Never give your password and double check on which website you really are!
I already warned you about several potential and confirmed scam attempts (see bottom of this post for a list of them). Here is a new one.
Description
Few hours ago, I got a notification from my mentions monitoring bot.
Immediatly, several suspect things triggered my attention :
- The mention was a in comment on a Chinese post. Strange … but why not ...
- The comment said “you can check MY article”, speaking about one of my stat post. I knew I had never written such a comment. Someone was impersonating me. Suspect!
- The real link was different from the link presented to the user … even more suspect
Clearly, something wrong was going on. Let’s go and see this comment on Steemit.com
My suspicion is confirmed, the real link is not displayed, except when you hover with your mouse on the displayed link. Fortunately, Steemit inc. has added an indicator next to each link that will bring you away from steemit.com website.
Let’s now go and see where the “hidden” link (bit.ly) will bring us
Ohh… We are on Steemit on my post …
But then, why use an URL shortener like bit.ly to reference another post from Steemit in a comment.
Looking closer at the whole picture, I noticed something else very strange …
I’m no more logged in on Steemit.
That looked really weird to me and I started to inspect things very closely. To be honest, it took me a few seconds to find the trick:
I was no more on sTeemit.com, but on sLeemit.com
Gotcha, someone is trying to steal credentials by pushing users to relog on a fake Steemit website.
All signals turned to red: this is clearly a phishing attempt!
What is Phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
source: Wikipedia
The sleemit.com is a perfect copy of steemit.com and works like it. They both looks exactly the same and the risk is that a less paranoid user than me might think "oh … i’m logged out … let’s login back" and he would provide its credentials to the malicious website.
Preventive action activated
I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.
If you find similiar pishing attemps, contact me on steem.chat
To protect yourself, you can:
- always double check before clicking on a link, especially if this links take you away from steemit.com.
- verify the reputation of people writing comments on your posts. A user with a low reputation shoud trigger you attention.
Previous threat alerts
If you missed them, please find here the previous alerts I published:
- Scam alert and white hat counter-strike
- Phishing exploit has been stopped - Scammers thwarted!
- Potential scammer reported- @jones420
- Fake Steemit website try to steal your password!
- Phishing attack to steal your active key
- Potential scammer reported - @minnowpond
- Scammer reported - @russiann
- Scammer reported - @steemitrobot
- Scammer reported - @tripadvisor.com
- Scammer reported - @harquick
- Scammer reported - @gtg.witnesses
reminder
A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:
Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!
Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.
Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.
Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!
4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.
Spread the words, resteem this post to your friends, and you will make the platform safer.
Thanks for reading!
If you notice any new suspect activity like the one described above, drop a comment on this post, contact me on steem.chat or via Telegram (@The_Arcange)
That is why it is so important ALWAYS to log-in with posting password.
Be careful when using other steem passwords
I was a victim last week of scammers through a fake @dtube Google Playstore App. It really looks like DTube so I gave my password which is a huge mistake because they took away all of my earnings. I wrote a post about the aftermath here. Now I am saving up again what I loss and I think it will take me months to earn them again. I feel really traumatized and I hope no one goes through what I had gone through. Thank you for the warning @arcange.
That damn app got me too
I've made a link on my blog to this article for you @arcange - GREAT CATCH
Thanks!
Some of my teammates from @steemitachievers have been victims of phising and this is worth resteeming. Spreading the word!!
Thank you
Photon torpedoes full spread.
A really important post. Resteamed! Keep doing this kind of informing the new people in steemit (Y)
Thank you
Thanks @arcange
Come on peoples lets Resteem this Scam Alert to the COMMUNITY
Keep STEEM N ON,
Frank
Resteem...
https://steemit.com/promoted/scam
Thanks for sharing steemit is very nice
I like Rule Number 4!
Thanks for posting this. I resteemed it so my Followers can be aware of this also.
Thank you so much for sharing, sir.
If the smallest details is not scrutinized, the account will end up to the scammer! Phishing really is dangerous!
We need to be very watch full this is becoming unbearable. A lot of those scammers out there, we just need to be observant @arcange thanks for this info
thanks for your sharing
very nice post great information
thanks @arcange has reminded us about keywords, and your posts are full of lessons.
