As experienced IT security specialist this things always take my attention. When I see that someone try to break system I want to analyze in detail how and what is he doing.
After I read @denmarkguy 's post *** WARNING! *** New Steemit Phishing Scam -- Be Very Careful with Certain Comments, I decided to make more investigate on this case.
Warning! Take this serious and you should be very careful. Share it with others because someone could lost his Steemit account.
What is phishing?
There is no one who is not heard for this term. In short, phishing is way of stealing usernames, emails, passwords etc. with FAKE page (website) for which you think that is real.
Now, this guy leave comments like this:
What he do?
He uses markdown to try to fool Steemit users. As you know if we post link in our blog posts or in comments, we can make it with markdown like this:
[Title of link](Url of link)
He simply puts FAKE Steemit URL as 'Title of link' and phishing page in 'Url of link'. Than it just looks like real web URL but it's clever masked with Steemit url writed as 'Title of link'. So when someone click it redirects on page who ask for username and password from you.
Take a look at URL in address bar! Obliviously this is not Steemit!
If I leave my username and password here, and press Login button I will lost my account definitely, so be very careful!
How to defend?
Always, but always look at address bar and url of website you are on. If you find it suspicious leave it without any actions.
Hope this will help as educational and prevention tips for making Steemit community safer!