ATTENTION - MULTIPLE ACCOUNTS HACKED - Steemit FAKE WEBSITE Stealing Passwords

in #steemrepair7 years ago (edited)

ScamAlert.jpg

ALL STEEMIANS BIG ATTENTION - THERE'S A FAKE STEEMIT WEBSITE AND IT WILL STEAL YOUR KEYS AND YOUR CASH, IF YOU DON'T PAY ATTENTION!!!

PAY BIG ATTENTION!!!

@runicar offers 50 SBD bounty to whoever makes an anti-phishing browser extension.
This is begun a serious problem and we will have more and more of this in a future.
The safest way is to check, of course, with others which page is safe to use and which one is suspicious.


RESOURCES TO VISIT

Please refer to the article written by @runicar to get more information about this :
https://steemit.com/steemit/@runicar/zr0i06c7
Please visit this video on dTube ( if can't be open on PC, use smartphone)


Steemit clone is called STEEWIT.COM, and also in my knowledge is not listed as as an official website to use anywhere on the net or Steemit.

Certainly, this was only made to phish out your keys, steal your identity and skin you naked of your money.

The newest victim was @enjoyinglife who was scraped off 200+ sbd and 750 SP delegation to a multiple accounts on Steemit.

Hacker really fried him well.

One person who was inviting some other members .... take a look at this ...

https://steemit.com/steemit/@nossy/be-careful-where-you-click-or-steem-phishing-or-stolen-sbd-from-users-or##

(THIS IS EDITED) is/was ( EDIT: I was contacted by somebody similar) also a member ( AN ACCOUNT WAS VERY SIMILAR) on our server and she claims her account was hacked and used to promote this phishing website:

https://steemit.com/stach/@aideedavies/my-account-has-been-hacked-all-spammy-comments-made-are-not-made-by-me

others reports of spammy activity on Steemit include fake website called Steemil.com

READ:

https://steemit.com/scam/@friendly-fenix/warning-fake-grumpycat-phishing-spammer

Please take in notice there are SAFE FRONTENDS TO STEEMIT, that are tested and used by multiple poeple without any danger to their paswards.

Also, when you do log into a service make sure you are logged in with the posting key and not thE master password.

THE SAFE FRONT ENDS TO STEEMIT ARE

( tested by me)

Steemit ( of course) and Steemit frontends

Steeming
Mspsteem
Viper-network.github.io ( but it is ugly)
eSteem
ChainBB
Busy
dSound
dVideo
dMania
dLive
Steepshot
Yehey.org
Steemitstage

THE SAFEST WAY IS TO CHECK IN THE STEEM APPS OR STEEMTOOLS : http://steemtools.com/
WHICH IS LISTED IN THE SIDE MENU RIGHT ON THE STEEMIT WEBSITE.

There are many STEEM blockchain based services. These pages are not Steemit and they are not controlled by Steemit. If you want to use them - check about these things in community.

IF YOU WANT TO REVOKE ANY APP OR SERVICE WHICH YOU LOGGED IN WITH STEEMCONNECT USE THIS CODE

https://v2.steemconnect.com/revoke/@NAMEOFSERVICE

AND THEN CHECK IF THE SERVICE IS STILL PRESENT IN YOUR STEEMD.COM PROFILE ON THe LEFT SIDEBAR DOWN.

big update: I am absolutely certain that people with similar identities were contacting me to join some things.... but I am always lil spaced out to actually pay attention to so many things...

info article written by @aschatria for @steemrepair

Sort:  

Upvoted and resteemed

I hope this will stop and that we will get those people's account back. I spent an entire day on Discord informing people and I really hope somebody had some use of this. Thank you for supporting our community account!

3 Questions:

  1. Many services connecting with SteemConnect won’t accept the posting key but only the active key - how safe is this?

  2. When you change your password does it regenerate all keys?

  3. If you were to be hacked what would be your first clue? And how should you proceed?

  1. You have to see what service is that and if it is listed in Steem App center. http://steemtools.com/
  2. It regenerate but old set still contains verification. The app will not disappear in SteemD list, you can try for yourself, it doesn't work.
  3. First step is check that website before logging into it.

I hope that @runicar bounty will work and that somebody will develop an extension to detect suspicious websites. Those pass keys are usually just stored in browser or your device, if they are stored in the website, that is never a good sign.

Let's hope all these talented coders we have on here will get that extension done. Thanks for the reply!

Thanks for the info. Recently there has been more and more scam and phishing sites. We really should be extra careful when we want to login to whatever sites which may looks like steemit or even link to steemit.

Thanks for the information. I do know that quarator and the quartor bot both got hit. Sigh.

They ARE using accounts you would normally trust to promote....

I just got a popup notification that Qustodian has been hacked as wellScreenshot_18.jpg

thanks for the heads up!

Nice, the anti-phishing browser extension will make steemit more safer

Thanks for the information. I think a better way to curb all of these, is to include a 2fa password to a person's phone number or email.

I am talking about Steemit frontends, they require Steemit KEYS to login, not some random website!