Phishing: Attacks and Recovery

in security •  9 months ago

Always be very careful about what you click on and where you put your password. There have been a lot of malicious links on STEEM platforms lately that lead to fake Steemit websites. These fake websites look identical or very similar to the real Steemit and ask you to login. When you do, they steal your password.

When they have your password they proceed to take all of your STEEM and SBD. If you have a lot of SP, they may delegate it to their own scam accounts. A lot of good Steemers have lost their investment because of one wrong click.

What Does Phishing Look Like?

Looks a lot like Steemit. The only way to tell is by looking at the URL.

Immediately after clicking on the malicious link it will ask you to login. The real Steemit doesn't do that.

Phishing via Mobile Apps

Always independently search information about an app before installing it. Fake apps for both Dtube and Busy have recently surfaced as phishing scams. Never put your password (aka master key) into any app.

Legitimate apps will only ask for your Private Posting Key, not your password!

Report Phishing

Now there are more ways than ever to report phishing when you find it.

  1. Submit the Abuse Form
  2. Contact us on Discord

What Happens When You Get Hacked?

The hackers usually change your password as soon as they can and steal all your money. Depending on which group of hackers is responsible, the account will then be abandoned or used to spread comments with more phishing links in them.

When your account starts spreading phishing comments, it will be flagged by the Steemcleaners team and other members of the community. Where possible, your reputation will be reduced to 0 or -1 in order to automatically hide the phishing comments.

Restoring Your Account

If you are a victim of phishing then you will need to restore access to your account by going to this URL and filling out the form:

You will need to provide your account name and your version of the password (master key). Using the email that you signed up with is recommended.

After you submit the form, Steemit staff will review the application and start the roll-back process. Once they're done, you will receive an email. It is your job to check your email diligently. The process can take 24 hours or longer on average.

Your Recovery Process

You will need to edit the phishing links that the hackers posted through your comments. For this, you will need to edit each comment to change the text to something else. We recommend a message that you've been hacked.

This is what you press to Edit comments.

Do NOT use the Delete function on comments that have been flagged. When you use the Delete function on a flagged comment, we are no longer able to lift that flag.

Don't use the Delete function on flagged comments!

If the flag is one that was used to reduce your reptutation to 0 or -1, then you will be stuck with that reputation until you receive enough organic upvotes to recover what you had before.

When you're done then let us and other folks who flagged you know that you recovered! The @mack-bot @guard and @spaminator accounts are all part of the @steemcleaners family.

What Can Go Wrong?

A. You may have trouble editing your comments. If that happens, you will need to use direct links. A direct link is a link to your comment alone, not to how it appears in a post.

This is an example of a directly-linked comment.

To create a direct link like this, follow these easy steps:

  1. Go to your Comments tab
  2. Right click on any comment you want to edit and copy its URL
  3. Paste the URL into a new browser window but don't press go!
  4. Edit the URL to remove everything after the category and before your username
  5. Click on the shorter URL and edit away!

You start with this:

And end with this:

B. The comments may be too old to unflag. Remember, we can only remove flags up to 12 hours before a post is cheduled to pay out. Depending on when you notice you've been hacked, get your account back and are recovered, it may be too late to remove the flags. Update: Comments that are past payout may be edited now and should be to mitigate the spread of malicious URLs.

All Clear!

Once your account is fully recovered you are back to business as usual once again!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

What a powerful sharing you are offering us all, especially the ones suffering from this last round of phishing! Thanks a lot for all you are doing to help us all and the platform be more sustainable.

Namaste :)

This is the internet

it's full of dangers

stay safe !!! please

Thanks @steemcleaners who already gave me information about hacker account steemit. I ask you whether I can make your post into the Indonesian language. because maybe comunity steemit in Indonesia there is a victim. if you answer he i will make this right now thanks. greetings from @alfa-good

why the bad guys are so much in this world.

To be safe, always put passwords on safe links only. Password is the most important thing in this platform so once it's stolen, you're money and efforts are stolen too. I hope it won't happen to anyone here.

This is superuseful. I hope people are getting educated about phishing in general. The google traps are so sophisticated.

This is so stressful to read the post and comment here

I had a WARNING! message show up on my most recent post telling me not to click on a comment, and the comment turned gray. I'm glad a bot took care of it.

Have you seen something like this?
Screen Shot 2018-03-22 at 5.49.31 PM.png

I am against impostors who are trying to impose their own rules on everyone. You put a flag on me and made a loss of about 10 SBD. Since I have a small voice, I will have to obey the bandits. I have fulfilled your conditions. But, then you will give me back my upvote. I make content and make it interesting for my audience. You are engaged in extortion from the authors and hinder the development of social networks. And you make money on it. You are not free fighters for your ideas. You are thugs who earn extortion from the authors. I will put flags to all your posts until I bring you the loss that you brought to me.

This is what it looks like once a hacker gets ahold of your account and they start spamming people from it

Hey @steemcleaners last week I was hacked and I immediately realized what was happening and quickly recovered my stolen account - password has been changed, but my SP is still delegated to the hacker themselves and inaccessible to me ( or them for that matter)....

The SP just is sitting in my account and I cannot access... I tried the URL where you undelegate back to 0 vests but this did not work (error code came up) what should I do to hopefully get this SP back that I worked so hard for and also when editing comments like you mention in this post - I am having a hard time removing the comments that are hidden on my post responsible for this original scam...

thought I would reach out for some guidance and help. Please get back to me at your earliest convenience, it would be greatly appreciated



Looks like you removed the delegation. It takes 7 days to cool down and return to your account.

Unfortunately you can't remove other users comments. That is why we flag to hide them.

Hope that information helps.


OMG I will be so astounded if my SP returns to me.... I have been absolutely distraught these past 5 days ..... I coulda swore it was gone poof wallah for good. Thank you so much for reaching out, I really appreciate you !!

Much respect <3


hey @patrice just wanted to thank you again for reaching out and showing support, it really does mean a lot to me. Recently posted my first post since ive been back in control of my account and it included a thank you to those who helped me out, you included, of course

you can check it out here it you are at all interested

much respect and appreciation from me to you
Hope to be hearing from you soon