Never give your password and double check on which website you really are!
I already warned you about several potential and confirmed scam attempts (see bottom of this post for a list of them). Here is a new one.
Few hours ago, I got a notification from my mentions monitoring bot.
Immediatly, several suspect things triggered my attention :
- The mention was a in comment on a Chinese post. Strange … but why not ...
- The comment said “you can check MY article”, speaking about one of my stat post. I knew I had never written such a comment. Someone was impersonating me. Suspect!
- The real link was different from the link presented to the user … even more suspect
Clearly, something wrong was going on. Let’s go and see this comment on Steemit.com
My suspicion is confirmed, the real link is not displayed, except when you hover with your mouse on the displayed link. Fortunately, Steemit inc. has added an indicator next to each link that will bring you away from steemit.com website.
Let’s now go and see where the “hidden” link (bit.ly) will bring us
Ohh… We are on Steemit on my post …
But then, why use an URL shortener like bit.ly to reference another post from Steemit in a comment.
Looking closer at the whole picture, I noticed something else very strange …
I’m no more logged in on Steemit.
That looked really weird to me and I started to inspect things very closely. To be honest, it took me a few seconds to find the trick:
I was no more on sTeemit.com, but on sLeemit.com
Gotcha, someone is trying to steal credentials by pushing users to relog on a fake Steemit website.
All signals turned to red: this is clearly a phishing attempt!
What is Phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
The sleemit.com is a perfect copy of steemit.com and works like it. They both looks exactly the same and the risk is that a less paranoid user than me might think "oh … i’m logged out … let’s login back" and he would provide its credentials to the malicious website.
Preventive action activated
I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.
If you find similiar pishing attemps, contact me on steem.chat
To protect yourself, you can:
- always double check before clicking on a link, especially if this links take you away from steemit.com.
- verify the reputation of people writing comments on your posts. A user with a low reputation shoud trigger you attention.
Previous threat alerts
If you missed them, please find here the previous alerts I published:
- Scam alert and white hat counter-strike
- Phishing exploit has been stopped - Scammers thwarted!
- Potential scammer reported- @jones420
- Fake Steemit website try to steal your password!
- Phishing attack to steal your active key
- Potential scammer reported - @minnowpond
- Scammer reported - @russiann
- Scammer reported - @steemitrobot
- Scammer reported - @tripadvisor.com
- Scammer reported - @harquick
- Scammer reported - @gtg.witnesses
A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:
Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!
Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.
Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.
Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!
4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.
Spread the words, resteem this post to your friends, and you will make the platform safer.
Thanks for reading!