SCAM ALERT - Fake Steemit website try to steal your password!

in steemit •  11 months ago

A new scam is spreading on Steemit and try to steal your password using a website that looks like Steemit.

Scam description

Victims receive a notification from @cheetoh with the following comment:

The scammer use the avatar of @cheetah, the well known anti-plagiarism bot created by @anyx, and a name looking very similar to it.

The displayed URL is different than the underlying URL, which looks like:
http:/ /steemif.000webhostapp.com/@steve.uk

The underlying link in the comment is a poisoned link that will redirect you to a fake website looking like the original Steemit website

Notice the target website is not secured with an SSL certificate

The fake website will ask the victim to (re)log in using his password.

Note that the fake website shows where it is hosted.

The attack started 2017-10-20 16:09:00 and up to now, targeted 9 users:

@aishwarya, @skyleap, @me-tarzan, @terrybrock, @noxsoma, @scottybuckets, @karensuestudios, @elgeko and @honeydue

2 of them have already reported falling into the trap:

https://steemit.com/cn/@twinklesong/twinkledrop
https://steemit.com/steemit/@honeydue/help-password-scam

White Hat in action

The account @cheetoh has been put on the black list of my Warning-Bot and it will issue a warnings comment with a link to this post following, notifying users of the malicious activity of @cheetoh.

Previous scam alerts

https://steemit.com/steemit/@arcange/scam-alert-and-white-hat-counter-strike
https://steemit.com/steemit/@arcange/phishing-exploit-has-been-stopped-scammers-thwarted
https://steemit.com/steemit/@arcange/potential-scammer-reported

Thanks for reading!


footer created with steemitboard - click any award to see my board of honor

Support me and my work as a witness by voting for me here!


If you like this post, do not forget to upvote and resteem

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

The scammers are getting craftier by the day. If these guys put as much effort into legitimate enterprises as the do towards scams, they would probably be much better off financially.

·

This a very profound and nasty scam.

If the scammers posts a blog here on Steemit, then users could unknowingly be redirected to the scam website. If the blog where to contain the maleficent URL.

Especially when the Steemit website has sometimes connection issues, so it's not a strange thing to have to log in again.

·

If you're already Logged in and and a Link asks you to RE-Log in, that's a Heads up !

·
·

Yes, it becomes a good time to open a new window; clear your history; and for sake of peace, log in only after requested to, in the new window.

I hope that makes sense!

Peace.

·

Problem is they don't necessarily care.

·
·

True, but scams take effort and time to setup. I guess they don't care about wasting their time.

·

You could say the same about banksters and advertising companies.

tnx

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

we will see more of this kind of behaviour so we need to be careful

Thanks for the warning. Looks like they put a lot of time in to this one.

oh dear I'd better resteem this tomorrow
thank you for the info!

I'd say avoid using your active key and use the posting key always unless your trading :)))

thank you for the heads-up on this one
I tend to read fast, skipping over things, and I never would have noticed the 'cheetOh' versus the 'cheetAh' name

Dang it... I should have checked the link.

Notice the target website is not secured with an SSL certificate

That costs the faker the knowledge and about half an hour.

A SSl certificate does not tell you you are on the right website, just that you are on the website the certificate is for.

Thank you for your effort in putting a stop to this and bringing awareness! Upvoted and followed!

Could I suggest to the steemit people and the busy people to add a menu options "Scam" alert that could allow us to quickly pick up on news to be aware of!!!

·

Great idea!
🖖

Oh my GOD it's really dangerous,
Thanks dear @arcange
For this helpful information

Yes I was suspicious when they asked me to enter my password! Luckily I didn't fall for it! Thanks for the warning post.

Upvoted, for the warning and the help you are providing to the users. Resteemed because I want the people that follow me to be aware of the scam. I knew those Cheetohs were bad for you.

·

Thank you for your suppport!

Wow nice alert

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

Had problems with the login and my passwords that day acctually. It was error after error and in few minutes my account did not exist . I find it very strange. Did some of you have the similar problems with your account?

Thanks for watching out for us!!

Thank you for the warning, I'm careful!

Thank you very much for useful information
So not open such links

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

Yeah. My password was also stolen. Thank God now it's recovered...

Uthanks for the heads up.

Holy smokes!

Thanks for the heads up. These scammers are every where these days.

Good info....I want more this info posts .

great work you are doing for the community thankyou :)

Gracias por esta información tan importante, hay que estar pendiente de como son los ataques para saber evitarlos y dar alerta.

@arcange Everyone must be vigilant at all times and I thank you for being on top of these SCAMMERS..............

Ohhhh great! Now we have a chetoh robot! I hate it when oppoturnist people playing with attention!

thanks buddy

Notice the target website is not secured with an SSL certificate

That costs the faker the knowledge and about half an hour.

A SSl certificate does not tell you you are on the right website, just that you are on the website the certificate is for.

Thank you very much!
I ignored it as I thought it was doubtful.
I have no problem.
Thank you again.
Resteemed

Notice the target website is not secured with an SSL certificate

That costs the faker the knowledge and about half an hour.

A SSl certificate does not tell you you are on the right website, just that you are on the website the certificate is for.

It's really frustrating seeing these sort of scams pop up, and of course it's even easier for them right when steemit.com itself is having sporadic outages and downtime and we keep getting posts saying - use this domain as alternative, of course quite often they are legit but it's so easy again for someone to drop a clone site url that's going to absorb your account details. Personally I'm sticking with steemit.com - last pass knows my far too secure to remember password for it so autofills it - any other site it won't auto fill for and I won't manually enter it.

wow thanks for the heads up and for setting up your alets to let people know!

