PSA: Really good phishing attempts ongoing, be extra careful where you enter your keys!steemCreated with Sketch.

in steem •  last year

Hey there,

A quick warning to all steem users. There are some well-made phishing attempts going on who try to get you password. If you entered your password in a phishing site, please immediately change it at https://steemit.com/change_password !!! (this deserves three !!!)

One example of a phishing attempt is this post (I only provide screenshots and no links so users don't attempt to click them):

This user tries to get you to click on a link. Under it is a lot of intentionally blanc space to give you the feeling of a paywall. If you click the link you get to (Translation: not safe (no https, a first indicator that something is wrong) and not steemit.com as the url):

It now shows you a fake screenshot of the same article and a fake login box. If you enter your password here, the scammer succeeded. To iterate again: If you entered your password in a phishing site, please immediately change it at https://steemit.com/change_password !!! (this deserves three !!!)

I flagged this specific post and will flag all other attempts of this sort that I know of. Please always check the browser url before you enter your keys and use your brain. If something seems off even by a small bit, stop and think for a second. If you notice something new or something weird, go through this checklist:

  • Is the url steemit.com?
  • Is is a https site?
    • If you can, verify that the certificate is valid:
  • use a bookmark to steemit.com to be extra safe
  • never click on links from email or inside posts
  • if you are unsure, ask others to have a second look. You can always ping me on https://steemit.chat/direct/reggaemuffin if you think something is off

How to change your password:

Click on this link in the sidebar. Make sure it really is this url:

Enter your username and your old password. Then click on Generate Password and save it somewhere safe. reenter your password and check the disclaimers. Then click on Update Password.

If done fast enough this will lock out all scammers from your account. Be sure to not fall for them next time. If you use services like Steemvoter, remember that your keys changed and you have to give them your new key, if you want to continue using their service.


I am watching the comments under this post, so if you have something to add to this list, please leave your suggestion.


To support me, vote for @reggaemuffin as a witness:

Go to the witness page https://steemit.com/~witnesses
Scroll down and enter reggaemuffin in the box:

Click on Vote
Thank you for supporting me :)


-My original witness post-


https://steemit.com/witness-category/@reggaemuffin/witness-reggaemuffin



Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Dear @reggaemuffin and all dear Steemit users!
I firstly apologize for being so stupid to click on this post, but the title seemed interesting...
I gave my posting key, because the pop up window looked the same as if I was logged out of Steemit.

And then the nightmare started....

Someone posted the same viral post in my name three times and started making upvotes. I immediately wanted to warn others not to fall into the same trap and tried to post a comment under the original post, but this has been deleted.

Then I changed my password and tried to delete the spammer posts somehow, but I could not succeed. I could delete the content, but the first tag remained (bitcoin, cn etc.), I could not change it to "spam".

And I got receiving downvotes and all the bad replies on what a monster I am for posting such a shit.

I was really shocked, I felt embarrassed and puzzled, I really did not know what to do. I tried to post and ask for help, but @cheetah immediately commented on me and said I was a spammer, and ID-thief.

It was so miserable.

Finally I managed to get in touch with @patrice on steemit chat, and I received a wonderful assistance. Thanks again for it! I was cleared from the black list and finally the great darkness around me started to dissolve.

I would like to thank everybody in this community for helping me in the recovery. Now it seems that things are getting back to normal.

And I have learned a huge lesson: look at least twice before you type your key and click on anything suspicious.

BEWARE OF "WELL-SOUNDING" POST TITLES posted in popular tag categories.

PS: I hate people who use their creative energies to hurt others....

·

I am glad that you are safe now!

We had to flag your posts so other users don't fall into the trap. I gave this comment a big upvote, so your account should not have lost anything from the flags it received.

Pushing this to the top of this post so others can read as well :)

·
·

Thank you very much I really appreciate your help!
I learnt my lesson I think... Hope others will learn from my mistake too. :-)

·
·

Voted on you as a witness! :-)

·
·
·

Thank you for your support!

