Warning about phishing links

deathwing (65) in scam • 7 years ago (edited)

Lately, I have been seeing a lot of posts getting comments from bots or some random dude who can't even write proper English, I can hear you saying "But Deathwing, this always happens, it is not something new" but there is one caveat in those comments.

All of them have a link, a link that seems similar to steemit.com or any other big sites such as busy but in fact, it is not.

In this picture, you can see the user posted a link with a normal spam message you say? But in fact, it's not a link to his "usual" profile, well... It is. But not on Steemit. More on that later.

What is Phishing

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Wikipedia

Phishing is pretty much a way of scamming, stealing your private information. Most importantly, your private keys or passwords here on steemit (never, ever use your password to login, always use a posting key on a daily basis. ONLY use active key when you are verifying stuff (well, transactions in this case).

Alright, back to the "link" thingy.

As you can see when I hover over the link, you see "sleemit.com" so, what is the difference?

This image is taken on Steemit.com, as you can see; I am completely logged in with Steem Plus active.

And this is Sleemit.com, I am no longer logged in and Steem Plus is not active anymore. I am not on Steemit anymore, but the site looks EXACTLY like Steemit and works like it. So this is the phishing right here. As an innocent user, you would think you just "got logged out" and would instinctively log back in once again.

You see the normal login page of Steemit, and only a few scripts are running

And there you go, this is Sleemit's login page. A few extra scripts right there and the most notably, app.js which is the javascript file they use to steal your passwords as soon as you log in.

Ways to prevent this:

Always check the link you are clicking to
Install the Steem Plus extension made by @stoodkev as it will warn you whenever you are clicking a link that directs you out of steemit.com
Don't click the links at all if they are posted by low rep users, or have no meaning.

TLDR: Never click a link before checking where it redirects you to. Especially on Steemit. Otherwise you will have your password stolen, your account and your money gone. Always have Steem Plus installed.

P.S.: The site and the user I shared here were completely out of coincidence, during my observations for the past few weeks I know that there are more than 15 maybe 20 phishing sites available on the internet just to steal your passwords.

scam steemit phishing

7 years ago by deathwing (65)

$252.13

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

cortexx (57) · 7 years ago

Nowadays it's a lot more easier to hack individual accounts than the institution. It's all about "Social Engineering", and the only way to counter it is common sense and education. You can check my blog post about it: https://steemit.com/steemit/@cortexx/how-to-protect-yourself-from-hackers-or-social-engineering-or .

$0.91

4 votes

[-]

accra (52) · 7 years ago

I agree. Hackers are trying to exploit people in any way possible.

I make it a point to downvote those type of accounts whenever i see spammy posts.

$0.00

[-]

pirateofthedtube (52) · 7 years ago

Yep, when security gets too tight, they have to go for the individuals instead.

Honestly, the site shown in this post is scary in terms of how good it is. Most scam sites are not quite as good at matching the real site.

$0.00

[-]

pouchon (70) · 7 years ago

That's dope.
Man they are trying like crazy. Just you should never click on anyone asking you to follow or whatever

$0.56

2 votes

[-]

spotlessben (25) · 7 years ago

Nice advice please follow me via this spotlessben

$0.00

[-]

iebalgamge (55) · 7 years ago

yes sir @deathwing, i also get comments on my post 6 hours ago from purpleandgold account. I am very worried about this. certainly not just me but comrades who have long existed in this platform. we should now be very careful, whether we can know the account is a danger? I mean other than sending a link on our post?

$0.06

1 vote

[-]

richatvns (73) · 7 years ago

good info thamkyou!

$0.06

1 vote

[-]

jassi (60) · 7 years ago

Thanku soo much sir for this information

$0.05

3 votes

[-]

aenor (64) · 7 years ago

They're also sending tiny amounts 0.001 steem to your wallet with a message and phishing links. Don't click!