Thank you for sharing this! I may be too careless sometimes when it comes to stuff like this, so I appreciate you sharing this with us
Thanks for this post, I am sure it will help many people!
This days i avoid clicking on any link dropped as a comment on my blog, because i have 2 friends who fell victim of this phishing sites.
Its better to be safe than sorry.
Thanks for this information @arcange
I fully agree with you, @phunke
My account was hacked.
I found my account again
Do not comment on my comment as a hacked account
Hello @vhxmflrn
I'm glad to read you recovered your account.
I removed your account from my WarningBot blacklist.
Take care!
@arcange
My account was hacked.
I found my account again.
Do not mention my comment as a hacked account
Good job. Thanks for the info. Resteemed
I always investigate suspicious links and expose them. As time goes this will be mass on Steemit but people will learn and scammers must give up.
Something similar happened to me last week and I got a big scare ... the it is very unpleasant, but the luck is that I was able to recover my account in a few hours. Thank you for sharing this information.
My brother almost became a victim. Good thing he is discreet enough not to open it. Then yesterday, I received such comment. I copied the link. I opened it on an incognito tab to be completely sure and I was right.
Dear @arcange,
Thanks for your kind information. Actually every working platform has some Wicked Fellow, who wants to success in negative mind. We need to catch them and punished. I request steemit authority to find the badman and punished him.
Thank by,
@noor.money
This is really scary. Didn't realize there's a lot of these lazy ass hackers on steemit now. I'm glad I stumbled on your post @arcangen.
My 1st account was hacked more than a week ago & it lives me no choice at the end but to start making a new one.
Voted & resteemed👍🏻
There's a typo:
If you find similiar pishing attemps, contact me on steem.chat
Sleemit is Sleezy in Stealing it seems. Thanks for sharing the scam so we can know not to go to bad places that steal and stuff. Good advice to look at the URL in your web browser found in the bottom left side of the screen of the Firefox web browser and most most browsers as you hover over a link which you can and should be able to see as you hover over a link before you even click on a link. I make it a habit to check before clicking on things and before logging into things as well. Maybe tougher if you are a phone that is if the phone does not always show you the URL of where it may take you at times. I am mostly on my laptop and do not rely too much on phones for browsing and everything online.
Good to inform everyone, we can probably expect more attempts like this.
We need to keep vigilant.
Please check out my post: https://busy.org/@rmz/be-careful-when-using-steemconnect-call-to-busy-org-for-necessary-changes.
While maybe not as big a risk as a phishing site, everything using SteemConnect also poses a potential risk.
Your article is featured in @Yehey Daily Curation for additional mention and exposure to the world.
This post has received a 100% up vote from @Acknowledgement. Sponsored by @Yehey.
WARNING - The message you received from @hefziba is a CONFIRMED SCAM! DO NOT FOLLOW the instruction in the memo! For more information, read this post: https://steemit.com/steemit/@arcange/phishing-site-reported-sleemit-com
This post has received a 3.13 % upvote from @drotto thanks to: @arcange.
The Golden Cobra has struck!
Bite Strength: 14.00% | Strike Speed: 64 Strikes/MS | Venom circulation period: 7 days
After 7 days.. The Golden Cobra's venom converts to SBD/SP! ;)
}} Hit placed by: @arcange {{
Send 0.001-0.008 SBD/STEEM + url->memo to @thegoldencobra for an upvote! :)
Service released: 3/2/18 - Give us a chance! :)
Check out the benefits of delegating/using the bot! :)
A simple upvote on this comment, will also help the bot grow! Consider it! :)
My brother @prkznm and me already infromed you about his stolen account. We saved his account thanks to steemit support. Masterkey renew mail came today and we got new password. Why do we see this message in his every transaction ?
WARNING - The message you received from @prkznm is a CONFIRMED SCAM! DO NOT FOLLOW the instruction in the memo! For more information, read this post: https://steemit.com/steemit/@arcange/phishing-site-reported-sleemit-com
Please delete him from balcklist.
You brother's account has been removed from the WarningBot blacklist.
Thank you.
Its really very scary... all your hard work will suddenly diminish with just one snap if you will not be careful.
Thank you very much sir @arcange
Thank you for your work!
Someone just posted a link with steemit in the title on my page and I guess your bot came and flagged me when I responded by asking about the sleemit url lol