ILoveWWW Phishing Attack on STEEM

guiltyparties (70) in phishing • 7 years ago (edited)

The ilovewww.com registrar and hosting company is the source behind the massive phishing attack on the cryptocurrency community, including STEEM. This is a multi-vector, prolonged attack.

We estimate over a dozen STEEM accounts have been compromised and had their funds stolen.

Crypto communities are particularly attractive to hackers as wallet transactions are irreversible. Unlike with many traditional institutions, you won't get your money back if someone gets into your wallet and transfers it out.

Phishing Attack on STEEM

Do not click on any links in any comments.

If your account has been compromised and your password changed, use this form to immediately initiate your recovery process (information at bottom of post).

Examples

Wallet messages from @gtg.witnesses
Comments telling you you're trending
Comments advising of abuse
Long comments with graphics

Other Crypto Communities Attacked

Bitcointalk members got their own version of the same phishing scam.

Numerous other services also targeted and crypto stolen:

This person visited what he thought were known websites as per his Reddit post.

Online Services Attacked

Netflix users are reporting the same type of scam from ilovewww.com domains. An example can be seen here.

A simple search for "phishing ilovewww" reveals many other community-specific phishing sites and victims. Try it yourself. These douchebags have been around for a long time.

Originator

Every phishing domain is hosted by ilovewww.com. This would not indicate culpability in itself except that this has been going on for a long time now and ILoveWWW is not responding to email, form, or phone messages. In fact, the phone is non-functional. It is highly unlikely that this is a real business.

WHOIS of ilovewww.com

Update:

http://www.viewdns.info/reverseip/?host=steemil.com&t=1

IP: 111.90.149.128 out of Malaysia

A large number of phishing domains is owned and hosted by these hackers. Click the link below for the full list. Fortunately, there are only two Steemit-style domains at this time.

Update 2:

We received a poorly-written email after days of waiting. It is clear by their response that their entire enterprise revolves around cybercrime and illicit services.

Reporting

Every registrar and hosting company is responsible for tackling abuse stemming from their services.

Reported to 'Public Domain Registry' Registrar

In this step we assumed that the privacyprotect.org aka the 'Public Domain Registry' is a legitimate company.

No response has yet been received.

Future Reporting

The shit ball that rolled down hill reached bottom long ago, now it bounced and is rolling up hill until it hits its target and the phishing operation is dismantled.

Update:

Public Domain Registry responded that they did not find any abuse. We send them over this post for review.

Your Recovery on STEEM

This is taken from our previous phishing-related post.

Private Posting Key

Using your private posting key instead of your password will keep your account safe. It will ensure that even should someone get your key, they will not be able to take your money or lock you out of your account.

To get your private posting key go to Wallet --> Permissions --> Show Private Key (the key will be revealed)

Recover Your Account

If your account has been compromised and you can no longer log in with your password, you will need to recover the account immediately. Fill out the following form and wait for the Steemit Inc team to do their magic: (may take up to 24 hours)

https://steemit.com/recover_account_step_1

See a Phishing Account?

Report it to @steemcleaners and other community members at https://steemit.chat/channel/steemitabuse and we will flag the account to hide its comments. DO NOT report via mentions!

Flagging

If you have flagged an account distributing phishing links, remember to keep an eye on it and remove your flags from the innocent person when they recover ownership and edit out the phishing messages!

I will update this post with new developments. All funds earned from it will go towards supporting worthwhile communities -- accounting post to follow. You are encouraged to resteem and translate this post into other languages.

Like what we're doing? Support us as a Witness.

Go to https://steemit.com/~witnesses

At the bottom, type in guiltyparties

Click VOTE

phishing hacking attack abuse crypto

7 years ago by guiltyparties (70)

$25.52

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

bronevik (61) · 7 years ago

Very useful info.

I believe steem needs more smart key management system. It would be nice if you can issue a few different keys and then easily rewoke them. Or if they would be valid a fixed amount of time.

$2.01

3 votes

[-]

gaottantacinque (59) · 6 years ago

That seems like a good idea..
Luckily Steemit itself seems quite secure. I recently wrote some articles about it, give it a read if you want :)
https://steemit.com/security/@gaottantacinque/steemit-security-check-iframe-tricks

$0.00

[-]

rigaronib (72) · 7 years ago (edited)

As important as it is to keep keys safe, why can we not sign into different front ends with only our priv posting key? All of them seem to go through steemconnect which makes you use your active or owner key. I, for one, hate that - so I haven't really tried many of them out.
Now if there were a place for me to keep my liquid assets (i.e. desktop wallet) in a private wallet with different keys, I wouldn't have a problem using my active keys, as I wouldn't have funds easily accessible...

