Quick Tip #3: Always Use Your PRIVATE POSTING KEY To Log In!!
Don’t fall victim of one of the many phishing scams. There’s an easy way to protect your account
Phishing Scams
These last couple of weeks, SteemIt is under heavy attack. Phishers are using numerous ways to trick you into giving them your account credentials. Once they have those, they take over your account, steal your money and use your account to spread more of their phishing messages.
The phishing attack takes many forms: sometimes the phishing link is sent to your wallet, telling you you’ve won a prize. Scammers also imitate known comments (like the Grumpy Cat comments) to spread their phishing links.
Once you click one of those phishing links, you are redirected to a site that looks like a legit SteemIt website and you are asked to log in. Once you do so, you’re sent back to SteemIt again, so you don’t even know you’ve got hacked.
Believe me, I’ve had it happen to me two weeks ago. It was my own fault: I didn’t pay attention to the URL of the site I was redirected to and logged in using my master password.
Be Careful
You can’t afford not to pay attention to the links you click! Sometimes, a link LOOKS like a SteemIt link, but when you click it, it reveals its true personality: you end up on Steemil[dot]com or any other smartly chosen lookalike URL.
That’s the first important tip. You should make it a habit to double, no TRIPLE-check the URL before you log in.
Private Posting Key
This post is all about one thing, though:
ALWAYS USE YOUR PRIVATE POSTING KEY FOR DAILY LOGINS!!
I notice every day that people are still logging in with their master password.
This master password should be locked away safely!!
Here’s a little piece of important information that can be found in the FAQ:
When it happens that you make a mistake (which you shouldn’t) and log in to such a malicious site with your private posting key, the hackers will only be able to post from your account and your funds will be safe.
All you need to do to recover your account is log in with your owner key or master password and change your keys to lock them out.
Where to find your private posting key
You can find your private posting key by going to your wallet and clicking on the ‘Permissions tab.
At the top, you’ll see your public posting key. At the right side of your screen, you’ll notice a ‘Private’ button. Click it and your private posting key will appear, replacing your public posting key.
Click to enlarge
So please remember and spread the word: only use your PRIVATE POSTING KEY to log in!!!
In case it is too late and you got hacked already, please read my guide on how to recover your account and reputation score:
Got Hacked? Here's How To Get Your Account And Reputation Score Back!
If you come across anything suspicious, do not hesitate to report it to Steemcleaners here: https://steemcleaners.org/abuse-report/
SCAM ALERT
The website autosteem[dot]info is a known scam site.
Do NOT add your credentials to the FAKE Steemconnect form!!
Keep an eye out for the next edition of 'Quick Tip'
More Posts You Might Like
Quick Tip: How To Find Who Resteemed Your Post In 2 Simple Steps
@newbiegames 'Newbie Nickle' Game: 'Dare To Suck'! Play And Get A GUARANTEED Upvote!
Do You Have What It Takes? Does SteemIt?? (Some Random Thoughts)
📌 No More Bandwidth Issues!! Win A Delegation And Steem On!
Got Hacked? Here's How To Get Your Account And Reputation Score Back!
I'll Show You The One Thing You Need To Do To Never get Bitten By Cheetah Again!
Image Sources:
Manna banner taken from Mannabase.com
This post contains affiliate links to Bitsfarm and Mannabase. I will receive a compensation if you use these links to sign up
Reading through the comments, Yes a once a month reminder looks like it will be a very good thing.
Maybe even create a DBook with this info - lol
You got a 59.54% upvote from @emperorofnaps courtesy of @simplymike!
Want to promote your posts too? Send 0.05+ SBD or STEEM to @emperorofnaps to receive a share of a full upvote every 2.4 hours...Then go relax and take a nap!
Release the Kraken! You got a 24.66% upvote from @seakraken courtesy of @simplymike!
I'm glad you are well up on this now @simplymike and sharing the knowledge around 😁
Just yesterday I bumped into comments that proved that people were still not aware of this. I’m probably going to repeat this post every month - lol.
Or create a dbook on how to not get hacked :0)
Sounds like a plan to me!
Thx for the warning.
I must admit that I am also always using my master key.
Which key should we use when logging into steemconnect?
For transaction, you need to use your private active key.
Thx, will use it for now on!
