A new scam is spreading on Steemit and try to steal your private information to get your funds.
Victims receive a transfer of 0.001 SDB from the account @steemitsecurity with the following memo:
The memo use an email address and advises you to mail it for further instructions.
If you reply to the email (something you should NOT do), the scammer sent you back the following email:
Thank you for contacting us.
We have concerns regarding the safety of your account. We have detected suspicious activity with your account (e.g logins from very different locations) and therefore have reason to believe that your account may have been compromised. To ensure that this account still belongs to its original owner, please abide to the following instructions:
Please provide us with the e-mail that was used to create your steemit account. This is required for standard owner verification.
Additionally to the e-mail used to create the account, we also require that you reply to this message with your private active key (starting with "5") to verify the ownership of this account. ( NOTE: this is not your owner key. You should never give out your owner key to anyone. Whoever is in possession of the owner key has full control over the account and its funds. )
Make sure you do NOT change any of your keys until after we have verified you as the rightful owner to this account. If you do change any, we will not be able to verify you as the rightful owner of your account.
If you do not respond or can not provide us with the correct information, limitations to the account may be enforced depending on what information you aren't able to provide.
The Steemit Team
This email looks official and is an attempt to steal security information from you in order to get control of your account and funds.
The attack started 2017-10-23 13:56:12 UTC time and already targeted 52 users.
White Hat reaction
The account @steemitsecurity has been put on the black list of my Warning-Bot.
The bot will issue a warnings message to all the victims using their wallet. The memo of the transfer done by the bot will link to this post, notifying users of the malicious activity of @steemitsecurity.
The bot will run 24x7 and can be easily updated to react to new attacks.
A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:
Rule 1: NEVER, I repeat, NEVER use or give your owner key!
Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.
Rule 3: NEVER give your active key as this key allows to control your funds! The only reason to use your active key is for special operations like money transfer or account update on trusted websites like steemit.com.
Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!
4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.
Spread the words, resteem this post to your friends, and you will make the platform safer.
Thanks for reading!