$0.00

2 votes

[-]

pharesim (74) · 7 years ago (edited)

You could just use another account as "cold storage"

Steemconnect doesn't always ask for the active authority, that depends on the permissions the app you use requests.

$0.16

5 votes

[-]

rigaronib (72) · 7 years ago

I actually thought about that after I hit post. lol It's not a bad idea, really.

So it's up to the app? Meaning that busy (or similar) could change the code to allow you to sign in with only your priv posting key?

$0.00

[-]

guiltyparties (70) · 7 years ago

Dtube does that. It's not really a solution since the phishing sites all replicate Steemit, they don't care about the other frontends. And most users just use Steemit. Part of the problem is there's intermittent unannounced work on Steemit and the site starts glitching out. When that happens people get used to being logged out, forms not loading and other crap. So when they click on a phishing link and get 'logged out' its business as usual.

$0.02

1 vote

[-]

rigaronib (72) · 7 years ago

No, no, of course not! Phishers will phish and people will continue to stay dumb to it.
My comment was a bit off topic come to think about it. lol I feel better now though, thanks for letting me have a little rant on your post. ;)

$0.00

[-]

ahmadmanga (65) · 7 years ago

Some front ends don't allow posting key and need the active one. Also not all websites using steemconnect require active key. Actually I try to avoid those requesting more than they should.

$0.00

[-]

thedaud (51) · 7 years ago

Thanks for educating us about these hackers. I always try to not open links in my post comments.

$0.00

1 vote

[-]

matriks77 (47) · 7 years ago

thanks very much for the information @guiltyparties, very useful and you provide the way for this matter at final post.

$0.00

[-]

nxtblg (62) · 7 years ago

Thanks a lot for the investigation & post. Resteemed to pass the word along.

$0.00

[-]

basicstoliving (58) · 7 years ago

Thanks, brother! Lots of scams going on. This info is about account recovery and such is great to know.

$0.00

[-]

malloryblythe (55) · 7 years ago

Thanks so much for the heads up. I'll keep an eye out.

$0.00

[-]

naquoya (67) · 7 years ago

Thanks for the diligence and alert. We can never be told too often about how to handle our passwords.

$0.00

[-]

veteranforcrypto (60) · 7 years ago

This is good information to know thanks for getting it out there brother! Stay safe out there everyone.

$0.00

[-]

afrosiab (61) · 7 years ago (edited)

!WRM!

$0.00

[-]

tainika (33) · 7 years ago (edited)

Resteemers of your post https://steemit.com/@guiltyparties/ilovewww-phishing-attack-on-steem
@felobtc
@taurus1983
@pawos
@security101
@leeart
@veteranforcrypto
@nxtblg
@afrosiab
@pharesim
@damnthatbanana
@tatyanamishenko
@ura-soul
@bosjaya
@elementm
@nidin
@sunnyali
@angelveselinov
@cleansingpoetry
@untitledvzla
@c0ff33a
@wilfredn

$0.04

1 vote

[-]

guiltyparties (70) · 7 years ago

This is useful.

$0.00

[-]

felobtc (53) · 7 years ago

Thank you so much @guiltyparties for so priceless information. I will translate your post to Spanish language so that all Spanish-speaking Steemians know about this serious issue.

$0.00

[-]

guiltyparties (70) · 7 years ago

Thank you, that would be much appreciated. Please let me know when you're done and I will resteem.

$0.00

[-]

msena (60) · 7 years ago

For every steemians it'a a very useful post. enhance our awareness.

$0.00

[-]

mirazbd365 (37) · 7 years ago

Its awesome post i like your post and please upvote me my comment.. I love u so much...

$0.00

[-]

readallaboutit (59) · 7 years ago

Hi guiltyparties thanks for a great post. I reported both good-kama & gtg.witnesses yesterday to steamcleaners and yet their accounts haven't been penalized. Is this because they haven't posted anything within the last 7 days and therefore making their accounts untouchable?

