Thieves Stalk Steemit. Latest Attack On Honest Steemer. Spam Alert And Reminder On Safe Key Storage.
Right so here is an example of a stolen account being used even after the funds were cleaned out. I hope that the user @tinkledrops has her account restored soon as it is clear from a reputation of 61 it was hard worked for. I'll walk you guys through first the blinding speed in which the account details were stolen and then the joyride the dirt bag took the account on. This should serve as a reason as to why you should always keep your keys stored offline and only log in with your posting key. I hope this write up helps with the prevention of further attacks, so without further adieu lets follow the tracks of this thief:
(2017-10-21 10:01:18 UTC) @twinkledrops account details are changed:
(2017-10-21 10:05:24 UTC)
(2017-10-21 10:08:21 UTC)
That's in under 13 minutes the account was cleaned out.....Let that sink in. That's blinding speed and a great deal of hard earned Steem just gone in a flash. But this crook wasn't done there. So disguised as a Steemit auto function we all know the following write up was posted:
And the following bait was put into comments:
Now that ain't cheetah. I've been yelled at by cheetah and cheetah looks like this:
So what does the link look like on this impostor cheetoh? Take a look:
That's right. Good old third party phishing/hack crap has found it's way onto our dear Steemit yet again. However this jackass was far from done. Whoever it was took the account for a joyride after robbing the poor user. Attempts were made at trying to lure other hard working Steemers into it's click bait snares:
And what type of replies do you think this nefarious fellow was shooting out with this poor Steemers account? Well here's a shining example:
.......Bloody cheek. Right, so we all can only hope that the rightful @twinkledrop is soon restored to her account and manages to not let this experience ruin her continuing to Steem. In the mean time you guys remember to keep your keys safe. Only log in with your posting key. Never your master password! Keep all other keys stored offline. Never in your browser, email, or anywhere else but hard copied and locked/hidden away. Steemit has some wonderful people on it but there will always be dirt bags out to steal Steem so be cautious and spread the word. Frequently remind other Steemers as well to store their keys safely. Thanks for reading guys and I hope this write plays a role in prevention of a future attack. Steem on.
mute all bots.
that way they can't deceive you.
It is a bloody worry considering the huge amounts of money some invest in Steemit. Never thought of the muting bots angle though.
mute them and you can't see them when they try to scam you.
my rule of thumb is mute all bots.
Thank you for the information @mudcat36! I was hoping that Steemit would be a little less susceptible to scammers but guess human nature prevails everywhere! I will keep everything but posting key offline. I actually did not even know I had more than one key until recently...Thanks again:-)
Glad to help.
Hello @mudcat36, @arcange has a post about this issue, and has a warning post thing similar to the last wallet phishing scam. Scam alert fake Steemit website try to steal your password. at least one witness was awake, I wish there was one place to go and see what they are doing to fix all the steemit problems, if there is I certainly have not found it. But like @everittdmickey suggest, mute the bots when they come by, hat way you do not fall into scams or con's.
Thanks Bash. Found him and resteemed.
They need a new tag -- scamalert I think that would work.
Here here mate. Spam is helpful as a tag but we could do with more.
Thanks for the insight. Will keep my keys safe.
Thanks for the insight. Will keep my keys safe.
Yes I have seen this going on for awhile. With this one, a pop-up for login appears...People! If you are on steemit, you should never have to re-login.
If your avatar is up there in the corner...It's a scam.
This one is incideous! because then they use the stolen account to spread the scam. So there really isn't a bot per say.
Always think before entering your password.
Nice job @mudcat36. Get the word out. :)
Thanks Doc. I'm keeping a ready eye out for it. From travelling and living in Asia in my youth I have some basic familiarity with Putonghua and Korean languages and a little Russian so I'm watching those categories closely in the case I catch the scam popping its head up there. As usual, we have a great thing and thieving f****tards try to ruin it. It's incredibly frustrating.
There will always be someone trying to milk the system.
Thanks for looking out mudcat. Stay safe out there Steemit.