SCAM ALERT - Fake Steemit website try to steal your password!

in #steemit7 years ago (edited)

A new scam is spreading on Steemit and try to steal your password using a website that looks like Steemit.

Scam description

Victims receive a notification from @cheetoh with the following comment:

The scammer use the avatar of @cheetah, the well known anti-plagiarism bot created by @anyx, and a name looking very similar to it.

The displayed URL is different than the underlying URL, which looks like:
http:/ /steemif.000webhostapp.com/@steve.uk

The underlying link in the comment is a poisoned link that will redirect you to a fake website looking like the original Steemit website

Notice the target website is not secured with an SSL certificate

The fake website will ask the victim to (re)log in using his password.

Note that the fake website shows where it is hosted.

The attack started 2017-10-20 16:09:00 and up to now, targeted 9 users:

@aishwarya, @skyleap, @me-tarzan, @terrybrock, @noxsoma, @scottybuckets, @karensuestudios, @elgeko and @honeydue

2 of them have already reported falling into the trap:

https://steemit.com/cn/@twinklesong/twinkledrop
https://steemit.com/steemit/@honeydue/help-password-scam

White Hat in action

The account @cheetoh has been put on the black list of my Warning-Bot and it will issue a warnings comment with a link to this post following, notifying users of the malicious activity of @cheetoh.

Previous scam alerts

https://steemit.com/steemit/@arcange/scam-alert-and-white-hat-counter-strike
https://steemit.com/steemit/@arcange/phishing-exploit-has-been-stopped-scammers-thwarted
https://steemit.com/steemit/@arcange/potential-scammer-reported

Thanks for reading!


footer created with steemitboard - click any award to see my board of honor

Support me and my work as a witness by voting for me here!


If you like this post, do not forget to upvote and resteem

Sort:  
There are 3 pages
Pages

The scammers are getting craftier by the day. If these guys put as much effort into legitimate enterprises as the do towards scams, they would probably be much better off financially.

This a very profound and nasty scam.

If the scammers posts a blog here on Steemit, then users could unknowingly be redirected to the scam website. If the blog where to contain the maleficent URL.

Especially when the Steemit website has sometimes connection issues, so it's not a strange thing to have to log in again.

If you're already Logged in and and a Link asks you to RE-Log in, that's a Heads up !

Yes, it becomes a good time to open a new window; clear your history; and for sake of peace, log in only after requested to, in the new window.

I hope that makes sense!

Peace.

Problem is they don't necessarily care.

True, but scams take effort and time to setup. I guess they don't care about wasting their time.

You could say the same about banksters and advertising companies.

tnx

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

we will see more of this kind of behaviour so we need to be careful

Thanks for the warning. Looks like they put a lot of time in to this one.

oh dear I'd better resteem this tomorrow
thank you for the info!

I'd say avoid using your active key and use the posting key always unless your trading :)))

thank you for the heads-up on this one
I tend to read fast, skipping over things, and I never would have noticed the 'cheetOh' versus the 'cheetAh' name

Dang it... I should have checked the link.

Notice the target website is not secured with an SSL certificate

That costs the faker the knowledge and about half an hour.

A SSl certificate does not tell you you are on the right website, just that you are on the website the certificate is for.

Thank you for your effort in putting a stop to this and bringing awareness! Upvoted and followed!

Could I suggest to the steemit people and the busy people to add a menu options "Scam" alert that could allow us to quickly pick up on news to be aware of!!!

Great idea!
🖖

Oh my GOD it's really dangerous,
Thanks dear @arcange
For this helpful information

Yes I was suspicious when they asked me to enter my password! Luckily I didn't fall for it! Thanks for the warning post.

Upvoted, for the warning and the help you are providing to the users. Resteemed because I want the people that follow me to be aware of the scam. I knew those Cheetohs were bad for you.

Thank you for your suppport!

Wow nice alert

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

@arcange Everyone must be vigilant at all times and I thank you for being on top of these SCAMMERS..............

When using the Steem blockchain, you should only use websites that use encrypted traffic ( with image like this).

Because without this security measure, your keys could be leaked by WIFI sniffing.

Thanks, useful information!

@cheetoh doesn't like this post. ))

I caught this and made a post about it yesterday, But you have a bigger audience and I'm glad you posted this. Thanks for getting the word out Arcange !!

fantastic , you are the one- who destroyed the bad plans of stealers.
and create awareness among people through steemit.com
:)
upvoted and resteem

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

Now I know what to look out for

Thank you for the warning.I have seen that scam post today. UPVOTED YOU...PLEASE UPVOTE ME

Wawooo its great great 😱information
Some one use fake steemit. Last litter chane like(steemif)
If any body cant see carefully he loss account.
Great job
👏 clap 👏 👏 👏 👏 👏 👏 👏 👏

Wawooo its great great 😱information
Some one use fake steemit. Last litter chane like(steemif)
If any body cant see carefully he loss account.
Great job
👏 clap 👏 👏 👏 👏 👏 👏 👏 👏

Thank you for the heads up!

Very nice to see advice in time. I'll be more alert now, though I don't have that much to worry to lose.

Thanks for the alert! we all should stay aware of scams like this one.

Thank you very much! We are very grateful to your excellent work!

Cheers.

stay vigilant folks!

Fantastic!!!

Had problems with the login and my passwords that day acctually. It was error after error and in few minutes my account did not exist . I find it very strange. Did some of you have the similar problems with your account?

Thanks for watching out for us!!

Thank you for the warning, I'm careful!

Thank you very much for useful information
So not open such links

Your profile picture is not uploaded. If you want to upload profile picture then see my post https://steemit.com/steemit/@tusharvasave/how-to-set-and-upload-profile-picture-and-cover-image-on-steemit

resteem this post and follow, upvote me to reach more people to this post. This post is helpful for new steemit member. Thanks.

Yeah. My password was also stolen. Thank God now it's recovered...

Uthanks for the heads up.

Holy smokes!

Good info....I want more this info posts .

great work you are doing for the community thankyou :)

Gracias por esta información tan importante, hay que estar pendiente de como son los ataques para saber evitarlos y dar alerta.

Ohhhh great! Now we have a chetoh robot! I hate it when oppoturnist people playing with attention!

thanks buddy

Notice the target website is not secured with an SSL certificate

That costs the faker the knowledge and about half an hour.

A SSl certificate does not tell you you are on the right website, just that you are on the website the certificate is for.

Thank you very much!
I ignored it as I thought it was doubtful.
I have no problem.
Thank you again.
Resteemed

Notice the target website is not secured with an SSL certificate

That costs the faker the knowledge and about half an hour.

A SSl certificate does not tell you you are on the right website, just that you are on the website the certificate is for.

It's really frustrating seeing these sort of scams pop up, and of course it's even easier for them right when steemit.com itself is having sporadic outages and downtime and we keep getting posts saying - use this domain as alternative, of course quite often they are legit but it's so easy again for someone to drop a clone site url that's going to absorb your account details. Personally I'm sticking with steemit.com - last pass knows my far too secure to remember password for it so autofills it - any other site it won't auto fill for and I won't manually enter it.

There are 3 pages
Pages