Phishing scam attempt by @digitalp

in #phishing7 years ago (edited)

So I just finished my first foray into creating a Steemgigs post about my service and had it posted and within seconds I receive two replies within seconds. One seems like an automated response that had a canned response and adding a tag to my name thus GINABOT immediately notified me.

Looking at the comment itself there was something off already and what further threw me off was a link to a "his" blog post. Supposedly it should be going to a TimTravels - Dubai: Fasten your Seatbelts, McLaren 570S post but further inspection I saw the notification after the link that it will take you out of Steemit.com. It is that small icon there that I have encircled in red in another comment he made.

I tip my hat to whoever made that small coding to notify people that if they click on the link it will go out of Steemit.

phishing.JPG

I hovered over the link and saw that the site was going to be redirected to an almost the same URL but with a slight difference. The phishing site was going to Sleemit .com I did not bother to check if it would place me in an exact log in page of Steemit.com and I would foolish enter my posting or active key.

When I called him out on the phishing attempt he immediately edited his comment and fixed it so that it would go to the blog post of @timsaid that goes to https://steemit.com/photography/@timsaid/timtravels-dubai-fasten-your-seatbelts-mclaren-570s

Hence in the 1st picture, you no longer see the small icon notifiying the reader that it will redirect to an outside website away from Steemit.

Person even had the gall to answer "I don't think..." Too late buddy I already reported your ass to Steemcleaners.

What really pisses me off with these people is they victimize people who really need it. This week alone I heard that 3 people were hacked and their hard earned SBD and Steem shipped off to an external wallet.

This mainly targets people using their mobile device as the small icon will not be that glaring on a small screen unlike when I saw it using my large screen of my gaming rig.

Imagine that situation, you just woke up and still groggy and you open your phone to the replies and you see a long comment like that and did not see the small notification icon and you clicked on the link because you wanted to reciprocate the gesture of leaving a comment.

Then it prompts you to enter your password. You think why didn't it go to steemconnect or automatically log in. Anyway you get your active key and log in and it doesn't let you. Then you go back to your previous browser and you upvote a comment and it just keeps circling.

You refresh your browser thinking it is just the normal slow internet in the country but when it loads you are logged out. You enter your password again but is unable to log in. Then it dawns on you that you got hacked. You start to cry, you reach out for help and people tell you that your wallet has been cleared out. What is worst is your account is now being used to leave comments containing the phishing link.

Steemcleaners find your account and you get downvoted to oblivion. All the while trying to retrieve your account. 1-3 days later you get your account back with 0 reputation and 0 SBD and Steem. You cry again.

This is a scenario that I saw the past couple of days. It really makes me mad when I see this kinds of attempts. To you @digitalp you deserve a high five with a steel chair on your face! Low life!

To everyone be vigilant of your account and never click on links like this.

Sort:  

It's frustrating and upsetting when see stuff like this, it ruins the trust, I don't even click on any links anymore 😤 and I bet there's a bunch of them. We have to be vigilant ⚡
Thank you for bringing this to our attention.

same here. better be safe than sorry. 😓

Indeed it made me very angry when I saw it! I reported it right away and the account was flagged so hard so that people will not see any comments it will make.

Glad to inform people about this.

Lol, amazing consequences. I wish all spammers were hit like this, but I'm sure that scammers deserve it the most!

Indeed phishing scammers need to get booted out immediately!

It's devastating! Karma will hit these lazy ass hackers for sure. God bless their soul.

But now it's time for me to move on & be more extra careful & vigilant.

Yes they'll get justice in one way or another.

I FOUND MORE!!!!!

So terrible!

And they're using my name T_T

OMg they are using you now!!!

I do click on every link, but I tread very carefully and watch over my shoulder. I watch the link right before I put my keys and I only use my posting key on normal sites unless I'm on steemit.com and am going to make a transfer.

They randomly comment on post! I think we should be very careful now, they have degrade the value of steemit! Thank you @maverickinvictus for making us more aware! I also notice this small icon in the comment post @sfp-ilocosnorte!more power

Yeah they should be reported and flagged to oblivion right away!

Yes! I hope that this will be stop since most of the victims are just new in the community! Some of this new account took months just to be confirmed to the point of being hacked!

Screenshot_20180317_235510.png

How about this one sir? a comment by @heimdallr!

Yeah looks like especially some use URL shorteners to hide it further.

Super Thanks sir!

Good thing they have that icon for external links. It should probably go even further with a warning of sorts about external redirect. I've seen some historical posts suggesting that as well. Dunno if it would be too intrusive or not.

Yeah Eon that icon is such a great feature and whoever made it should be given a raise or have posts upVoted!

I haven't seen it :O Let's test

Google
Steemit

edit:

No difference unless I hover :(

There is on my end

So many phishing links now. Steemil.. sleemit..

Yeah, my blood is still boiling but that was fast the account got flagged into oblivion already.

I think there's steewit too

The past few days Steemit had some troubles and it was difficult to post or comment and everytime I try to it asks me to login. Did you guys experience it too? The links were correct but I'm a bit scared it could've been a phishing attempt.

A yeah some sat it was a DDOS attack on Steem which would be true as most nodes were down even the witnesses said it was down.

Everyone was unable to log in or had so slow connection.

I just slept when that happened.

With a big screen it was hard to miss. If I was using my phone it might be different but then again I don't click on links because of all the phishing scams lately.

Thanks for sharing this story sir @maverickinvictus! I was not aware of this kind of agenda til i read your post.

Good thing that you read about it then. Be careful of your account!

Good thinking! Thanks for the reminder again. Sometimes there is the tendency to forget about that especially when you are absorbed in steeming. I hope there is a better way for us to be protected from those attacks.

We have to be very careful because these low lifes abound in the system. So when you see that icon dont click it.

glad to know that you were very vigilant. Thanks for letting us know about this kind of things existing here in steemit.

Yes unfortunately these scammers exist in Steemit so we have to be careful and not get scammed into giving away our account.

oh no, you just made me really scared!! sometimes I upvote and then Steemit asks me to log in (even though I am already logged in), but so far nothing happend. You just made me extra paranoid, thanks for posting this!

Oh no Eve!! Be careful you never know when it might be a phising link. If ever just log in with your posting key and never with your active one.