Phishing attempts are running and use fake comments with images

in steemit •  7 months ago

You must be particularly careful because this pernicious phishing attempt is spreading again on Steemit!

I already warned you last month about this scam attempts. It seems that scammers are taking advantage of the fact that the network is currently weaker and that many of the protectors of the platform are busy putting their servers back in order to reactivate the old phishing campaign.

Unfortunately, because of the recent infamous HF20 crash, my warning bot is not working at the moment and you might get my usual warning a bit late. So, be particularly careful and careful!

Scam Description

The scammer will send you a comment like this:

NOTE: the author or the content of the comment may be different from the above screenshot

If you look closely at this comment in detail, you will notice that it is actually composed of texts and images that serve to mislead the user:

How does the scammer wants to trick you?

  1. He uses a fake “upvote/reply” image to simulate the end of his comment.

  2. He uses an image containing a well known user name with a high reputation, in our example it is @exyle. Did you noticed there is no avatar in front of @exyle's name?

  3. He adds his phishing comment with the poisoned links. You may think this is a comment from @exyle.

  4. He adds a fake “upvote” arrow and “reply” link, embedded in an image with an underlying link to the phishing website.

  5. He adds a a bunch of blank lines at the end of his crafted comment to hide the real Steemit’s “upvote/reply”

Of course, @exyle as nothing to do with this scam. He confirmed that his account has not been compromised!

If you click on the link in the comment (the one that contains your supposedly copied post) or if you want to “upvote” or “reply” to “@exyle’s comment”, you will be redirected to a fake Steemit website:

NOTE: the domain name displayed may be different from the above screenshot

After a while, the page will fade out and a popup will appear, asking for your credentials:

NOTE: the domain name displayed may be different from the above screenshot

If you enter your credentials (DO NOT DO IT), you will be redirected to the the real website.

The goal of the creator of this website is to steal your credentials to hack your account and funds!

Preventive action activated

I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.

If you find similar phishing attempts, contact me on

To protect yourself, you can:

  • always double check before clicking on a link, especially if this links take you away from
  • verify the reputation of people writing comments on your posts. A user with a low reputation should trigger you attention.

Previous threat alerts

If you missed them, please find here the previous alerts I published:


A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:

Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!

Rule 2: Use your posting key to login, post and vote on trusted websites like or

Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like

Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!

4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.

Spread the words, resteem this post to your friends, and you will make the platform safer.

Thanks for reading!

If you notice any new suspect activity like the one described above, drop a comment on this post or contact me on

footer created with steemitboard - click any award to see my board of honor

Support me and my work to protect the Steemit platform.

Vote for my witness

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thanks for helping to keep our community safe...This makes me angry! we Steemians don't tolerate that kind of crap here! they can go back to one of the other crappy platforms where that stuff belongs :)

Great job in outlining how scammers format comments to lure victims to malicious sites! Attackers are creative. Keep up the good reporting.

If only that guy used his brains in something positive! That's a masterpiece phishing attempt but sadly it's not gonna do any good to anyone! Upvoted and Resteemed @arcange.


I have to admit I have always been impressed by the creativity of these people, despite the fact that it is actually misused. Thanks for spread the warning @hungryhustle.


Cheers @arcange! Thanks for your commitment to safeguard the blockchain.

There should be an easily identifiable sign that "text" is actually an image, anytime images are posted in comments. For example, the word image should automatically appear beneath any image that anybody posts in a comment, malicious or not. This will alert users right away if an image is disguised as a comment.


This is a good idea. I will forward it to the devs.


These scum will stoop to any level for a quick buck. People have to be so careful as it's easy to be caught out. I really recommend using a password manager like Lastpass as that won't supply your passwords if the site URL is wrong, but even so there may be cases where even that can be fooled.


@themarkymark has a post with many options of password managers. More info about these latest phishing attempts.HERE

Thanks for useful info!...:)... Resteemed!

Thank you @acrange for your help and support we all have to make a team to find these hackers.Resteemed the more people read it the more they are awake.You are doing a great job by fighting against scammers I am going to vote for your witness too


Thank you for your support @lovepreet2511, really appreciated!

Thanks for the detail. Upped and Resteemed.


Thanks for spreading the info.

Resteemed for awareness and upvoted. These scammers tried a similar approach already where I was reporting some via comments - but using photos of known Steemians as a new step they try - be careful when adding any keys on any site. Always check the URL and never give out your master keys please!

Thank you @arcange for this and the work you do to try to secure the network.

So basically if you're redirected and asked to log back in .... don't..... close out and go back to steemit home page and log back in? Thanks for the info. Much appreciated!

Clever hoax, I'll give him that.

Wow that is sooo tricky and would be super easy to fall for. I feel terrible for @surfermarly and I hope she is able to gain control of her account again soon.

Thanks for spreading the news on this scam. re-steemed.

@arcange, thank you a lot for this extremely important post! Upvote and resteem! I hope some of my followers will read it!

Posted using Partiko Android

Be careful about what links/images do you click on on Steemit, because you can end up hacked, like @surfermarly.
73 Reputation, more than 10 000 followers (10 302 followers at the moment), more than 2400 Steem Power (2400.079 Steem Power at the moment), and her account got hacked!
Sad to see what is going on on Steemit nowadays.



Thanks for doing this!!