$0.02

6 votes

[-]

honarparvar (72) · 7 years ago

if the browser is uptodate a https will be enough
also why not clicking on the name rather than the link? ;)

$0.00

1 vote

[-]

throwawayaccount (0) · 7 years ago

$0.00

Reveal Comment

[-]

loshcat (54) · 7 years ago

These are some really nice resources to know about. I myself have clicked on a redirecting phishing link on here but it is worrisome especially for those who don't have a good idea about how front-ends interact with the blockchain.

Anyone can build their own Steemit-like front-end, that's not a problem at all as it can be totally legitimate without needing Steemit to sanction it, but knowing who to trust when it's not Steemit or doesn't use Steemconnect is tricky. It's nice that there are easy technical and user friendly options out there to check but yeah, keeping an eye out and protecting yourself starts to get a bit more serious in decentralized systems.

$0.00

2 votes

[-]

throwawayaccount (0) · 7 years ago

$0.00

Reveal Comment

[-]

throwawayaccount (0) · 7 years ago

$0.00

Reveal Comment

[-]

loshcat (54) · 7 years ago

Awesome stuff again, especially those canary tokens. I'm not sure how exactly it could be implemented, but I can see maybe some sort of interesting key-specific decryption of a picture like they were talking on a website that logs use automatically. Not sure how that would work on attacker's own websites or even Steemit though. Interesting to think about.

And yeah, I even read somewhere that web javascript could exploit those Spectre and Meltdown vulnerabilities. I just love it because it runs so easy... everywhere.

$0.00

1 vote

[-]

bluewinter (57) · 7 years ago

Stop phising

$0.00

1 vote

[-]

adamkilian (25) · 7 years ago

Excellent thank you for the headsup daethwing

$0.00

1 vote

[-]

pirateofthedtube (52) · 7 years ago

Damn. Thanks for this man.

The site you showed is a seriously well done scam. I almost got hit by phishing on Facebook once - I clicked a link to "Facebok.com". Fortunately I saw that there was only one "o" in "Facebok" and figured out what was up. Another good way to be safe is to go to the website normally and see if you are logged in. I had actual Facebook open in a different tab so I could also tell that way.

$0.00

1 vote

[-]

creslyn (47) · 7 years ago

someone sent me one of those when I was on steemchat and I was also talking to people on the general chat and they told me not to log in with my account. I was relieved I didn't do it though. :) thanks for the post

$0.00

1 vote

[-]

thedaud (51) · 7 years ago

Nowadays it is very common on steemit. One of my friend got hacked few days ago. Than he recovered his account by clicking on stolen password option. Toady I also got similar comment but I avoided because It seems phishing. So guys please always check before clicking on theese type of links. Most of them have less than 25 reputation.

$0.00

1 vote

[-]

mmohsinraza (41) · 7 years ago

Wow! Thanks for being on factor. I don't have plenty for phishing rip-off jerks to thieve yet, however perhaps within the future this may be extraordinary info to have.

$0.00

1 vote

[-]

postpromoter (63) · 7 years ago

You got a 5.39% upvote from @postpromoter courtesy of @deathwing!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

$0.00

1 vote

[-]

ghostsinahatbox (34) · 7 years ago

I am new here so I don’t have anything to take... yet. Besides not clicking on suspicious links, is there something else I should do?

$0.00

[-]

mynlo.com (37) · 7 years ago

Everything is mentioned in the post.
You could add the extension suggested and not login with your password.
Good luck.

$0.00

[-]

chandra13 (25) · 7 years ago

My name is chandra.
I'm from contry indonesia.
Saya berterima kasih kepada seluruh pengguna steemit.
Saya berharap teman teman bisa membantu saya untuk lebih populer distimeet.
Thanks all

$0.00

[-]

spotlessben (25) · 7 years ago

Chandra you are welcome to steemit its a place to be hope you enjoy it good luck.

$0.00

[-]

sayee (66) · 7 years ago

thank you so much. Resteeming this. Just last week I read about how a user lost his money but regained his reputation back and his account, thankfully

$0.00

[-]

hafizhafi17 (42) · 7 years ago

I am not getting why these people interfere even in a well assembled and genuine ways of earning. Why they don't try the actual and genuine ways of earning instead of fake and pathetic tricks. What is the reason of their evil acts? Poverty might not be the valid reason so far

$0.00

[-]

stevebhow (35) · 7 years ago

Wow! Thanks for being on point. I don't have much for phishing scam jerks to steal yet, but maybe in the future this will be great info to have.

