CAUTION: Steemit Clone Stealing Passwords + 50 SBD Reward for an Anti-Phishing Browser Extension

in #steemit7 years ago


Uncovering the largets phishing attack operating today. A Steemit clone called Steewit.com or Steelit.com are aiming to steal your keys so be carefull when you put in your passwords if the URL is correct. If you've been suddenly logged out of Steemit and have logged in again you might be at risk because that might have been the clone website. So be sure to quickly change your passwords and store them somewhere safe. I propose writing them down a couple of times and store them on paper instead of online because keeping them online is way too dangerous and susceptible to attacks.

My friend @enjoyinglife got hacked yesterday and lost 200+ SBD and 750 of his SP is delegated out to multiple accounts most likely operated by the "hacker" who owns the steemit clones. Watch his video about it here

SCAMMER and his other accounts:

OG scammer @good-kama -> notice the fishiness of his name
ALT accounts operated by the scammer: @omikunlejackson, @samriamelissa, @lalo78, @kilbride

The malicious user got control of many other accounts and through them spammed out comments with links leading to the steemit clones...

As Steemit grows and our accounts are worth more, this kind of attacks will be more often and sophisticated, harder to recognize so I propose a solution. We desperately need a solution and we need it now!

As a soultion I propose a tool that will help us spot the scams before entering our credentials to a scam clone website.

||| I will give 50 SBD to anyone that can make a bulletproof anti-phishing browser extension |||

It would need to check each steemit-based website we visit and see if it's the correct URL or is it a scam. If it's a scam the app would need to alert the user by an alarm sound and a big gif saying SCAM or something like that! It just needs to be very visible and obvious so no one can miss it.

The app also needs to be open source and the code needs to be checked out to prove it has no malicious code.

If you are willing to do it, please contact me on discord.

Stay safe peeps!


▶️ DTube
▶️ IPFS
Sort:  

Thanks for letting us know about the. Is so sad that scammer want to reap other people off their hard earnings. From the comments and links dropped here, seems the scammer has several ways of contact and sending the link to people to fall for it. I will be very careful of these accounts @good-kama fished out, as well as resteem this post to spread the alert to as many as possible.

This is awful and well done for creating this video! I just resteeemed this and I hope it will be resteemed everywhere! Its such an obvious scam, but most people wouldn't realise! Keep us posted on what happens!! well done!! It needs to be trending!!!

Thanks a lot for re-steeming, anything we can do to get the word out will be worth it because we might save a couple of people. That's why I "wasted" so much on promoting it :)

Thanks for the information. So many scam artists this day and age. You can't do anything about it if they're in counties like Pakistan. You just gotta be careful. I got a few private messages on Twitter before and the URL clearly says Instagram.com but it directs to phishing sites.

Thanks for the video bud.

I appreciate your support and I appreciate the fact you are getting this known to the masses

It means a lot to me (and other potential targets)

I made a short video on Dlive speaking about 2 crucial steps (we spoke about) to prevent this, so if anyone feels like it - check it here.

Np, just hope that no one else will get scammed...

@runicar
I also made a post about this with his whois info and everything:
Check it out: warning-fake-grumpycat-phishing-spammer
Be safe guys!

thanks for sharing ... already resteemed !

Thank you for sharing this with the community. Another user posted something similar yesterday as he got scammed through the same scammer's website. Here is the link: https://steemit.com/steemit/@nossy/be-careful-where-you-click-or-steem-phishing-or-stolen-sbd-from-users-or#@nossy

Talking about links, the browser extension should also reveal hidden phishing links in links in comments (bit.ly and other URL shorteners as well) as that is the way people are being deceived.

We are willing to contribute an additional 25 SBD to the VERIFIED and LEGITIMATE programmer(s) that will take on this project.

Stay safe and always verify the links before clicking on them.

P.S. There are some web scripts that will even click on links on a page without you even doing it! Now that is scary! One thing that may help is having the AdBlocker extension on.

Yep, I have seen that. It really enrages me that this kind of stuff is going on but it doesn't surprise me at all. As our accounts become more valuable over time and steemit grows this kind of attacks will just be more often and sophisticated. I really hope someone makes the extension :)

Thanks for the support and willingness to donate more for the cause.
That's insane, but I always have adblocker on though :)

Would be nice if you could post an update post once the anti-phishing extension is created and give a shout out to all involved ;) Cheers!

Will do, as mentioned in my new post the community will have a week to test the apps and decide which is the best. You'll be see all the devs involved and apps made. Thanks for your contribution to the cause!

Rotten scummy bastards. Isnt there some sort of emergency hotline thing between all the witnesses so they can all instantly resteem an alert ? Between them all they surely have every member on their followed or followers ?
anyway, thanks for the heads up. Will resteem to my 400 followers..mainly bots lol :-)

PS @runicar have you this post with another version of the same scam ?
https://steemit.com/scam/@friendly-fenix/warning-fake-grumpycat-phishing-spammer

I'm not sure there is but I hope they get to work and stop this and block the websites from working and scamming other unsuspecting users.

There is another phishing site at "steemil" dot com as well.

