PSA: Really good phishing attempts ongoing, be extra careful where you enter your keys!steemCreated with Sketch.

in #steem7 years ago (edited)

Hey there,

A quick warning to all steem users. There are some well-made phishing attempts going on who try to get you password. If you entered your password in a phishing site, please immediately change it at https://steemit.com/change_password !!! (this deserves three !!!)

One example of a phishing attempt is this post (I only provide screenshots and no links so users don't attempt to click them):

This user tries to get you to click on a link. Under it is a lot of intentionally blanc space to give you the feeling of a paywall. If you click the link you get to (Translation: not safe (no https, a first indicator that something is wrong) and not steemit.com as the url):

It now shows you a fake screenshot of the same article and a fake login box. If you enter your password here, the scammer succeeded. To iterate again: If you entered your password in a phishing site, please immediately change it at https://steemit.com/change_password !!! (this deserves three !!!)

I flagged this specific post and will flag all other attempts of this sort that I know of. Please always check the browser url before you enter your keys and use your brain. If something seems off even by a small bit, stop and think for a second. If you notice something new or something weird, go through this checklist:

  • Is the url steemit.com?
  • Is is a https site?
    • If you can, verify that the certificate is valid:
  • use a bookmark to steemit.com to be extra safe
  • never click on links from email or inside posts
  • if you are unsure, ask others to have a second look. You can always ping me on https://steemit.chat/direct/reggaemuffin if you think something is off

How to change your password:

Click on this link in the sidebar. Make sure it really is this url:

Enter your username and your old password. Then click on Generate Password and save it somewhere safe. reenter your password and check the disclaimers. Then click on Update Password.

If done fast enough this will lock out all scammers from your account. Be sure to not fall for them next time. If you use services like Steemvoter, remember that your keys changed and you have to give them your new key, if you want to continue using their service.


I am watching the comments under this post, so if you have something to add to this list, please leave your suggestion.


To support me, vote for @reggaemuffin as a witness:

Go to the witness page https://steemit.com/~witnesses
Scroll down and enter reggaemuffin in the box:

Click on Vote
Thank you for supporting me :)


-My original witness post-


https://steemit.com/witness-category/@reggaemuffin/witness-reggaemuffin



Sort:  

Dear @reggaemuffin and all dear Steemit users!
I firstly apologize for being so stupid to click on this post, but the title seemed interesting...
I gave my posting key, because the pop up window looked the same as if I was logged out of Steemit.

And then the nightmare started....

Someone posted the same viral post in my name three times and started making upvotes. I immediately wanted to warn others not to fall into the same trap and tried to post a comment under the original post, but this has been deleted.

Then I changed my password and tried to delete the spammer posts somehow, but I could not succeed. I could delete the content, but the first tag remained (bitcoin, cn etc.), I could not change it to "spam".

And I got receiving downvotes and all the bad replies on what a monster I am for posting such a shit.

I was really shocked, I felt embarrassed and puzzled, I really did not know what to do. I tried to post and ask for help, but @cheetah immediately commented on me and said I was a spammer, and ID-thief.

It was so miserable.

Finally I managed to get in touch with @patrice on steemit chat, and I received a wonderful assistance. Thanks again for it! I was cleared from the black list and finally the great darkness around me started to dissolve.

I would like to thank everybody in this community for helping me in the recovery. Now it seems that things are getting back to normal.

And I have learned a huge lesson: look at least twice before you type your key and click on anything suspicious.

BEWARE OF "WELL-SOUNDING" POST TITLES posted in popular tag categories.

PS: I hate people who use their creative energies to hurt others....

I am glad that you are safe now!

We had to flag your posts so other users don't fall into the trap. I gave this comment a big upvote, so your account should not have lost anything from the flags it received.

Pushing this to the top of this post so others can read as well :)

Thank you very much I really appreciate your help!
I learnt my lesson I think... Hope others will learn from my mistake too. :-)

Voted on you as a witness! :-)

Thank you for your support!

They're not worth your hate.