$0.00

[-]

artem-sokoloff (66) · 7 years ago

The beginning of this process was inevitable. Accs of Steemians are so good rewards for bad gays.
Thank you for security information. It must be resteemed.

$0.00

[-]

steevc (73) · 7 years ago

I've seen several people posting similar comments. I reported them to @steemcleaners. I recommend using a password manager like Lastpass as that only fills in the password for the legitimate sites

$0.00

[-]

amoni (43) · 7 years ago

Thanks for opening my eyes to this... Though I have been seeing links like that but never clicked on one. I wish everyone on steemit can see this so the risk of being defrauded will be minimized. You are a soul saver @deathwing

$0.00

[-]

ladyrai (47) · 7 years ago

Thanks a lot for this information! At least, I am now aware the existence of this kind of acts in the community. It is very helpful, most especially that I am just a month old in steemit and not that very familiar yet on does is works! Again thanks a lot for sharing!

$0.00

[-]

incognitoct (39) · 7 years ago (edited)

Nice post. I will follow you @incognitoct

$0.00

[-]

quochuy (72) · 7 years ago

I made a Chrome desktop browser extension to help identifying those links more easily: https://steemit.com/utopian-io/@quochuy/steemed-phish-v0-0-14-is-out-a-chrome-extension-to-protect-yourself-from-steemit-like-phishing-scam-websites

If you know of other websites to be blacklisted, let me know

$0.00

[-]

spotlessben (25) · 7 years ago

Quochuy please could you enlighten me more on your post? Please follow me here spotlessben

$0.00

[-]

witul4r (32) · 7 years ago

whaa, many people using it domain looks like steemit cckck
thanks bro for post and your warning

$0.00

[-]

bryanx86 (25) · 7 years ago

Thank you for the heads up! I wish these scammers would get a life, bunch of losers. Nice post

$0.00

[-]

baloothebear (49) · 7 years ago

Oh what the hell man, i usually dont fall in traps like that. But this indeed looks way to legit, i could for real fall for that. Thanks for posting this

$0.00

[-]

expertolatunde (25) · 7 years ago

Thank you very much for this post. Its really helpful especially for newbie like me. Stay blessed

$0.00

[-]

nicestbot (43) · 7 years ago

You have received an upvote from @nicestbot. I am an automated curation bot trying to make minnows happy.

$0.00

[-]

jlalvarez (44) · 7 years ago

ayudenme con mi perfil https://steemit.com/@jlalvarez

$0.00

[-]

muzac (55) · 7 years ago (edited)

why should warning

$0.00

[-]

cha0s0000 (65) · 7 years ago

Goog warning . Resteem it!

$0.00

[-]

alucare (59) · 7 years ago

Yes, I have to be careful who I contact because they got their account hacked and lost their SBD/STEEM:(

$0.00

[-]

asad24434 (25) · 7 years ago

Hey @deathwing, gotta love Steemit! Still awesome platform and community and it's nice having great people contribute so we all benefit. Keep up the good work! Cheers!

$0.00

[-]

eleazer (25) · 7 years ago

Can't agree more! The best platform around @asad24434!

$0.00

[-]

eleazer (25) · 7 years ago

I'm new to steemit, and this is really important info...for real! Thanks a great deal @deathwing

$0.00

[-]

acwood (60) · 7 years ago

Good information!

Thanks!

....upvoted and resteemed

$0.00

[-]

whgard (25) · 7 years ago

Thanks for the heads up amd advice!

$0.00

[-]

goodcontent4u (57) · 7 years ago

this link also another phishing site, Be careful!
If you look closely, there is another small dot under S.