Posted using Partiko Android


they seem to pop up whenever the STEEM price goes up a little

They are becoming more dangerous and professional. Many users will fall for it. I will resteem it and hopefully people will be careful. It is very sad. They stole a lot of money lately.
Like this account :

Thanks for the heads up! Resteemed to help spread the word

Posted using Partiko iOS

Why can't these scanners use the knowledge they have for doing something good. They make my blood boil taking what's not there's. Thanks for the warning :)

thank you so much for the alerts. we love you @arcange


Thank you for your unfailing support @banditqueen

I have found this article very useful. It will help me be in good shape and become more careful in my dealings with scammers. Thanks so much @arcange for the update.

thanks for the tip, i will take more care now.

Thank you @arcange. We must just think and follow your guidelines. Think before you click anything and do not hand out keys.

Dang that's clever. I didn't notice a profile pic was gone until you mentioned it. Thanks for watching out for us.

Posted using Partiko Android

Merci pour ce post très utile, je vais en parler aux personnes qui utilisent steemit! 😊

Hay que estar pendiente de no abrir link extraños , debemos asegurarnos que no es fraudulento . Saludos

Lo que tenemos que tener en cuenta es que ante de dar clic a una vinculo hay tener muy presente de done proviene ya que eso vinculo se puede prestar, para mucha cosa gracias por esta información.

Yikes thanks for the warning. This kind of behavior is completely vile, and I hope we can stamp it out to discourage people from taking advantage of honest, hardworking people.

woww this is something really nice by you brother thanks for letting steemian knows

I remember this exact type of phishing appearing not so long ago. I guess they have on and off periods, to lower people's vigilance.

Oh my god, to what extent can a twisted mind be smart just to hurt othersand steal their efforts. I never click suspucious links yet would candidly upvote a comment. Does it show white on night mode? Maybe it is safer.

Thanks, this is very important to know, Can i Resteem?


Can i Resteem?

Of course. The more informed people are, the better!

Thanks for the warning @arcange! Resteeming the warning.

Thank you very much for all you do to protect our Steem blckchain @arcange!

Excellent post about the latest scammy attempts to steal from those who clearly have no principles ...

Upvoted and resteemed. Keep up the great work!!

Posted using Partiko Android

Bastards! Thanks for the warning mate, will definitely resteem.

Damn. These criminals are getting really creative now. 🤔

Thanks for the Info

I just don't click links people send me. =\ Reason being? I'm from the deep web, I don't trust a god damn thing.

Thank you very much for very useful information!

Posted using Partiko iOS

They all try to trick us!


Thanks for this write up. We have submitted a take down request with the infringing website hosting provider.

Resteemed and shared on Utopian Discord server. Thanks @arcange

I'm a newbie and posts like this are really helpful. Thank you so much for the initiative. 👍

Thank you So much @arcange. This is an enormous help to the community

WTF! This is another level. Now I'm scared.

Thanks@arcange. Your are always there to support
and guide neww comers.

I was just thinking how suitable it was to steal acoounts of many when steemit is down by using some domain tricks. But this phishing attempt is more comlicated and hard to notice, thanks for information, resteeming the post.

That's incredibly detailed info on this scam shit, will share it within my communities. Thanks!

That was a great information. Thanks for warn us regarding these cheater. I will be careful after reading your post. You did a great job. Thanks again for the post

This reminds me of an ATM modifications compilation.
It's ridiculous how smart some scams are.


Scammers use the flaws of our behavior. Weither it is smart or not depends on your point of view ;)


Most people are not obsessively compulsive skeptics about everything.
You call it exploiting a flaw, I call it exploiting people's comfort zone.


I like my comfort zone. Do not threaten it ;)

Jokes on them. no one wants to steal my shitposts

Hi @arcange!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 7.711 which ranks you at #40 across all Steem accounts.
Your rank has not changed in the last three days.

In our last Algorithmic Curation Round, consisting of 597 contributions, your post is ranked at #5.

Evaluation of your UA score:
  • Your follower network is great!
  • The readers appreciate your great work!
  • Great user engagement! You rock!

Feel free to join our @steem-ua Discord server

Freaking well done post my friend. I am very grateful you have kept this account alive. I will resten the post, sadly right now I can’t upvote my SP is low. However, this post seems to be doing quite well nonetheless. 👍🏻

Posted using Partiko iOS

howdy sir arcange! wow these suckers are disgusting to me..but somewhat sophisticated also. Thanks so much for this well written and important warning and for keeping us safe!

How we can know if our account was victim of pishing? I think yesterday I had to re~login many times and now i read this I became paranoic


Did you relogged on Steemit? If not and if you still have control of your account, better to change your password!


Thanks for answer, I have control of my account but not sure if I clicked on something alike your warning..I didn't know I could change Steemit password

Merci de cette alerte, une version française est-elle prévue afin que je puisse la resteemer ?
J'avais déjà voté pour toi en tant que Witness. Bonne journée.

Oh! thanks for letting us know. I am safe now. Hope that other users will come to know about it and save themselves.

Thanks for sharing this i will totally fall for it now i have a little idea on what to look for thank you

@arcange how to get rid from these scams


I don't think we really can't get rid of it.
Meantime, best thing we can do is to inform and educate users.

If I could Resteem this, I totally would.


Nothing prevents you to do it ;)


No, Resteems can only be done on posts, that are less than 7 Days old.
Any time after, the Resteem Button disppears.

thanks for the info , resteem to spread these info.

Posted using Partiko iOS