·

These scamming attempts work because they make it look like the original site and only a moment of paying less attention is enough to get the nightmare started. :/ Thankfully you got everything fixed. If these phishing douches will do the same here they do everywhere else, then the next steps will be photoshopped positive comments glorifying the article and fake emails. "Enroll in the monthly Steem giveaway! Win up to 1000 Steem!" OR! Using someone's name+picture for an article to deceive their followers. Slightly changing the name, sometimes it's really difficult to see the difference.
Check this: ksoIymosi with a capitalized "i" as the 4th letter. and then the original, ksolymosi.
ksoIymosi vs ksolymosi.

·
·

OMG, that is almost impossible to notice...
I hope you won't be right, but I am afraid that these bastards won't stop here...

·
·
·

Capitalization doesn't work for names though.

·

Wow! That’s crazy!

·

They're not worth your hate.

·
·

You are right :-)

·

my reputation is just a bit higher then yours but my upvote should not give much in the way of money but might give you just the little rep bump...
and you are right, it is sad that people use their creative energy for stuff like this...

·
·

You are very kind, thanks a lot!

·

The burnt hand teaches best... sadly. Glad to hear you are more wary now.

·
·

You are right! Thanks!

·

Good for you in your persistence and efforts. Good for us that you posted your work about getting back to the fold. Inspirational thank you. Good things can happen in very odd ways

·
·

Thanks a lot!

·

Changing passwords is something most people put on their need to do list ASAP, and before long, they’ve started perusing articles and it never gets done.

Others are wise and disciplined and change their passwords frequently.

I am 99.9% sure I ‘fell’ for one of these scams in the past week or so.

I’m probably just over paranoid after learning about this; but, without logging out, I got a requirement to log in on attempting to read a post.

In my ‘haste’ to read the article, I re-logged in.

Now, of course, this is probably my imagination. And wisdom, said then, and roars even louder now,

Change Password.

Thanks for being the patient example to the benefit of the rest of the community.

Peace.

·
·

Thanks for your support!

Vote #1 Reggaemuffin for witness - let's get him in the top 20 folks!

more effort goes into scamming people than actually writing good posts at this point

Nice post on creating awareness!

I wrote a post here on how to protect yourself on phishing websites.
https://steemit.com/cryptocurrency/@dwongch/crypto-security-aaa-protect-yourself-and-others

Stay safe!

Saddens me to see how much creativity and effort is put into creating new ways of screwing others over. A cost both to those who gets F*&/ed and an opportunity cost generally...

Great to see that the community picks this up quickly and shares it to prevent further damages. Cheers for sharing.

Cryptoland is scam-heaven... really sad.

Nice share and good information for me and the others

Wow. Danke für die wichtige Information. Ich glaube wirklich, je populärer Steemit wird, umso heftiger werden die Attacken auf die Accounts der User. Mann kann vor allem die Passwortsicherheit nicht oft genug betonen.

@reggaemuffin WHAT IS UP BOSS !!?? ITS THE BIGFOOT WEEDZARD @nejc1107 HERE !

Bro just wanned to say that i come across here just becouse your DOPE COOL NAME !! haha ur the man :) i will follow u up :) so we can keep in touch !

All the best brooooo ! :D

Here is the missing piece we spkoke about @reggaemuffin
i made a little background history Post about it

So what happened to that skolymosi? Did he get banned? IP blacklisted?

Kicked out and never welcome again?

·

As soon as the account is recovered and the account owner contacts me I will remove them from the @cheetah blacklist after I confirm they have secured their account and they understand how it happened. This is just a temporary measure to help stop others from getting scammed.

·
·

hey @patrice you're doing much needed hard and good work, but could I have 2 minutes of your time at steemit.chat or discord?

·
·
·

Sure. Either one.

·

It can be that this as one of the scammed accounts, as the scam is spreading with each victim. @patrice is currently working with @cheetah to hide such posts while the accounts get recovered.

·
·

I get it. Once your account is hacked, your blog will function as bait for others.

Go Team Cleaners!!

·
·
·

If you notice any new phishing posts that are not hidden, please mention @patrice and @reggaemuffin so we can react :)

·
·
·
·

how many times are we allowed to change password in a year or the whole Steemit life?

·
·
·
·
·

Infinite times. There is no limit to it.

thanks for writing this to help people! Resteemed!