·

Thanks for letting us know

It's really frustrating seeing these sort of scams pop up, and of course it's even easier for them right when steemit.com itself is having sporadic outages and downtime and we keep getting posts saying - use this domain as alternative, of course quite often they are legit but it's so easy again for someone to drop a clone site url that's going to absorb your account details. Personally I'm sticking with steemit.com - last pass knows my far too secure to remember password for it so autofills it - any other site it won't auto fill for and I won't manually enter it.

Thank you for the heads up!

'bots are evil.

·

This has nothing to do with bots. And as you see, a warning bot can be useful.

·
·

destroy all bots..

Thanks for the warning! 

Thanks again for the heads up. So far I have not fallen victim to a scam like this. Best advice is to double check the url when clicking through to anything. If even a small part of your brain wants to hesitate or is uncomfortable with following some internet advice or call to action, you'd better listen to it.

~Joe
@joe.nobel

Thank you very much for letting us know
I will gladly resteem your post to let more people know about it
Have a lovely time Steeming

Thanks, useful information!

·

@cheetoh doesn't like this post. ))

·
·

Very nice to see advice in time. I'll be more alert now, though I don't have that much to worry to lose.

When using the Steem blockchain, you should only use websites that use encrypted traffic ( with image like this).

Because without this security measure, your keys could be leaked by WIFI sniffing.

Thanks for the alert! we all should stay aware of scams like this one.

Thank you very much! We are very grateful to your excellent work!

Cheers.

Sharing to others! Thank You!

5e6a80514fa0e0f9db6332dba1a5df2c.jpg

thanks for the warning!

Thanks for the alert and helping to protect steemeans. Following, upvoted and resteemed. Have a nice day.

Cordial thanks for the warning!

Oh boy !

I caught this and made a post about it yesterday, But you have a bigger audience and I'm glad you posted this. Thanks for getting the word out Arcange !!

Thanks for the heads up

Informative article be aware scams as they totally waste your productivity

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

Scary stuff.
Psychopaths are everywhere.

Thank you so much for the heads up!

I never click on links from bots/spam accounts for this reason. All it takes you to is malware, adware etc

Congratulations @arcange! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published 4 posts in one day

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

fantastic , you are the one- who destroyed the bad plans of stealers.
and create awareness among people through steemit.com
:)
upvoted and resteem

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

The site has been taken down. Here is how.

·

Thanks. Reading this on busy.org; your link took me back to steemit.com -- I can report that the site issues are still present, got an error upvoting and my comment "didn't post" but then when I refreshed the page, my comment was both posted, and also in draft...

I just realize the importance of don't being quick to click, and most of all to check the user and reputation!! :O

I found another account to add to your list and before I found this post had posted a write up covering this exact topic. Definitely glad you caught it and are getting the word out. Upvoted and certainly resteemed sir. The account I found was @twinkledrops. The hacker was still active up to 10 hours ago but moved on. They were communicating with other users putting poisoned links in the in comments inviting other users to engage it. Caution is the watch word.

I found another name of a 61 compromised account and did a write up on it before finding your write up. You have my upvote and resteem and thank you for spreading the word. The account to add to the list is @twinkledrop. Hopefully the rightful owner and their hard earned credibility are restored soon. Thank you again and Steem on.

Thanks for sharing

stay vigilant folks!

Thank you for the warning, I'm sure will fall into this trap had I received a comment from the scammer.

Thanks for the information!!

Thank you for this information - I just cannot understand that there are always people that want to harm other people.

Thanks for the heads up on this threat.

This a very profound and nasty scam.

If the scammers posts a blog here on Steemit, then users could unknowingly be redirected to the scam website. If the blog where to contain the maleficent URL.

Especially when the Steemit website has sometimes connection issues, so it's not a strange thing to have to log in again

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

Fantastic!!!

supper bro.....your post is always the best.....

Great heads up and thanks for listing previous scams...........

Now I know what to look out for

I hate people that do this kind of garbage. Thank you for letting everyone know of this phishing scam.

·

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

This is very helpful since I'm new in steemit. Noted @arcange, and thanks!

Thanks for the info, regards Gez.

Thanks for the warning!

Thanks for the heads up. As a n00b, I might have fallen for it.

cheetohs get taht yumy orenge powder on my fingrs, mmhmmm.

Bossman thanks... I am in recharge mode... So I promoted :)

Stay awesome!

Bossman thanks... I am in recharge mode... So I promoted :)

Stay awesome!

Bossman thanks... I am in recharge mode... So I promoted and gave my witness vote:)

Stay awesome!

Don't fall for scams, invest in scams and actually make money with @arbokinvestments:-)

good post.it is very helpful for our all steemit users.thans for share with us .good luck .

good post.it is very helpful for our all steemit users.thans for share with us .good luck .

ffs it's so easy to fall for this when you're tired etc.

the website is down as i see right now

Well done and always good looking out bro. Be well..

Wawooo its great great 😱information
Some one use fake steemit. Last litter chane like(steemif)
If any body cant see carefully he loss account.
Great job
👏 clap 👏 👏 👏 👏 👏 👏 👏 👏

Thanks for the warning, I will be on guard!!👊🏽😋

Everyone should go there and use the password "GetALife" give him a little DOS action.
Thanks for the heads up.

Wawooo its great great 😱information
Some one use fake steemit. Last litter chane like(steemif)
If any body cant see carefully he loss account.
Great job
👏 clap 👏 👏 👏 👏 👏 👏 👏 👏

Oh no, I hope i didn't fall for that. Being new to this, I may have. I must check, but what do I look for? What if I did? @arcange @mudcat36

Eesh, thanks for the heads up!!!

Eesh, thanks for the heads up!!!

Do you know why comments are either taking for-ever to load, or sometimes glitching out and not posting?

Thank you for the warning.I have seen that scam post today. UPVOTED YOU...PLEASE UPVOTE ME