! WARNING ! HACKERS ARE SMART ON STEEMIT !
Someone recently got his account stolen after following a link from @twinkledrop
Here is how the hacker proceeded:
EDIT: Seems like steemit updated their code and phishing links are now displayed in red. Great news !
The hacker posted a nice comment on one of his post saying:
(This is a demo)
Someone stole your post, you need to report him :
https://steemit.com/@potential-plagiarist/stolen-post / http://www.bitsharesfcx.com/
Here is the trick:
If you click on the link, you will be redirected outside of steemit.com, on a site that looks like the real site (it's fake) and you will be asked to login like you would on steemit.
The hacker used the fact that you can format a link in markdown like so:
[ LINK YOU SEE ] ( REAL LINK )
The link in the demo is formatted like so:
[ https://steemit.com/@potential-plagiarist/stolen-post ]
( http://www.bitsharesfcx.com/ )
How to prevent this from happening again
One way to prevent such hack in the future would be to warn users when they follow a link that redirects them outside of steemit.com
What to do if your account was stolen
Start there: https://steemit.com/recover_account_step_1
Thank you very much for the warning. I am always leary about entering any of my passwords.
It's so gross that people would be willing to stoop so low :/
That's what people do
I've been following this lately. The scammer is getting smart by using a 65+ account. I hope your friend gets her account back.
Thank you a lot @destbest for sharing this post. I am new here and most of my followers too, so upvote and resteem. Thats a serious problem. Greetings from Mongolia, Silbart.
Rainie Song @twinkledrop is still operating on steemit. I went in & saw Chinese language. Seems like steemit doesn't really care hackers, criminals, & terrorists on Steemit as long as they purchase steem...
For all we know, the account @twinkledrop might have been the first hacked account, it's a good thing imo that steemit is not taking any direct action but rather focus on improving the site so that it doesn't happen anymore.
I wrote 3 posts about the details of the scam:
These posts are very detailed, thank you for your work !
UpVoted !
Rainie Song's @twinkledrop was stolen. Now she is using a new account
Very useful informations@destbest thanks for sharing with us .
The real problem is I have seen so many clone sites that looks exactly same like the steemit site.After some deep investigation I found out that there are some site exists there somewhat officially, and people were referring those sites while the steemit site was down.
So at this point how could we find out which clone site is real and which is phishing??
Hackers did their terrible job very smartly without any doubt. All of users be safe from them & provide more secure system. Very useful link you give us for report them if our account has stolen. tough task but possible one..all us will be protect maybe can be happen to us..Absolutely brilliant post @destbest.
Common sense is the best anti-virus. Thats what i always tell people
that's right its all about "common sense".
Woah , That's Terrible .
Thank you so much for sharing this!
I'll keep this in mind !
That's one of the reasons I do not like URL editors.
Thank you very much for the warning.