Be safe be smart be secure.
Good luck
@reggaemuffin
Regards,
@juliawilliams

Interesting post i think steem will ride on rocket soon. @reggaemuffin
Follw me
@juliawilliams

It is very easy to avoid such issues by incorporating a Two Factor Authentication for signing in. Everyone has a phone these days, and one form of identification could be to authenticate by way of a code sent to the phone. So it is not too inconvenient for users, and in fact people will appreciate the additional security - just as all of us appreciate the extra security at airports even though it adds to the waiting time.

I did read an earlier post about why n-factor identification would be an overkill for a social media site. Every established website has this, at least as an optional feature, so there is no reason why Steemit shouldn't have it too. All the more reason since there are financial transactions occurring on Steemit, and most active users also have money stored in their wallets.

Please let me know if you think that it is not a good suggestion at all.

·

That is sadly not possible, to cite my other comment:

2fa won't work in a decentralized environment. To enable that means steemit(the company) would have to be able to block any transaction on the network from happening.

steem has the owner key/master password that is exactly for that purpose. To keep offline in case of crisis.

And it has a recovery process if your owner key got compromised, where your last owner key and your recovery account (most likely steem) together change your owner key to a new one, recovering your account.

It appears the user @ksolymosi, who "published" this post may have been actually phished first. Read her appeal here:

https://steemit.com/helpme/@ksolymosi/heeeelp-i-was-trapped-by-a-phishing-post

·

Thank you for researching this! Yeah every scammed account spreads the scam. I should probably have edited the name out, but at that time I didn't knew that 😊

this is very valuable, please guys be careful

Thank you very much for exposing the scam
Scarry stuff
We need to keep them out of Steemit.com

Thank you for the heads up. That is certainly scary. Need to double check everytime it asks for a pw.

Hey boss

Thanks for this great information, it will surely save a lot of people from trouble. Resteeming and maybe if everyone can as well, it will eliminate this bloody scammer and save more steemians

thank you for your update @reggaemuffin

Thanks for the info,it is in deed help to secure yourself from those scammer who want to scam people of their money,may God save us. I hope the steemit ceo should help out on how best to help secure our account

good work
nice information

thank you so much

I really wish the crypto world wasn't plagued with such people. :/

Very very good work
nice information

Thank you so much

It would be really good for steem to introduce something like 2fa - at least one pin or seed that would be completely paper bases and let us reset every password - even master.

·

2fa won't work in a decentralized environment.

steem has the owner key/master password that is exactly for that purpose. To keep offline in case of crisis.

And it has a recovery process if your owner key got compromised, where your last owner key and your recovery account (most likely steem) together change your owner key to a new one, recovering your account.

there is such a need for education here.
Also I hope people are using more and more only their posting key to log in.

thank you, your posting is very helpful to us, you are worthy to get the award, your effort has been happy to people around you.

Thanks , for the informative article !

Always be vigilant at all times and watch out use you're brain. You're steemit account is like your bank account, malform are eager to take it from you.

Thank you for the post. Can you elaborate on not clicking links 'in posts' and how to avoid a bad link? The not clicking on emails is almost standard procedure now but a link ON Steemit would be something most of us would click. Is that what you were referring too?

·

There is a difference between 'on steemit' and 'in a post'.

I could right now in this comment put a link to superduperscam.com and you should not click on it. But for example the steem logo in the top left corner of the page is safe.

·

If you hover over a link, you can see where it will really take you on the bottom left corner of your browser window (not necessarly true for cell phones) , for example sometimes we make:

pretty name link
some times we just paste the link:
http://steemit.com
But it is possible to trick you into
http://steemit.com

Hover over those links and find the one that will trick you into a different place.

It is just my profile, but a scammer can trick you into going to superduperscam.com

Links in articles are good because sometimes they take you a good article, or to the following article, or to other article that gives context, by hovering before clicking at least you can make sure that it is taking you to where is claiming to take you...


@patriot if you are still up to make those security series, this is something you might want to cover.

You are right,security is biggest concerns than govermnet polices
I also recommend strong passwords

Thank you so much for sharing this! Have resteemed it to spread the word!

This post has been resteemed by @mrsquiggle courtesy of @scooter77 from the Minnow Support Project ( @minnowsupport ). Join us in Discord.

