!

I cannot emphasize enough: make it a habit to hover over any and all links you get through Email. Phishing Emails always make themselves known via weird-looking links, especially links that are different from the raw URL in the Email.


This is the phishing Email I got. It says noreply@steemit.com without the "via sendgrid.net". Had I not screenshot it for this post, I would have deleted it.

Please watch out!!

I hope this brief warning helped. If you want to spread it around, feel free to copy and reproduce it. Just ask, and I'll send you the raw markup code.

(Outside images from here, here, here, here, here and here.
(The rest are my own screenshots.)

Anti-Phishing Info Links:




Thanks for reading, and stay safe!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

what can one do once a phishing link has accidently been pressed?


Stop what you're doing and shut the browser tab. Don't enter any information into any form, especially not your password!

Afterwards, you might want to clean your system with Malwarebytes.

Thanks for the info. It's mainly about context with these kinds of scams. Good stuff.



I guess I have an advantage because I always hover over an Email link before clicking it. Out of nothing more than curiosity, I guess. Funny how that little habit protected me.

Thank for the info, i like it.
follow me and upvote @fahmiauliasfr


Yes, you are welcome. Happy to help, you are a good friend.

This is my first reply to a post on Steemit. I came across this post when I received my account approval email from Steemit and I was concerned that it was a phishing scam. It turned out that it was a legitimate email, but I would like to share my story.
I originally applied for my account on May 27th, 2018 and received a confirmation email from "noreply@steemit.com", but there was no "via sendgrid.net" in the header. Also, I use Protonmail and the server flagged the email as "This email has failed it's domain authentication requirements. It may be spoofed or improperly forwarded!". I went ahead and clicked the "https://signup.steemit.com/confirm-email" link which when you scrolled over it did show a "sendgrid.net" address. Everything went fine and I didn't really question it. When I received my account approval email on June 6th, 2018, the email was flagged in the same way by Protonmail and still did not have the "via sendgrid.net" in the header. I became concerned and went to the #help chatroom in Steem Chat to try and verify that the email was authentic before clicking on it. A moderator confirmed that it was a legitimate email and I was able to get my account approved and am now making my first reply.
Anyway, this long winded description is just to let people know that just because the email does not have the "via sendgrid.net" in the header, does not necessarily mean that it is a phishing email and not from Steemit. It is best to be safe and to take all precautions, but just be aware that it still might be a legitimate email and apparently Protonmail might flag it regardless. Thank you for reading.