As most of us, I do regularly check my steemit wallet tab, to see if any new SP/SBD is available to claim, to see if any prize or reward has arrived. This morning I noticed a strange 0.001 SBD transfer, with a leading message "ACCOUNT BLOCKED: We have detected unauthorized .... bla bla bla..." Right next to it was sitting a warning from @arcange, that someone is phishing info from me

Naturaly, the first thing that came to my mind, was to see who that @samstonehill really is.

WoW !! Somebody with more than a year experience, with a huge 70 reputation, 2K followers and 5718 posts, who is posting regularly, daily. Hmmm... this does not look good at all. Such people can not do things like that. His wallet show the same transfers+alert been sent numerous times, again and again:

Finaly I got enough courage to see what that enclosed link contains inside it. And here was the end of my doubts - this steemit oldtimer @samstonehill clearly has been hacked. A simple page , which may look legit from the first sight ( secure https site, STEEM logo, word "steemit.com" in the URL) in fact is registered in.... what ? in Mexico ? Why .mx? And all that I've been asked is my steemit ID @+password/WIF+email. As simple as that :)

It does not took me long to find the full explanation from the victim, which I have upvoted at 100% right away, and resteemed on my own blog (check it out, my resteemed-post right behind this one). Such warnings always must be quick.

Now, after I read the full story carefully, I want to make some extra comments to my followers. If somebody with a 14 month experience and 70.5 reputation can make such a dramatic mistakes - everyone can. And this is what nobody of you wants ever to happen. Even if you steem savings are tiny, losing your account, and long created reputation, followers, and all that hard working results are just terrible.
And none will prove me that a one more advice and warning is too much in such situations.

So below is my advise on a major rules to be always remembered, to be kept following strictly while dealing with your steemit account. Starting from the most important ( as I see them).

#1. NEVER EVER give, or mail, or post your 1-OWNER password and/or 2-MASTER PASSWORD.No matter who is asking, where you been asked, on what page or link or message you got such a request. If you feel this is the only way you can solve the problem - just consult somebody who you feel has a better understanding of these security issues. NEVER EVER do anything in RUSH

These 2 passwords is what protects your account and your STEEM funds.

And there is a numerous, countless ways to provocate you to share those two important passwords

#2. NEVER log into this site with your master password, if all you want to do is just post another article or a comment. The best way to do this logging in - is with your POSTING password. If you want to transfer, convert, power-up or do anything else with your steem - you still do not need to use your Master password. Your ACTIVE password will do all job just fine.

#3. If you are creating a new steemit account for yourself, or helping to do this to your friend - make sure a valid, permanent Email address is used for the confirmation purposes. The Email, which has your permanent access. Preferably protected properly with 2FA. Never use a temporary, self-destructed emails, which you may have no access later on.

#4. WRITE down all your passwords from your "wallet-permissions" tab, and put them safely in an off-line place. There is no excess care of these keys - these are the keys to your crypto-money. Which has a nice feature to grow up in value while time goes on. Your miserable 100 STEEM account maybe your major savings part ten years later. There is not too much protection for things like this.

#5. Whenever you follow a link (no matter where and how you get it) - make sure the site looks legit. CHECK literally EVERY SINGLE letter of the URL. Is the top level domain the same? Is there 2-3 word combination in the URL? Is that site just one-page site, or it has all the normal parts ( FAQ, CONTACTS, TEAM, PRODUCTS, etc etc).
Got even smallest mistrust? Make NO RUSH. Double check. Tripple check! Consult. Beter be worry then sorry.

and last but not least....

#6 There is NO password reminder and/or recovery on STEEMIT. And it will never be. You deal here with cryptos, with blockchain. So act, and protect yourself properly. Nobody else can do this for you. The right level of understanding this is one of the major, key factors for success in the crypto world.

Be safe!

@onealfa