Upvoted for visibility... and steempower and sbd of course 🤨😜

I am by no means a software developer but I think you would want the extension to validate proper sites as opposed to invalidate bad sites. For example if it validates proper sites it would have a green check (much better to have no default image and force users to set a personal image) every time you signed into a proper Steem platform by the sign in. If it is invalidating websites then it would have to invalidate all non-Steem programs to be truly efficient against scammers and thus could get annoying and lead to users uninstalling it.

While I have free time (seldom at times) I wouldn't mind to look at starting it (but you'll not see progress for a long time because as I said I'm not a software developer lol) but I think that it would be better for someone like @r351574nc3 to really get it set up within the next decade. Regardless I also resteemed in hopes of finding actual minds that can bring a product to everyone. Thanks for shining a light on op sec @runicar!

That's somewhat close to what I was hoping someone would be able to make. Let's hope they actually it :)

I was phishing victim myself, I've Lost My reputation, It was really sad. Now, I am afraid that can happen again, So I am very careful About logging in.

I am glad I got to see this post. Is there a way I can contact @good-kama. Anything I can do help get this bring down the scamming bastard.

We need to get steewit.com and steelit.com taken down somehow. Not sure how to do it though.

I've been fighting with both tiers of their registrars for days now. It's getting old. They are deliberately keeping these sites up to prove a point. (edit: well, one is ... the other one is a scam "company" on its own)

Hey man, long time no see :) What point are they trying to prove? That they are scammers? lol. Really hope they get taken down because who knows how many keys they will get out of it....

Check out my post about it, I updated it with the message from the fake 'company'. They're clearly scammers. They also registered accounts to sell fake ids and send phishing emails pretending to be the CRA.

I am sure if we resteem and spread the scam alert as much, we will find someone who can help take it down.

Thank for sharing

Wow !!! Welcome back @runicar..
It is very helpful post for any steemians..
Thanks for sharing your informative and helpful post bro...

It is very helpful post

You got a 17.89% upvote from @postpromoter courtesy of @runicar!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

Interesting content and a good read.

i usually wait for mass adoption before trying something. that way reviews like this have a chance to come out and expose the fakes. thanks!

Oh maaan, this is bad. Thanks for creating this video and letting us know!

https://www.whois.com/whois/steewit.com

yikes! Thank you so much for the heads up :)

damn swindlers, it is unfortunate what happened to the great @enjoyinglife, we really need a quick solution for these cases @runicar. I hope that developers can see this publication and start looking for a solution that improves our security. and avoid this kind of hacking. resteeeme to reach many people ...

Wow!
thank you very much for the warning
phising sucks!

Thanks is terrible but expected as success comes with so many deviant characters. Many users also has their users cloned and scammers try to scam others with it. We also need apps that recognises and exposes similar users. This is awesome campaign you started. The list I can do is resteem this and write about same citing your request in my next blog. Thanks for sharing . Upped 100%

It's sad to see the rise of scams in the platform. Would a 2fa solve the problem?

Thank for sharing this. However, there is more Steemians can do to protect ourselves from scams. I will publish a research I did on this soon. Thanks again

Thanks for the heads up dude!

I'm new to DTube, and I'm hoping to avoid these types of pitfalls as I navigate the site.

That's why you always use a secure site and make sure that it's Steemit. I don't ever follow any unknown links.

Thank you for your information. ;) I have followed you :) Lovely & Peaceful Week ahead. Blessings & Peace :)

Congratulations @runicar, this post is the eighth most rewarded post (based on pending payouts) in the last 12 hours written by a Superuser account holder (accounts that hold between 1 and 10 Mega Vests). The total number of posts by Superuser account holders during this period was 1388 and the total pending payments to posts in this category was $10165.03. To see the full list of highest paid posts across all accounts categories, click here.

If you do not wish to receive these messages in future, please reply stop to this comment.

Thank for sharing

wow very good your post.thanks

This is really bad I'm gonna share with all my followers thank you for this post 👏

Thanks for the information I have to give it to my friends again thank you.

@justyy, maybe you are interested. :-)

I'm glad someone has finally got a hold of this and making folks aware here on the #steemit blockchain.

@runicar
I've just finished a first beta version and it's being published to the Chrome Extension store. It's called Steemed Phish. While it's being published, here is the screenshotScreen Shot 2018-03-09 at 1.15.01 am.jpg

What it does is add a green validation label at bottom right for steemit valid websites. And if you click on a link that takes you away from the page, it shows an alert.

Still a bit buggy, I will continue tomorrow.

There it is, the current version is 0.0.2, fixes have been added to 0.0.3 and still publishing.
https://chrome.google.com/webstore/detail/steemed-phish/eiaigalhddmmpdnehcigmlmgllomljgj

I will replace the green validation label with something else because nothing prevent the scammers from faking it too.

great, contact me on discord

The extension has been updated with an icon that changes color depending on the website you're on.

good.jpg

bad.jpg

nice detective work. +1 resteemed.

@ruincar - thanks for getting the word out on these scammers. It's a shame there's people out there doing this. Guess we all have to be vigilant. Great post, wish I could resteem. I did upvote though!