I just received this as a comment on my recent blogging challenge post:
First I notice is that it is directing to https://justinhiveairdrop.blogspot.com, which is a weird address for an airdrop. But ok, when I click on the page, I am greeted with this:
Clicking on this brings up something that is supposed to look like hivesigner. But it is definitely not: look at the URL!
Just to make sure, I entered a fake username and password to see what happens; if they were actually using the password and not just storing it, it would expect to see "bad password". Instead it showed:
It seems pretty clear to me that this site is storing usernames and passwords in order to scam people. If you are unfortunate enough to fall for this, please change your password immediately!.
Good luck, and stay safe out there.
♥️ shawn.
Unfortunately some people will fall for this. Associating the airdrop with Justin is enough to raise warning flags for a lot of us.
I don't like that Hivesigner suggests you enter a master key as that should almost never be used. Unfortunately many will not check the URL.
Stay safe.
Agreed, a key with posting privileges is all that is usually needed.
One of the things I love about password managers (I use Dashlane) is that they fill in the password for you based on the URL. If only everyone would use those, these phishing scams wouldn't work so well.
I use Lastpass and it has served me well, so I don't even mind paying for it.
I used LastPass a few months ago, but their free service became even more limited to the point that they are already pressuring free users to pay for a premium upgrade. 🕵️♂️ It is also not open-source. ☹️
A free and open source option is ideal, but I accept some compromise for my needs and I think it is worth paying for.
Bitwarden is not only FOSS, but it is cheap ($1 vs $3.50 of LastPass) and allows its users to self-host for free. 🤔 Anyway, I acknowledge that you have chosen to use LastPass for your own needs.🙂
A working password manager is well worth paying for. Any of them. I got into Dashlane while they were still an NYC startup and paid I think $80 for a lifetime license. Has saved me a lot of time ... and phishing :)
I would expect this to mutate to something similar soon. The scammer knows the community (soon) will be aware of that banner. I'm sure said scammer has even more accounts that he can abuse (and ruin) as well.
Sadly that's probably true. You have to be so careful with keys and we have to drum it into people that they never give the master key to anyone. I'm not even that keen on using Hivesigner as it tends to be awkward to use. Keychain works better for me.
Congratulations @shawnlauzon! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
Your next target is to reach 600 upvotes.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPThe url say it all!Justnetwork... thanks for sharing !
You're very welcome, thanks for the support!
i saw that shit earlier, thanks for making a post about it
Posted Using LeoFinance Beta
You're welcome, I hope it helps some people.
Oh, they upped it
When I got the message it was 450 Hive hahaha
Well, I didn't click it but you've done it so I would have to :D
Yep, I'm the brave / stupid one :)
Posted Using LeoFinance Beta
We get so many of these scams all the time, I just don't understand why people still fall for it. Is that what greed does to them? sigh.....
I don't think it's greed. There are things such as airdrops and you can get free crypto. The problem is that people can sometimes get excited and not be extra aware of the possibility of scams. I just hope people can be a bit more skeptical.
I had a four-year-old account get phished recently with the same scam and a shortened link. Luckily, I had not been active on here for about two years, and they did not get much, but I learned a very good lesson. I personally do not care for Hivesigner at all myself.
Sorry to hear about that, it can happen to the best of us.
What is the lesson you learned?
Make sure any links I am following are going where they are supposed to!
Posted via D.Buzz
LOL ahhh yeah, that's a good one! 👏👏👏
Funny thing is, I have never lost a dime until this happened and I have been in crypto for over four years! I mine BTC with an ASIC miner and have a decent little portfolio in a lot of different places. However, I had not been very active on HIVE for a few years. I had cashed out my Steemit account when I was in school and needed the money to get back on my feet after living a pretty rough life for many years. If the "phishers" would have waited like a week, they would have gotten significantly more than what they did. So not only did I learn a lesson, I learned it at a discount!
I like those lessons: if they have to be learned, at least learned on the cheap.
Welcome back :)
Thank you! It feels like coming home! I love the people here for real, even the asshats!
Thanks for sharing good information.
Spamming comments is frowned upon by the community. Continued comment spamming may result in the account being Blacklisted.