A new scam is spreading on Steemit and try to steal your password using a website that looks like Steemit.
Victims receive a notification from @cheetoh with the following comment:
The displayed URL is different than the underlying URL, which looks like:
The underlying link in the comment is a poisoned link that will redirect you to a fake website looking like the original Steemit website
Notice the target website is not secured with an SSL certificate
The fake website will ask the victim to (re)log in using his password.
Note that the fake website shows where it is hosted.
The attack started 2017-10-20 16:09:00 and up to now, targeted 9 users:
2 of them have already reported falling into the trap:
White Hat in action
Previous scam alerts
Thanks for reading!