SCAM ALERT ! Do not repeat these mistakes. Beware...

in #steemit7 years ago (edited)

As most of us, I do regularly check my steemit wallet tab, to see if any new SP/SBD is available to claim, to see if any prize or reward has arrived. This morning I noticed a strange 0.001 SBD transfer, with a leading message "ACCOUNT BLOCKED: We have detected unauthorized .... bla bla bla..." Right next to it was sitting a warning from @arcange, that someone is phishing info from me
alert1.jpg

Naturaly, the first thing that came to my mind, was to see who that @samstonehill really is.
alert2.jpg
WoW !! Somebody with more than a year experience, with a huge 70 reputation, 2K followers and 5718 posts, who is posting regularly, daily. Hmmm... this does not look good at all. Such people can not do things like that. His wallet show the same transfers+alert been sent numerous times, again and again:
alert3.jpg
Finaly I got enough courage to see what that enclosed link contains inside it. And here was the end of my doubts - this steemit oldtimer @samstonehill clearly has been hacked. A simple page , which may look legit from the first sight ( secure https site, STEEM logo, word "steemit.com" in the URL) in fact is registered in.... what ? in Mexico ? Why .mx? And all that I've been asked is my steemit ID @+password/WIF+email. As simple as that :)
alert4.jpg

It does not took me long to find the full explanation from the victim, which I have upvoted at 100% right away, and resteemed on my own blog (check it out, my resteemed-post right behind this one). Such warnings always must be quick.

Now, after I read the full story carefully, I want to make some extra comments to my followers. If somebody with a 14 month experience and 70.5 reputation can make such a dramatic mistakes - everyone can. And this is what nobody of you wants ever to happen. Even if you steem savings are tiny, losing your account, and long created reputation, followers, and all that hard working results are just terrible.
And none will prove me that a one more advice and warning is too much in such situations.

So below is my advise on a major rules to be always remembered, to be kept following strictly while dealing with your steemit account. Starting from the most important ( as I see them).

#1. NEVER EVER give, or mail, or post your 1-OWNER password and/or 2-MASTER PASSWORD.No matter who is asking, where you been asked, on what page or link or message you got such a request. If you feel this is the only way you can solve the problem - just consult somebody who you feel has a better understanding of these security issues. NEVER EVER do anything in RUSH
alert_5.jpg

These 2 passwords is what protects your account and your STEEM funds.

And there is a numerous, countless ways to provocate you to share those two important passwords

#2. NEVER log into this site with your master password, if all you want to do is just post another article or a comment. The best way to do this logging in - is with your POSTING password. If you want to transfer, convert, power-up or do anything else with your steem - you still do not need to use your Master password. Your ACTIVE password will do all job just fine.

#3. If you are creating a new steemit account for yourself, or helping to do this to your friend - make sure a valid, permanent Email address is used for the confirmation purposes. The Email, which has your permanent access. Preferably protected properly with 2FA. Never use a temporary, self-destructed emails, which you may have no access later on.

#4. WRITE down all your passwords from your "wallet-permissions" tab, and put them safely in an off-line place. There is no excess care of these keys - these are the keys to your crypto-money. Which has a nice feature to grow up in value while time goes on. Your miserable 100 STEEM account maybe your major savings part ten years later. There is not too much protection for things like this.

#5. Whenever you follow a link (no matter where and how you get it) - make sure the site looks legit. CHECK literally EVERY SINGLE letter of the URL. Is the top level domain the same? Is there 2-3 word combination in the URL? Is that site just one-page site, or it has all the normal parts ( FAQ, CONTACTS, TEAM, PRODUCTS, etc etc).
Got even smallest mistrust? Make NO RUSH. Double check. Tripple check! Consult. Beter be worry then sorry.

and last but not least....

#6 There is NO password reminder and/or recovery on STEEMIT. And it will never be. You deal here with cryptos, with blockchain. So act, and protect yourself properly. Nobody else can do this for you. The right level of understanding this is one of the major, key factors for success in the crypto world.

Be safe!

@onealfa

Sort:  

Thanks for telling us about this situation. You save lives.


terrible mistake made huge cost. 70 rep level acc with 3000 sp loss by a single mistake. impressive guidelines to secure accounts from hackers & scammers. excellent article written by @onealfa

ReSteemia
'UpVoted ReSteemed Commented'

Thank you so much for your resteem, @resteemia

@onealfa - Loosing 70 Reputation Level account is a terrible mistake Sir. You gave us a nice guidance to secure our accounts. Therefore, I wish to resteem your post Sir.

+W+ [UpVoted & ReSteemed]

Thank you so much for your resteem, @steemwija

very nice post @onealfa, i also see that peoples are also making some fake accounts of some whales and reputable steemians e.g the original account is @jerrybanfield and the fake one is @jerrybanfeild it has "ei" at the end, instead of "ie" and the original account is @blocktrades and the fake one is @blocktradess - it has an extra "s" at the end, also watch out for those scammers too, upvoted and resteemed.

Thank you so much for your resteem, @bbomber

OMG these scammers are out of control now, thanks sir for telling us about these hackers and also you tell us some really important tips for stay secured, i will resteemed this post to my followers too so that most peoples stay secured and never tell there master password to anyone.

Thank you so much for your resteem, @atechforu. To increase visibility in a very short time for such alerts is quite important. Upvoted.

Thanks man! RESTEEMED...

Tipped @onealfa 500 SMART! Comment @smartbot help to claim. Currently the price of SmartCash in the market is $0.021 USD per SMART. To find out more about SmartCash, please visit https://smartcash.cc.

Thank you so much for your resteem, @msg768

Your welcome! My upvote's not worth much. I tipped you about $10 in SmartCash instead! :] Check my latest post out as we just released a web-based wallet :]

OK, will do . Thanks

Thanks for the information. We would take caution. Scammers everywhere. It is really a funny world we are leaving in. Resteemed, every steemian needs to know this.

Thank you so much for your resteem, @yaanivapeji

OMG....
I hate scammers....
Thank you so much my dear friend @onealfa
For sharing this news...
Upvoted and resteemed...
Cheers~~~~

Thank you so much for your resteem, @dinisanda

Wow its a coincidence! Just a while ago i read the post of @samstonehilltube about his account which is samstonehill was hacked. And now i came into your post @onealfa that someone tried phishing at you in the name of samstonehill. The hacker is using this account to hack another victim.

Please refer to @samstonehilltube blog about what happen to his hacked account:

https://steemit.com/steemit/@samstonehilltube/samstonehill-has-been-hacked-and-cannot-be-re-accessed-how-did-this-happen-and-what-are-the-solutions

Its very helpful and informative post @samstonehilltube and @onealfa and this will serves as warning to our friends here in steemit to be cautious to those hackers.

One lesson is never ever give our code and logs to anybody unless its verified safe.

Thank you so much for your resteem, @elizahfhaye

Thanks for the warning! Seriously it's community like this that helps stop the scams before too much damage.