$0.00

[-]

guiltyparties (70) · 7 years ago

Yeah, there has to be something to flag. Not much can be done past flagging either. They use those accounts as collection points and to send spam wallet messages from.

$0.00

1 vote

[-]

sighmanjestah (54) · 7 years ago

Thanks for your help again @guiltyparties it was greatly appreciated.

SDG

$0.00

[-]

yosuandoni (65) · 7 years ago

How malicious is the act of some.
Many of these scam accounts are from people with few coins, who have a lot of effort and hard work to get every SBD.
We must hunt down those accounts who carry out these evil deeds.

$0.00

[-]

c0ff33a (72) · 7 years ago

Sadly this is just a growing problem for Steemit, the best we can do is just as you have take the effort to make a post warning people and hope that the word get's spread through resteems or discord.

#thealliance

#FreeCommenting

$0.00

[-]

zephalexia (66) · 7 years ago

could this be one too? after reading your blog i checkes my wallet immediately and i got this teansfer records i never did

i got more but just to show you those are the transfers i havent made , i dunno why it's there.

$0.00

[-]

guiltyparties (70) · 7 years ago

I will take a look, thank you.

$0.00

[-]

zephalexia (66) · 7 years ago

or maybe im wrong maybe they tranfer me steem because of the word from? , maybe i am jusst wrong , sorry i was just confused

$0.00

[-]

leotrap (72) · 7 years ago

Fuc7 them! Nice catch in there...!

$0.00

[-]

tigerplus (48) · 7 years ago

Important information and also useful.....
Thanks for sharing....
@marketreport

$0.00

[-]

cad1020 (40) · 7 years ago

Follow Me

$0.00

[-]

joe.nobel (55) · 7 years ago

Thanks for the heads up. I hate sharing any of my private keys. But a lot of connected services ask for it. Such as when you click through to vote for a witness, and steemvoter, etc. I wish there was some other way.

Joe
@joe.nobel
science fiction, fantasy, erotica
stop by my blog and check out some stories

$0.00

[-]

guiltyparties (70) · 7 years ago

The more of these third party services there are the worse it gets.

$0.00

[-]

joe.nobel (55) · 7 years ago

Yup :|

$0.00

[-]

sunnyali (55) · 7 years ago (edited)

Thank you so much @guiltyparties , i never knew it is such a severe problem until now and now all my community members will know too thanks to you https://steemit.com/steemromania/@sunnyali/ilovewww-atacul-de-phishing-pe-steem !! Wish the attackers would stop their action or at least the Public Domain would respond finally by deleting them or cancelling their access.

$0.00

[-]

guiltyparties (70) · 7 years ago

Thank you again.

$0.00

[-]

ace108 (76) · 7 years ago

Found it and resteem

$0.00

[-]

guiltyparties (70) · 7 years ago

Thanks. I'll keep updating it for as long as I can.

$0.00

[-]

ace108 (76) · 7 years ago

you're welcome

$0.00

[-]

ahmadmanga (65) · 7 years ago

It breaks my heart to see how the small abusing few, makes the place unbearable for everyone.

Good move to report the website, and thanks for the advice on what to do if account gets compromised.

That's why we can't have the good stuff.

$0.00

[-]

agusnovic (53) · 7 years ago

Interesting and nice after exploring this post. Hopefully be an example for me. Regards

$0.00

[-]

steemblast.com (9) · 7 years ago

Your Post Has Been Blasted on @SteemBlast.com!
Blast any Steemit post using SteemBlast.com
How Do I Blast My Post?
Go to your Steemit Post URL
2. Erase it in the address
3. Type blast and Go
Get Blasted Instantly – Blasted posts are 100% upvoted every 2.4hrs, Blast your post to Win.

$0.00

[-]

asm.sayem (13) · 7 years ago

Hey man i saw your follow for follow tag. Have you tried steemengine yet?

steemengine the followers i have gained is unreal. I gained 100 just in the past two days. If you want you can use my referral link not required though...

https://steemengine.net/join?r=2616

Steemengine.net

$0.00

[-]

gaottantacinque (59) · 6 years ago

Good read! Thanks for the work you do! :)

Luckily Steemit itself seems quite secure. I recently wrote some articles about it, give it a read if you want! :D

https://steemit.com/security/@gaottantacinque/steemit-security-check-iframe-tricks

$0.00