Phishing reported - Post copied without your permission

in steemit •  4 months ago

Never give your password on suspect or unknown websites!!

I already warned you about several scam attempts (see bottom of this post for a list of them). Here is a new one.

Scam Description

The scammer will act in 2 steps.

  1. He will send you on your post by pretending that someone copied your post.

  2. He will then publish another comment with a link

    He is even publishing the phishing comment in Korean

NOTE: the author of the comment may be different from the above screenshot as the scammer use hacked accounts

If you click on the link in the comment, you will be redirected to a fake Steemit website:


NOTE: the domain name displayed may be different from the above screenshot

After a while, the page will fade out and a popup will appear asking for your credentials:


NOTE: the domain name displayed may be different from the above screenshot

If you enter your credentials (DO NOT DO IT), you will be redirected to the the real steemit.com website.

The goal of the creator of this website is to steal your credentials to hack your account and funds!

Preventive action activated

I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.

If you find similar phishing attempts, contact me on steem.chat

To protect yourself, you can:

  • always double check before clicking on a link, especially if this links take you away from steemit.com.
  • verify the reputation of people writing comments on your posts. A user with a low reputation should trigger you attention.

Previous threat alerts

If you missed them, please find here the previous alerts I published:

reminder

A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:

Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!

Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.

Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.

Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!

4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.

Spread the words, resteem this post to your friends, and you will make the platform safer.

Thanks for reading!


If you notice any new suspect activity like the one described above, drop a comment on this post or contact me on steem.chat



footer created with steemitboard - click any award to see my board of honor

Support me and my work to protect the Steemit platform.

Vote for my witness

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thanks for useful info!....:)...

I wanted to reply to a scam reply, but clicked on (what was instead) a picture. It took me to a strange site. I exited that new site as fast as possible, should I be worried for malisious virus or anything?

(known?) scammer; eruda

·

This comment has received a 3.13 % upvote from @speedvoter thanks to: @everything-4you.

Appreciate you watching out for all this stuff. Someone's phishing attempt was in one of my comments the other day... and it was a quite elaborate thing to track backwards through wallet transfers to the point of origin; and interesting to see how the proverbial "buck" stopped at an account that had made multiple transfers to anonsteem to buy new accounts, a short while back...

I guess we just all have to keep our eyes wide open...

·

Yes, keep eyes open and inform/educate people.

Very informative.. Thank you @arcange for the untiring support to us.

i wanna ask something.Is steemconnect safe to use because it is demanding private keys or owner keys for delegating or transfer amount?

·

SteemConnect is safe, but you should always double check the URl in your browser's address bar

I remember someone saying that their steemit account got hijacked because of this scam.

Damn! That’s pretty smart. Thanks for the heads up

Excellent. Thank you very much @arcange

thanks 4 Notifications :)

bluengel_i_g.jpg Created by : mipha thanks :)항상 행복한 하루 보내셔용^^ 감사합니다 ^^
'스파'시바(Спасибо스빠씨-바)~!

Thanks for the heads up. These type of phishing attempts will only grow alongside with Steemit's growth unfortunately.

So stay safe out there, brothers.

Since my old account was hacked 4 months ago, I'm now have like a phobia on the links that I have to click. I always triple check the site name.

Thanks for all your effort arcange!
Truly appreciated.
Resteemed

·

Thank you @joyrobinson, and glad to read you are now more careful than ever.

hi @arcange have you check
https://steemauto.com
is it safe to use? because this is also demanding steemconnect private or owner keys for registration

·

At first, I would say steemauto.com is safe because it rely on SteemConnect for authentication, but it uses the old version of the protocol, something I find less secure.

Moreover, the website propose to use "SteemAuto" to "Unlock" your account:

This will lead you to the following page:

There, you are asked to enter your password or active private key to comment or vote.
This is something you should not do, because:

  • providing your password will give full control on your account to the owner of the website.
  • providing your active key will allow the owner of the website to access and control your wallet.

Therefore, I (personally) will never use such a website, even if I know its creator and the work he does for the Steemit platform.

Paranoia is mother of security!

·
·

Thank you so much @arcange for your brief guide.i appreciate your effort to guide us from every possible loss.