WARNING: Phishing is Back!

in #phishing4 years ago (edited)

image.png

DO NOT click on any links in comments. Phishing is back on Steem.

image.png

Do not use your active key or password in any website. Use your private posting key only.

If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.


How does it work?

You will likely see comments and posts with threatening or attractive links. Ignore them. Don't click! This is a common phishing ploy and over 1000 accounts are currently under phisher control. Some of them you may know as former friends. Whatever you do, do not click on anything.

The links look like they belong on Steemit or another legitimate front end but they do not. They take you to a website that looks similar and trick you into revealing your credentials.


Resteem this to get the word out.


More resources:
https://github.com/gryter/plentyofphish
https://steemit.com/phishing/@guiltyparties/phishing-warning-2-0
https://steemit.com/phishing/@guiltyparties/phishing-messages-faq


Like what we're doing? Support us as a Witness.

Sort:  

If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.

You can change your recovery account via Steemworld.org

Click account details.

Click Change Recovery account

Sign the transaction with your private owner key.

image.png

Yep! My recovery account is one that I own. Prompted by this very post!

My recovery account is Steem but can I change that without a master key?

I'm a little bit wary of using my owner key there. And the Steemconnect link is invalid.

Change keys after you do this if you're that worried. :)

Might have to. Don't want anything relying on Justin Sun providing a service to me.

Could not get this to work, not sure if I missed some step, always used steemconnect.

It takes 30 days for the recovery account to change

Thanks for assistance!

Just who to trust?! ha

Thanks to share here

good to know, scary still

I have a question. What is required to create a recovery account? My first account, this one, was made via Steemit in 2017. I have not seen a private master key for this account and I assume whoever created this Steem account (my Steemit account, @joeyarnoldvn) for me on my behalf has my private master key. According to Steemd, my recovery account is Steem or @steem.

Which keys are required for changing recovery accounts or can I change mine?

If you log into steemitwallet.com you can get your private keys.

Your master key (or password) provides access to all the below

Your posting private key lets you post transactions to the blockchain.
Your active private key lets you transact - power up, send steem, etc
Your owner private key lets you change your recovery account.
Your memo private key lets you read encrypted memos (transfers sent with a prefix of a pound symbol (#)

Hope that helps

Think of this as having different locks to different sections of your house.

No. I've tried many times for years. I've been having this problem for many years now. I used to write articles about this. Based on what I've seen since like 2017, I have not had access to my private master key. I believe I never got it in the first place. I am not new to Steemit. I have made three other accounts and I obtain master keys to two of them and do not have master keys to the ones I made via Steemit as they keep the master keys. My recovery account is @steem.

I'm not sure I understand, when I signed up my account ~3 or so years ago, I did so via steemit.com, and I remember painstakingly writing down all my keys by hand, including my masterkey (password)

I've changed them a few times since though!

Yeah. You might be right. So, it is possible that I lost mine if that is true. In 2019, I created another account via Steemit and did not get a master key. But when I created 2 other accounts via another website, I did get the random twelve words or passphrase similar to what you get for Bitcoin and other cryptocurrencies. So, I saved those master passphrases for those two accounts.

Are you talking about just a password or a passphrase as in twelve random words?

Password. Mine is not a key phrase.

When I created 2 Steem accounts, I got key phrases. It is the same as Bitcoin. And then there is the master password which should be one level under the passphrase.

Thanks so much for the warning @guiltyparties!

Resteemed 🤗

Thank you. Resteemed.

Sad to see but I guess we might have a better chance with blacklists and downvotes this time to deal with them then we did in the bull run.

Thank You!
Very Good Info!
👍🏼😁👍🏼

Good looking out as always. Retweeted and resteemed.

At the moment, I didn't encounter such comments. Thank you.

Using Keychain rather than manually entering keys should reduce the risks.

Спасибо за информацию и с праздником вас 8 Марта.

Coin Marketplace

STEEM 0.35
TRX 0.12
JST 0.040
BTC 70733.96
ETH 3563.16
USDT 1.00
SBD 4.76