Upvoting this comment will help support @minnowsupport.

This post received a 20% vote by @mrsquiggle courtesy of @scooter77 from the Minnow Support Project ( @minnowsupport ). Join us in Discord.

Upvoting this comment will help support @minnowsupport.

thanks , and thanks for you attention! This will indeed help new users not to fall to the tricks of someone.

If only these criminals used their ingenuity on more constructive issues, we would be colonizing other planets!

Thank you for this! upvoted and resteemed!

Man thanks for the warning talk about being sneaky

Wow 😳 that is so terrible that people's passwords are getting stolen like this. Thanks for the warning, will be on the lookout.

All the work that goes into cheating others. Some talented people, too bad they do things like that.

My fans like to get click happy while they taste - this should help them.

Damn, phishing attempts on steemit!! Not good, but thanks for making us aware about these. Go to hell phishers!!!

really helpful. great work.

Congratulations @reggaemuffin! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

I Am going to change my password...hehe

Congratulations @reggaemuffin!
Your post was mentioned in the hit parade in the following category:

  • Pending payout - Ranked 10 with $ 228,29

Thank You @reggaemuffin this could save a lot of people from some major headaches in the Future...............

Thanks for the warning. I will follow the tips word for word.

I like to write these short test comments

wonderfull post man @reggaemuffin .the post about steemit was very usefull.

Very good . . Thankyou for sharing @reggaemuffin. .

Great article explaining the procedure of changing password. And thank you for informing us about fishing attempts.

@reggaenyffin this is an info that REALLY MUST TO BE SPREAD
thank you for bring this up, and I'll do my part to make people aware of it as much as I can too

Great content dude! This should be resteemed more!!! (yes!, this also deserves three !!!) :D Thank you for sharing!

You inspire me alot. Keep writing, keep being yourself. Thumbs up!

I saw that post earlier.
I muted it...as I do all such posts.

I learned my lesson. Thanks again for the help.

Thank You for bringing out the issue

Thanks for the warning

very useful for us, useful information for Steemians.
Thanks @reggaemuffin

Thank you for the heads up hey! I really appreciate your blog. God bless!

Really helpful...thanks for the information

Thank you @reggaemuffin for this helpful post. Now I will be extra careful every time I will log into my account. I hope everyone gets to read this so no one falls victim to it. resteemed, upped and followed.

Follow me

Good advice, these sort of scams (for everything not just Steemit) are getting very convincing - sometimes you really have to look hard to realise it's not the real thing. The simple and best defence as you say is to avoid clicking links and manually enter the url you wish to go to where possible.

I thought i just saw someone has posted that kind of article last few minute ...lucky enough not trap by someone who does that...even i have nothing on my account ...😂😂

Thank you for shedding a light to those pepple pshing. Goodness gracious!

Thanks for your information. It could be so valuable and important to know.

@alexKARKI

very nice guides. thank you for sharing..

I cant..

nice

Thx for your post.. joined in may 2017. inspiration for me and a lot of us.. keep up the good work.. I hope you will have a look at my posts once.. for example today https://steemit.com/photography/@rival/just-some-pictures-sunday-walk-in-nature

@reggaemuffin thank you for reminding us,
this is a very useful post for all users of steemit accounts.
but I've done this from before.

Thanks for the password warning. I'm particularly careful about logging in where others may see. I keep the password separate from my laptop so I hope I'm securing it in a good way.

nice information @reggaemuffin, thanks for sharing :D
upvoted, resteemed , followed and witnessed ...

So sad that misbehaviour is everywhere online today, Oh well warnings are the best to listed to and thanks for your presenting this content @reggaemuffin appreciated.

Smile at @ksolymosi it's a new day and you are on track again.

Dear @reggaemuffin.. Thank you for this post.

thank you for the post

Congratulations @reggaemuffin! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

hello @reggaemuffin
it is very important news for the members of steemit
nice to meet you, i really like you, can i get your discord

I saw someone on YouTube talking about getting hacked they had about 34,000 too I don't know if they cleared out before that. Are there steemit wallets?

This is very good post and to be careful!

i got bann friend i dont know why :((