The switch in URL is something that is very common and been used for almost as long as the internet has been around. I am amazed that these scams still work, but then I remember that not everyone has been dealing with them for years.
My rule of thumb is if I need to log into an account to retrieve a message or whatever reason I was sent there I go to my bookmarked login page to avoid bad links. You will run into scams trying to get into your Amazon account, ebay account, bank accounts, and so forth. They all rely on you following their link and not going directly to the site.
Sometimes it takes an extra couple seconds to do it the long way, but my accounts are safe.
I’ve been avoiding these things for years. Being limited to using my phone made me unexperienced again. But that shouldn’t be an excuse.
On my laptop, I also use the bookmark thing. And I learned to check for signs. Like for example Paypal will always start their emails with your name, not with ‘Dear customer’ or something like that...
I like to think I learned my lesson, I don’t check URL three times but 5 times. And when I’m asked to log in, I switch to my tablet, just to have a better view...
Mobil makes you a little more vulnerable for sure and yes it's a learning curve all over again. I used to do SEO and dealt with many black hat people who used to utilize links to do all sorts of things. Once I learned their shady tactics I learned that links just can't be trusted. It's actually probably safer today then it was 10 years ago as browsers are more secure, but still it's always a risk.
It is true, thank you for information!
This is the reason why I do not like busy.org as much as I could. As yet I did not find a way to login with my posting key. Only the active key works. It is very much better than the master key, though. :)
But still the active key gives hackers access to your funds...
Actually I might be misunderstanding the process. Reading the messages carefully, it seems that steemconnect needs my active key in order to grant my posting role to busy.org.
This is complicated. I would prefer simply to login using my posting key. That way I would know what I am doing. Or rather, I would feel like knowing what I do.
It is not a good thing if we get used to having "man in the middle" sites for the login. Just as you wrote: a login that seems quite usual and - bamm - the hacker got you.
I thought that if I use my posting let that I can not transfer sbd/Steem to another user. So why not use the active key? Cause I think I can do that using my active key.
You log in with your posting key. Whenevervyiu want to make a transaction, you will be asked for your active key. Which you can
Put in whenever necessary.
For example: logged in With your posting key and want to make a transfer, steemconnect will appear, asking for your private key. You can put it in then.
If you make a mistake and use your private active key for daily logins, hackers will have instant access to all your finances
To be honest I use my phone and I stay logged in with the first password I received. I probably need to change that, but this works very simple. And I like simple. At this moment there is not much to steal from me. 😀
It’s not that big of a hassle to change your password into your private posting key. just in case...
The password you are using is your master password. You should probably change that before to long and save it offline.
Active key is only for witness voting and wallet transfers.
Posting key is only for upvoting posts and comments and following people
memo key can only be used to read the encrypted wallet transfers
None of these 3 keys unlocks the other features.
Poeh, that makes it a bit difficult. Since my phone will only remember 1 password. And I only use my phone for Steemit. Any solutions here?
From my phone I can never read the wallet memos. Is that because I need to login with the memo key? Or is that just an issue with my browser?
Have you tried esteem as a mobile app? It lets me read my memos on the go.
You need the memo key to be able to read you memos.
You got a 33.33% upvote and resteem from @singing.beauty courtesy of @royaleagle. Thank you for using the @singing.beauty UPVOTE and RESTEEM bot.
If you are looking to earn a passive no hassle return on your Steem Power, delegate your SP to @singing.beauty by clicking on one of the ready to delegate links:
50SP | 100SP | 250SP | 500SP | 1000SP | 5000SP | Custom Amount
You will earn 80% of the voting bot's earnings based on your delegated SP's prorated share of the bot's SP pool at the end of EACH voting round! That is up to 38.5% APR! You can also undelegate at anytime.
Great post!
Thanks for tasting the eden!
I really feel dumb now. Cause I still don't know what a memo is?
the text in the picture above is a memo attached to a wallet transaction
I understand the importance of using posting key but didn't understand till now how exactly these attacks are taking action. So I have to look carefully to the url when I'm login. ...
Thank you very much <3 for sharing your experience!
Yes, always double-check to see if you’re on https://steemit.com or https://steemconnect.com
Some of these phishing sites have URL’s that look very similar. If you only glance at the URL, you could easily make a mistake