The scheme varies a bit... but not much, their technique is always the same. Convince the user to go to some other site - most times a clone of SteemIt.com - and then ask users to login with their Steem Account.

It's a pity that many users keep falling for this trap. Well, but at least, now the scammers will have a little more trouble replicating all the messages, since they will exhaust their RC very fast.