$0.00

[-]

semy (40) · 7 years ago

thank you for sharing information,

$0.00

[-]

kamanda (35) · 7 years ago

Thank you for the information. Will be more careful in future (Y)

$0.00

[-]

chiraagnd (41) · 7 years ago

Lately telegram has become a breeding ground for scammers/phishers. I recently wrote an article about that. https://steemit.com/ico/@chiraagnd/trolling-ico-phishers-scammers-on-telegram

$0.00

[-]

lambourneb (25) · 7 years ago

Phishing is relentless on every platform, be it email facebook etc.

Be aware and read! read the link you are about to follow

$0.00

[-]

wndrlandxwrites (25) · 7 years ago

highly important information for all new to steemit as well as any who may not know about all the different ways one can be hacked if not attentive. thank you for this.

$0.00

[-]

kimuseni (41) · 7 years ago

thanks for the warning

$0.00

[-]

riodejaksiuroe (58) · 7 years ago

very useful post, thank you dude!

$0.00

[-]

veerall (50) · 7 years ago

PLEASE MAKE A SEPARATE PAGE FOR COMPLAINERS, PROGRAMMERS AND MEETUPS. THESE DONOT COME UNDER GOOD CONTENT. STEEMIT IS ABOUT GOOD CONTENT CREATING GOOD POSTS/BLOGS, STEEMIT IS NOT ABOUT STEEMIT.

HAVE YOU SEEN QUORA MAKING BLOGS ABOUT QUORA AND TRENDING?

STOP THIS NONSENCE

WE NEED TO FIX THESE THINGS FIRST:

a) We need good content on trending page, and no 2 liners or only specific content related or of specific members only or just a dinner shot.

b) Bots should review the posts before upvoting.

c) Need genuine Meritocracy, not fake (Give Fair chance to everyone, not just the rich)

d) Meetups/Programmer related should be funded privately, and not by trending, This is not called good content. Need a speprate page for it like an UPDATE or ANNOUNCEMENT page.

e) Or You can remove Trending and Hot page, so people will only look for content they are intrested in, using search bar or tags, & not upvote only for rewards.

f) We also need Reward limits and Posts limit. I guess if we keep max 200$ per post and max 5 posts, that comes to 1000$ per day means 30000$ per month. Which is morethan enough for any one to live life in any part of the world. and obviously you can invest in steem/SBD or other cryptos. This will also limit greed.

g) Also a minimum reward like 50 cents to 1$ (more or less i leave to experts) for every post with a minimum content (bots can handle this im sure) will give a boost to minnows, and will also lead to genuine wealth distribution.

All the above points will eliminate the "Central Banking System for the Rich only" type scenario that going on on steemit.

Reposting here as it gets ignored all the time..

$0.00

[-]

veerall (50) · 7 years ago

NEVER DID FOLLOW FOR FOLLOW

$0.00

[-]

connorsmith (41) · 7 years ago

Thanks for the heads up! I will be extra careful of this phishing scam.

$0.00

[-]

farzanaafroze (45) · 7 years ago

Informative post! Thanks for the warning. I will be very careful from now.

$0.00

[-]

josephlacsamana (48) · 7 years ago

Try to check these phishers!

@farhannaqvi7 is a phisher!
he changed his comment to smile because I mentioned @duplibot

you can also check @sjworld

Thanks for sharing this content! RESTEEMED!

$0.00

[-]

arcange (73) · 7 years ago

Congratulations @deathwing!
Your post was mentioned in the Steemit Hit Parade in the following category:

Pending payout - Ranked 9 with $ 239,83

$0.00

[-]

skunkape30uk (54) · 7 years ago

It seems simple but thank you for the reminder. It is so easy to get complacent on here and just happy click. cheers.

$0.00

[-]

shirou-jeff (55) · 7 years ago

hello @deathwing, i want to be a moderator of utopian under your supervision. can i have any chance? i want that job, i need that job.

$0.00

[-]

cinnamonsunset (36) · 7 years ago

Thanks for letting people know, as a newbie here I really appreciate this. I'll definitely be extra careful if I click any links people provide in the comments. It stinks that horrible people are so dishonest :( Then it makes good people like us weary of one another. It's just unfortunate.