Those stolen accounts could be in control of potential scammers and may try to make more scams attempt using different post or comments!

weeks ago an user got his account hijacket and he was making spam post with a catchy post name and inside the content of the post just an image and a link "more info here" (or something like that) that link was taking you to "steemiit.tk (note the double ii). what i found wrong first was the .tk

and yeah is was a complete copy of the steemit UI, i also found weird that you could not see the post because it was requesting me to sing up directly, and the escape button or clicking outside the login window (like to see the post without login) was not working, then i look the url again and found the double ii, and i was like crap, this is not steemit!
lucky i did not enter my login details after figuring it was a scam

it was nice when i got back to the real steemit and see a user already noticed the scam and posting comments on his spam posts to warn others!

what i do when i sing in is to check the "keep me logged" box, so i know i will be logged

having things like no script as a plugin enabled on your browser could
help you too! since you have to activate it for sites and it may give you a second chance to look what url are you allowing to load

You can give Brave browser a try, it states that it can prevent sites mining with your cpu, and i has a type of no script already added.. is not as the no script plug in, you just have the option to enable or disable (wish they could add an option to make my own blacklist..looks cool so far and very stable, it also has something new.. tha you could pay sites you visit (is some kind of crypto i think!) not sure how it works but there's info and an option to enable / disable and make a wallet, and some more stuff worth looking