You are right :-)

These scamming attempts work because they make it look like the original site and only a moment of paying less attention is enough to get the nightmare started. :/ Thankfully you got everything fixed. If these phishing douches will do the same here they do everywhere else, then the next steps will be photoshopped positive comments glorifying the article and fake emails. "Enroll in the monthly Steem giveaway! Win up to 1000 Steem!" OR! Using someone's name+picture for an article to deceive their followers. Slightly changing the name, sometimes it's really difficult to see the difference.
Check this: ksoIymosi with a capitalized "i" as the 4th letter. and then the original, ksolymosi.
ksoIymosi vs ksolymosi.

OMG, that is almost impossible to notice...
I hope you won't be right, but I am afraid that these bastards won't stop here...

Capitalization doesn't work for names though.

Wow! That’s crazy!

my reputation is just a bit higher then yours but my upvote should not give much in the way of money but might give you just the little rep bump...
and you are right, it is sad that people use their creative energy for stuff like this...

You are very kind, thanks a lot!

The burnt hand teaches best... sadly. Glad to hear you are more wary now.

You are right! Thanks!

Good for you in your persistence and efforts. Good for us that you posted your work about getting back to the fold. Inspirational thank you. Good things can happen in very odd ways

Thanks a lot!

Changing passwords is something most people put on their need to do list ASAP, and before long, they’ve started perusing articles and it never gets done.

Others are wise and disciplined and change their passwords frequently.

I am 99.9% sure I ‘fell’ for one of these scams in the past week or so.

I’m probably just over paranoid after learning about this; but, without logging out, I got a requirement to log in on attempting to read a post.

In my ‘haste’ to read the article, I re-logged in.

Now, of course, this is probably my imagination. And wisdom, said then, and roars even louder now,

Change Password.

Thanks for being the patient example to the benefit of the rest of the community.

Peace.

Vote #1 Reggaemuffin for witness - let's get him in the top 20 folks!

more effort goes into scamming people than actually writing good posts at this point

Nice post on creating awareness!

I wrote a post here on how to protect yourself on phishing websites.
https://steemit.com/cryptocurrency/@dwongch/crypto-security-aaa-protect-yourself-and-others

Stay safe!

Saddens me to see how much creativity and effort is put into creating new ways of screwing others over. A cost both to those who gets F*&/ed and an opportunity cost generally...

Great to see that the community picks this up quickly and shares it to prevent further damages. Cheers for sharing.

Nice share and good information for me and the others

Wow. Danke für die wichtige Information. Ich glaube wirklich, je populärer Steemit wird, umso heftiger werden die Attacken auf die Accounts der User. Mann kann vor allem die Passwortsicherheit nicht oft genug betonen.

@reggaemuffin WHAT IS UP BOSS !!?? ITS THE BIGFOOT WEEDZARD @nejc1107 HERE !

Bro just wanned to say that i come across here just becouse your DOPE COOL NAME !! haha ur the man :) i will follow u up :) so we can keep in touch !

All the best brooooo ! :D

Here is the missing piece we spkoke about @reggaemuffin
i made a little background history Post about it

So what happened to that skolymosi? Did he get banned? IP blacklisted?

Kicked out and never welcome again?

As soon as the account is recovered and the account owner contacts me I will remove them from the @cheetah blacklist after I confirm they have secured their account and they understand how it happened. This is just a temporary measure to help stop others from getting scammed.

hey @patrice you're doing much needed hard and good work, but could I have 2 minutes of your time at steemit.chat or discord?

Sure. Either one.

It can be that this as one of the scammed accounts, as the scam is spreading with each victim. @patrice is currently working with @cheetah to hide such posts while the accounts get recovered.

I get it. Once your account is hacked, your blog will function as bait for others.

Go Team Cleaners!!

If you notice any new phishing posts that are not hidden, please mention @patrice and @reggaemuffin so we can react :)

how many times are we allowed to change password in a year or the whole Steemit life?

Infinite times. There is no limit to it.

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.034
BTC 98129.50
ETH 3322.67
USDT 1.00
SBD 3.05