Another Phishing Episode has unfolded in the ever unending Steem Scammer Reality Show!!

Hey Steemians!

So I was Steeming along and I noticed an odd memo attached to a 0.001 SBD transaction.

Hmm.. weird. Because I know @gtg uses his own account as witness and I wasn't aware of him using an alt-account. I brushed it off asides first of course (I keep telling myself I'm a busy man). Until @isacoin Private messaged me on Discord about this scam, warning me against falling for it.

That of course, caught my interest. So naturally i took another look and trying to head to the phishing site.

Wohoo!! 11SBD!! what a catch! Thanks @gtg! except

1. why not send it directly to me?
2. what's the catch?

So by now, if you all hadn't picked up on it. Someone is trying to Phish for my password. Phishing means a scammer/hacker creating a website that looks like one that the victim frequents in hopes of getting the victim to fill in their passwords. Let's play along then....

Lets have fun!

Clicking on the "Claim" button leads me to this..

Ahh, the hook, line and sinker. This bugger is trying to scam victims by phishing the Steemconnect plugin. smart. Now, there's a lesson here. ALWAYS LOOK AT THE URL!!

you'd noticed its out of whack and you are in fact not looking at a real Steemconnect tool.

Of course I typed my "password" into it. To be honest well I'd sound like a 12 year old Call Of Duty boy if he reads what i put on there. Then for kicks i took a joyride at his beautifully designed website for fun. I should say, Cmon guys at @steemit! you can learn from this guy at making steem.io look better!!! The current steem.io looks so ugly compared to this gem here made probably by a smelly bearded hobo in the middle of a dessert.

Security Matters guys, because the scammer is running the system, it means "they" have very high standards. whatever that means

So the account used to operate this scam is @gtg.witneses, another one to mute i guess. But I have one question i'd like to know the answers to.

I find it disconcerting. from the blockchain we see that this smelly bearded hobo used the Steemit account sign up mechanism to get himself a free account (from looking at the recovery account). And Steemit is delegating this account with the needed SP for bandwidth to run his spam. I dont know if it is possible but should the awesome peeps at @steemit pull out the delegation and maybe.... "recover" the account?

I mean Steemit shouldnt even have made it possible for accounts like these to go through right? That's the use of the verification right? Steemit requiring phone number and email? from what i know the account creation was done manually right by the people at steemit right?

Follow Up

So what should we take away from this whole hooha? Well, theres yet another attempt at mass phishing. A quick glance and i saw that this guy is targeting mostly witness voters of @gtg and accounts that are not minnows. So, mute!

And, as always. CHECK THE URL!! If it looks fishy, that's cause it's Phishy. And always, use your common sense and logic. I know common sense isn't common so maybe just trust the PSAs and not be too greedy?

Also, If it is even possible. something should be done to undelegate the 15SP given to this bugger to spam the network. I dont know how.. I dont know if it's worth it. But just pointing out. The current sign up process has shown one of it's many flaws yet again..

Kristian Kho [Ian] is a 24 year old freelancer with a passion for steem and a deep desire to be a better person in every aspect. I aim to express any and all my thoughts on things that I find interesting as well as using this platform as a self-development log.

I am a part of #Teammalaysia, a decentralized community initiative that aims to empower local creatives and content creators specifically in Malaysia to create content through the Steem Blockchain.

If you want to stalk me, check out my other social media accounts too!