IMPORTANT!! NEW SCAMMER on STEEM trying to get YOUR KEYS

in #steem7 years ago (edited)

scam_alert.png

It seems that someone has gotten access to an account @ahlawat, which is getting used to create posts which redirects to a scam Steemit-Clone: steemiit.tk <= SCAM

Post:

https://steemit.com/steemit/@ahlawat/2qweaq-steem-price-will-fall-sharply-next-week-because-of-a-single-statement

The link in the red box will redirect you to steemiit.tk which is a clone of steemit that will steal your keys.

I'm not sure how many more accounts there are, but let's make sure that all of these posts are hidden.

Also, you can comment other posts/accounts that are getting used for this SCAM in the comments.

How to be safe?

Make sure that you are actually on steemit.com or another verified site (for example: steemitstage.com)


ps: thanks to @felander for giving me the info about this scam.

Sort:  

If your account gets hacked and your keys get changed, is there a way to reset your password? Like with the initial phone number or email you signed up with?

Or perhaps Steemit should implement a new password recovery system using secret questions and answers!

If your account gets hacked you can use this like to recover it using the password you had (as long as it's been changed in the last 30 days.)

https://steemit.com/recover_account_step_1

Since this article is about the danger of links...if you prefer not to use the one above (I can understand that,) just goto your wallet, click password...and you'll see a link for "Recover Password" to the right of the Current Password field.

They already have a recovery option using your master key. Which should be stored offline and never used to login to anything. It's strictly used to change your other keys and for account recovery only.

oh, thank you for your help.
Everyone out there becareful. There are always people like this, so we just have to be careful.
What can we do to avoid that?

I totally agree @suf1an. It is important for the growth of Steemit as a platform that there is a sense of trust within the community, and it gives me a lot of hope for the continuity of Steemit when I see other people stepping up and doing the right thing. Thank you for your post, have an upvote.

Yeah, that's totally true. I agree with you on this.
No community can grow if you don't have sense of understanding and trust.

You both are right, i agree as well :)

if we help each other is a win-win

maybe is the last step to evolve :)

edit: Alright, the account was nuked by @spaminator. Ty guys. No need for any more flags unless the account posts more.


PLEASE FLAG THIS:

(WARNING, these posts contain a link to a phishing site that may compromise your account)

These articles still show the link and are visible. For the warning comments to show up (the poster creates a big wall of <br> to hide the comment section) we need the post to be hidden through flags.

If you can flag them, please do! They're around $0.86

Thanks for exposing this piece of shit, and for keeping the rest of us safe mate.

Now we need to find him.

Get Bernie on the case, that guy is hella good at tracking down scammers!

Wow, I just checked with dummy text and after you press login it redirects you right back to steemit.com.

It seems to have been infiltrated into yesterday. The money in the account used to cycle between rewards and self-promotion with bots.

But then all the money the account had, and all subsequent rewards, have been sent into a bittrex account.

Interesting. I recall @ahlawat as being a #redfish community supporter. Thanks for bringing this to our attention @therealwolf!

On an unrelated note, any idea on the turnaround time for smartsteem white listing? Been waiting for about a week and looking forward to making good use of the utility with my following.

Thanks in advance.

P.S. I forgot to mention. We have a relatively new crowdfunded spam fighting initiative that incentivizes downvoters. From the looks of ahlawat's account. It appears to be handled but wanted to offer our services in the future if you become aware of any other abuse that an incentivization system would help address. We're pretty small now but with the prevalence of abuse on Steem there is certainly room for growth.

no worries, I have commented on all the posts so far to warn users of this... hopefully they will listen and heed the warning

You should have been a little more forceful with the comments, I think. You could edit them to have something on top like

"DO NOT CLICK THAT LINK, IT IS A SCAM TO STEAL YOUR ACCOUNT"

at the time i did not know... I sent the link to @therealwolf to check so I phrased it a bit more carefull in case I was wrong. (I do not know coding and wanted to be sure)

Yup, it's ok :) But you can edit it now that you're sure.

There’s always someone that tries to take advantage of a good thing and give it a bad name! It only takes 1 bad apple to ruin the bunch unfortunatel, let’s try to keep this platform safe and user friendly

Thanks for the heads up ! ‘Preciated!

How does it try to get your keys? Does it say you’ve been logged out and try to get you to sign in again? I’m wondering which keys it’s trying to get or where it’s trying to get you to sign into/use your keys. I typically only use my post key for general logging in. I try to be more vigilant where and when I use my other keys.

The user seems to have been hacked. The account spams and changes posts to "Dont vote for me" bla bla bla and i see that he posts links that look like they are on steemit but send you to the scam site trough a google shortener. Check this: