Phishing Warning

in #utopian-io6 years ago


image alt


Phishing has restarted on Steem. Hackers have produced hundreds of comments using over a dozen different stolen accounts. The comments have malicious links and are written in a way to entice and trick users to click on them.


This is an example of a phishing comment.

A comment like the one above will take you away from Steemit or any other Steem front end. It will take you to a website that's made to look like a legitimate service. It is actually a fake website.

The fake website is designed to trick you to put in your account name and password (or active key). When you do that, the hackers log into your account, steal all your money and change your password. Then they use your account to spam other phishing comments with.

Flags/Downvotes

The @steemcleaners team of accounts (which includes @guard and @plentyofphish) will flag any malicious phishing comments a hacked account posts. We will try to flag it to negative reputation where possible.

If you restore your account, make sure to let us know right away. We will remove all the big flags we can to restore your reputation. In return, you will have to delete all the phishing comments the hackers posted through your account.

Warning: Please don't delete comments that have a large flag/downvote on them or we cannot remove it!

No Free Money

The hackers want you to fall for their tricks. There is no free "30 STEEM". There never will be. They just know that you want to earn on Steem and are trying to trick you.

Report!

Report any phishing to us at https://discord.gg/STXSV4g or through our form at http://steemcleaners.com/reports/new. Phishing takes precedence over every other form of abuse. Even if you're on our blacklist, we will still help you. Our #1 goal is to stop phishing and support the Steem ecosystem.

Recover

Take a look at your account's Steemd.com profile.

Example:

Creation Service

Recovery account: @steemmonsters in this case. That's the Trustee Account that must be used to recover your password.
Last account recovery: The default date is 1970. If it says a different date that's the date the account was previously recovered (password reset).

In this case, the user will have to contact @steemmonsters (by going to their Discord and asking for help) to have their recovery process started.

Steemit Inc Account

Recovery account: @steem. This is the most common situation as most accounts were made by Steemit Inc for users.

To start your recovery process if your Trustee Account is @steem, go to https://steemit.com/recover_account_step_1


This is what the recovery form looks like

  1. Put in your account name
  2. Put in the last password you have for your account
  3. Submit the form and you will see a form with more information
  4. In the second form, make sure you put in the email you signed up with originally

Check your email often! Account recoveries take Steemit Inc approximately 24-48 hours.

Reference Guide

If you're not sure how to reach your Trustee Account, check out this contact list on the @plentyofphish GitHub repository: https://github.com/gryter/plentyofphish/blob/master/guides/account-recovery.md

We welcome users to translate this post in their own words and post their own phishing warnings!

Sort:  

This is urgent information for everyone to be aware of.

Phishing is one of the top abuse we need to minimize on the platform. It has a tendency of creating domino effect that we shouldn't allow to happen.

I hope everyone can be safe and help flag the phishing comments.

I also hope that the different non-English communities can translate this post as soon as possible and let every member share to their followers.

Thanks for the warning and for staying on top of it.


Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Chat with us on Discord.

[utopian-moderator]

Thank you kindly. We're asking for all possible translations to get the warning out.

I will do my best to translate it to Greek today.
It has been already resteemed by the official @greek-trail account.
Thank you for all your hard work, keeping this platform safe.

Just dropped the Japanese translation and hope could spread to the community
https://steemit.com/japanese/@glastar/be-aware-of-phishing-website

Thank you! Domo arigatou! :)

Thank you for your review, @lovenfreedom! Keep up the good work!

Resteemed. Thank you!

Hahaha, I looked for him in the translator and he gave me Vietnamese-detected. Hahaha I love this writing around.

thanks for the heads up and the process to recover accounts...

resteemd

Tagging @luueetang who was a victim of the scam

Re-Steeming this.

I've noticed that within the "legitimate" Steem community of websites and applications, one will be asked for one's private keys on a regular basis, and these legit sites and apps will store (if you allow it) your keys so you don't have to provide them each time you use it.
Myself, I don't use many of these 3rd party sites but most other Steemians I've met seem to. Even so, I've provided my private keys to at least a few such legit companies/apps, and so far haven't had a problem.
This warning gives the impression that users who provided their keys to scammers, who presumably looked/acted just like all these other legit sites and apps, were greedy and/or stupid.
I bet many of them simply got a bit careless. That it happened to so many people that a site-wide warning had to be issued seems to indicate that this wasn't just a couple greedy idiots. But perhaps related to the fact that even amongst the legit sites, we're made to provide our keys often, and these sites often sound very similar, so it's easy to mix them up.
Maybe changes need to be made, because there will always be a few careless people, or instances where normally careful people make a mistake. It shouldn't be so easy for scammers to take over large chunks of a blockchain. It's not just greed and stupidity imo.

I'm in the same boat, now I only use posting keys but for @steemfollower and @steemengine I think originally I accidentally used my private key. Seemed good so far....

This is the Greek Translation

Thank you! These phishers, they always find new ways and new names, but it all boils down to the same manipulative comments or messages. I'll accept their 0.01 Steem when they send it to send me their messages, but I'll ignore their messages.