SCAM ALLERT: Phishing Attack Aimed To Get Your Passwords

runicar (72)in #steemit • 7 years ago (edited)

A couple of days ago I got an interesting message in my wallet by someone claiming to be @gtg (3rd witness on Steemit), that he is rewarding me for voting him as a witness.

It seemed really sketchy on so many levels. One of them being that I know that no witness will ever pay for your vote or reward you later for voting them. Another was his super fishy name @gtg.witnesses attempting to emulate @gtg but failing miserably. I imediately checked the account and saw that he spammed the same message (but with personalized links) to more than 200 people in 2 days.

Curiosity wouldn't leave me alone so I went to the website to see how it looks and how will it actually try to scam me into giving up my password. The website looked pretty basic with very little to no information, just a pop-up leading to a fake SteemConnect where you need to put your credidentials to "claim" the "reward".

After "claiming" you get redirected to the SteemConnect clone who's only purpose is to get your passwords and send them to the attacker. Cloned websites can easily be discovered by checking the actual URL of the website it claims to be and see if it matches to the real website. In this case the cloned websites URL was a real thorn in the eye and something that should easily be noticable for everyone.

Fake

Real

Somehow I stumbled upon @tomo15

With a fully flagged account and a wallet full of the same scammy messages for the same phishing scam, @tomo15 might actually be behind this.

ALWAYS CHECK THE URL

To be safe when handling your password and giving it to third party services, be sure that its not a clone by double checking if it has the correct URL. In the above-mentioned case it was pretty obvious, but what if the difference was in only one letter and the clone was steemconect instead of steemconnect, would you notice?

Most likely not and unknowingly you would have given someone complete access to your account.

As Steemit grows

So will this kind of attempts to steal your hard earned Steem! They will become more and more advanced and hard to notice. So please be careful and start checking the URL each time before you enter your password and don't let yourself fall for scams. You weren't working so hard just to get your account stolen, didn't you?

Write them down

Your keys are the only thing separating you and some malicious user from spending your earning. Passwords should never be kept on the pc, in the mail, on your phone or anywhere online because the will be susceptible to attacks. You should write your passwords on a piece of paper, repeat a couple of times and hide them the best you can.

Be safe peeps!

#scam #steem #phishing #abuse

7 years ago in #steemit by runicar (72)

$18.91

Sort:

Trending

[-]

land0 (2) 7 years ago

I was not careful enough, I clicked on phishing link, my phone called so I forgot about this, then I logged in, in the fake login window. Now my reputation is 2. hacker was posting phishing links from my account. To recover I need upvotes, so I've made posts that claims no reward, but it is impossible to recover from this. Cant upload any photo until rep 10 :(

$0.24

1 vote

[-]

gtg (75) 7 years ago

Thank you for bringing this to attention :-) Good job.

$0.23

1 vote

[-]

runicar (72) 7 years ago

Np, I just regret not boosting the post to reach more people though... Scams like this enrage me so much because they bring down the value of Steemit itself but there is not much we can do to stop it. We can just point them out and hope they don't get a lot of keys.

$0.00

[-]

drphysiatre (47) 7 years ago (edited)

Thank you for this clarification .. it allows us to be careful with all sites that uses steemconnect and to confirm that this is the real site.

Thanks for sharing @runicar

$0.06

1 vote

[-]

yassinof (51) 7 years ago

thank you for the clarification, explination, lately we are reciving many messages this kind.

$0.00

1 vote

[-]

learner365 (51) 7 years ago

thanx for the valuable information. this article helps not be a victim of this fake scams. nice article keep us updated with the good stuff

$0.00

[-]

samstickkz (65) 7 years ago

thank you for sharing. one just needs to becareful before clicking any link

$0.00

[-]

chidiarua (49) 7 years ago

Thank you for this piece of info. We'll stay safe. Thanks.

$0.00

[-]

midee (26) 7 years ago

Thanks so much for that

$0.00

[-]

ashrafashoor (44) 7 years ago

thanks for this great information and alert us from scammers.

$0.00

[-]

flemmy (45) 7 years ago

Also another good reason not to use your master pw to login because if you do get caught in one of these things its game over!

$0.00

[-]

goddywise4-eu (44) 7 years ago

So,those basterds are not satisfy with physical 419 again. Their new operation is digital currency. Thanks for this alert. This post worth resteeming.

$0.00

[-]

goddywise4-eu (44) 7 years ago

Boss,pls can you clear us on the winner of #minnowoftheweek contest #4. It is 10 days old now. Thanks boss.

$0.00

[-]

nainaztengra (80) 7 years ago

Ghosh this is scary, thanx for the info. People can do anything for money :(

$0.00

[-]

coderzairos (51) 7 years ago (edited)

As long as you can see the secure icon on your browser's URL there's a big possibility that its not a phishing site, I wish steemconnect work for this so that we can distinguish it faster and better

$0.00

[-]

gtg (75) 7 years ago

Secure doesn't mean that it's safe to use a website.
Phishing site can also be secure. It's just an encryption between your browser and site's server.
There has to be two requirements met:

site have to be secure as you wrote ( i.e. https:// )

AND

URL have to match expected site exactly (every letter matters, so in this case: https://steemconnect.com)

$0.00

[-]

coderzairos (51) 7 years ago

owww I see, Thank you for the information :)
my bad :)

$0.00