Yesterday, @qustodian along with a number of steemians got their accounts compromised after falling to what appears to be a phishing attack.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. ~ Wikipedia
One common form of this attack is email spoofing or text, which often redirects users to a fake website to which the look and feel are identical to the legitimate one with the only difference in the URL of the website in concern.
Yesterday, my post also received a comment from a compromised account. As seen below, his comment is an exact copy of @grumpycat. (Note: Images were hidden due to low ratings), but when you hover one of the links and look closely at it, you'll notice that instead of "steemit.com", it redirects you to"steemil.com". A subtle yet very big difference.
A compromised account imitating @grumpycat s comment
If you've clicked any of those links, you wlll notice that you are not logged in on the fake steemil site and they are asking you to login again which should really ring an alarm. You can't just suddenly be logged out in any site without manually logging out, clear caching or being idle for too long(?). As much as possible, inspect first any links you see before clicking on it. Since phishing is normally just an exact visual copy of the website in concern, the credentials are not the same.
If you are not sure if your account have been compromised, you can always change your password at https://steemit.com/change_password . Just enter your current Master Password and generate a new one. Better safe than sorry guys.
Also, a piece of advice, do not use your "Master Password" to login in any steem related sites. Use your Posting Keys" if possible. There is a very big difference and limitations as to what a key can do.
Posting Keys can only post, comment, upvote/downvote and follow.
Active Keys can do what Posting Keys do plus make trades, power up/down, vote for witnesses
Owner Key and Master Password can do all the above things including changing the keys
That is why, as much as possible, only use your Posting Keys when logging in and keep your Master Password and Owner Key in a safe place, never to be used again. In the event that your account gets compromised, the worst they could do is just spam comments and upvote/downvote. Your money is at least safe. Other sites and tools require you to login using your Active Keys. Only do that if you really do trust them otherwise just don't.
thanks for your helpful post.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This comment has received a 0.22 % upvote from @speedvoter thanks to: @mahadihasanzim.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
-> @einsundnull fights spam!
get Steemdelegate
Copy this :
https://steemconnect.com/sign/delegateVestingShares?delegator=YOURE_NAME&delegatee=einsundnull&vesting_shares=30000 VESTSOverwrite YOURE_NAME with steemname out of @
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
@jlordc Thank you friends, the information is very useful, good luck always for you
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This post has received gratitude of 3.57% from @appreciator courtesy of @jlordc!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
appreciate that
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thank you. This is extremely informative.. Especially for new members
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
No problem! :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit