Phishing reported - Scammers use account's profile

in steemit •  last year 

Scammers have refined their trap with a new technique to catch their victims!

The fight between the community defenders and phishing scammers is raging. As their usual phishing technique (publishing malicious links in the comments) turns out to be ineffective, scammers are showing amazing but dangerous creativity by improving their phishing techniques

Be very careful and read this!

Scam Description

The scammer publish the following comment on user’s post

NOTE: the username may be different from the above screenshot

As you may noticed, there is no link to click. Instead of inserting a phishing link in to the comment, the scammer invite you to have a look at its profile.

So ...let’s go visit it:

NOTE: the username displayed may be different from the above screenshot

And here we are: here is the phishing link that the scammer wants you to click!

If you click on the link in the profile, you will be redirected to the following site:

NOTE: the domain name displayed and the background image may be different from the above screenshot

Lower on the page, there is a description of the “services” provided and an “Join Now” button.

If you click on the “Join Now” button, the following page will be displayed:

The site is a fake SteemConnect login page!

The goal of the creator of this website is clearly to steal your credentials to hack your account!

Preventive action activated

I updated my Warning-Bot to take into account this new scam technique.

I will add any account sending phishing comment to the blacklist of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.

If you find similiar pishing attemps, contact me on

To protect yourself, you can:

  • always double check before clicking on a link, especially if this links take you away from
  • verify the reputation of people writing comments on your posts. A user with a low reputation shoud trigger you attention.

Previous threat alerts

If you missed them, please find here the previous alerts I published:


A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:

Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!

Rule 2: Use your posting key to login, post and vote on trusted websites like or

Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like

Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!

4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.

Spread the words, resteem this post to your friends, and you will make the platform safer.

Thanks for reading!

If you notice any new suspect activity like the one described above, drop a comment on this post or contact me on

footer created with steemitboard - click any award to see my board of honor

Support me and my work to protect the Steemit community.

Vote for my witness

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thank you @arcange for all you do!
I voted for you for my first witness.
You do great work in protecting the
community!! Thank you 👍


Thanks a lot for your support, @shasta. Really appreciated!

Really Superb work man .. really .. again say thanks for saving us from spam person...
I definitely voted for you for my witness man !! Follow you ..


Glad to help and thank you for your support!

Thanks for your contant awareness, @arcange. It must be one hell of a job to stay up -to-date... ;0/

  ·  last year (edited)

Thanks @simplymike.

Yes, I can say that monitoring what's going on with scammers is eating my free time and taking me away from more funny projects.

Anyway, protection of the weakest sometimes requires sacrifice.


I can relate to that. It seems like I’m spending more time in the steemcleaners channel, writing awareness posts and helping people to recover their account and rep than anything else.
But that way, at least I don’t feel completely frustrated about the fact that nothing can be done to stop this..

This is getting out of hand. I'm grateful for all you do and your updates, and those of others who come across these phishing schemes, but is there truly nothing else that can be done? If these folks aren't brought up on charges for attempting to steal or actually succeeding in hacking accounts, they will continue to come back.

I've heard that accounts can't be shut down. Is that an ethical standard, or is that code? Surely, if the former, phishing reaches whatever standard there must be for shutting down accounts. If the code won't allow, then we need to seriously petition for it to be added for criminal activity.

These folks will just become bolder and more sophisticated in what they do. They will always be one step ahead, and they will only have to win once. There's no way we can expect all of us to be 100% vigilant, especially the newbies. Without some kind of central alert system, these warnings go largely unseen by even the regularly active users.


Hello @glenalbrethsen, thank you for your comment.

I've heard that accounts can't be shut down.

Unfortunately, this is not true. We are working on top of a blockchain where code is law. The is no mechanism implemented to ban or disable an account. This would require some kind of centralized authority and could lead to censorship.

There's no way we can expect all of us to be 100% vigilant, especially the newbies.

True, but doing nothing would be worse. I try to do my best to inform and educate people, I and hope it will slow down the proliferation of scam attempts.


Definitely believe the education and information should continue. And I can see how any action that shuts down an account today over criminal activity could lead to something like censorship, because the door is open and there's always going to be someone who takes advantage of the code.

So, what about prosecution of criminal acts? And barring that, what about an alert that pops up when you sign on? Some kind of alert system that goes out to every logged in account? That wouldn't seem to be that hard to implement. Or would that lead to some other kind of centralization?

Kind of frustrating when we're trying to keep things decentralized and also secure. Open and private. They don't seem to play together very well, at least not in some instances. :)


So, what about prosecution of criminal acts?

You have to look at things separately.

On one side there is the blockchain, which is decentralized and which has its own activity, controlled by the code. Since this part is really decent, it is up to the victim of malicious actions to file a complaint.

On the other side, there are different clients (,, esteem, ...) that are used to access blockchain information and to manage the activity of their own account. These customers are centralized and it is up to them to take the necessary security measures to protect their users.

Concerning the possibility of complaints, it is unfortunately difficult to prove which client has been used to perform actions. And hacking has often been made possible due to the negligence of the user.

Finally, it is hard to clearly identify the criminals.

It is therefore likely to be a legal puzzle.

One of the most useful tool in combating the schemers and scammers is your alerts. Thank you @shasta and @simplymike for your resteems and alerting me, now my turn to alert my followers.


Great Post , resteemed ! Keep up the great work you do :)

Appreciate yr efforts to clean up Steem ecosystem

Thank you for information @arcange

Thank you Sir for your information.
God bless

Thank you for all your hard work! All excellent advice. I always look out for bad grammar as another give away

Thanks a lot for your Information #arcange

there so many scammers now on Steemit !!! they want to steal money !!! just feel sorry to those who got scammed by them ..

There are a lot of scammers like that here on steemit unfortunately, but this is a really good article.

Thank you for this information. As a newbie it is hard to keep up with all the dangers.

You have confirmed my suspicions, I am leery of any of those upvote schemes.
Thanks for all you do.

Good advice. Check the URL of the websites you go to. People can hover over links and look for the name of the website (URL) on your bottom left screen of your web page in your web browser. Some people may forget to do this. Not sure what to do on phones. I use my laptop and I use Firefox as my web browser most of the time. Only go to websites you trust or at your own risk.


People can hover over links and look for the name of the website (URL) on your bottom left screen of your web page in your web browser.

People often read content in a hurry and behave like clicko-maniac, hitting anything they see.
Only the paranoid will survive like us ;)

Thanks @arcange for this issue, good job mate