WARNING: Phishing is Back!

in #phishing5 years ago (edited)

image.png

DO NOT click on any links in comments. Phishing is back on Steem.

image.png

Do not use your active key or password in any website. Use your private posting key only.

If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.


How does it work?

You will likely see comments and posts with threatening or attractive links. Ignore them. Don't click! This is a common phishing ploy and over 1000 accounts are currently under phisher control. Some of them you may know as former friends. Whatever you do, do not click on anything.

The links look like they belong on Steemit or another legitimate front end but they do not. They take you to a website that looks similar and trick you into revealing your credentials.


Resteem this to get the word out.


More resources:
https://github.com/gryter/plentyofphish
https://steemit.com/phishing/@guiltyparties/phishing-warning-2-0
https://steemit.com/phishing/@guiltyparties/phishing-messages-faq


Like what we're doing? Support us as a Witness.

Sort:  

If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.

You can change your recovery account via Steemworld.org

Click account details.

Click Change Recovery account

Sign the transaction with your private owner key.

image.png

.

Yep! My recovery account is one that I own. Prompted by this very post!

My recovery account is Steem but can I change that without a master key?

I'm a little bit wary of using my owner key there. And the Steemconnect link is invalid.

Change keys after you do this if you're that worried. :)

Might have to. Don't want anything relying on Justin Sun providing a service to me.

Could not get this to work, not sure if I missed some step, always used steemconnect.

It takes 30 days for the recovery account to change

Thanks for assistance!

Just who to trust?! ha

Thanks to share here

good to know, scary still

I have a question. What is required to create a recovery account? My first account, this one, was made via Steemit in 2017. I have not seen a private master key for this account and I assume whoever created this Steem account (my Steemit account, @joeyarnoldvn) for me on my behalf has my private master key. According to Steemd, my recovery account is Steem or @steem.

Which keys are required for changing recovery accounts or can I change mine?

If you log into steemitwallet.com you can get your private keys.

Your master key (or password) provides access to all the below

Your posting private key lets you post transactions to the blockchain.
Your active private key lets you transact - power up, send steem, etc
Your owner private key lets you change your recovery account.
Your memo private key lets you read encrypted memos (transfers sent with a prefix of a pound symbol (#)

Hope that helps

Think of this as having different locks to different sections of your house.

No. I've tried many times for years. I've been having this problem for many years now. I used to write articles about this. Based on what I've seen since like 2017, I have not had access to my private master key. I believe I never got it in the first place. I am not new to Steemit. I have made three other accounts and I obtain master keys to two of them and do not have master keys to the ones I made via Steemit as they keep the master keys. My recovery account is @steem.

I'm not sure I understand, when I signed up my account ~3 or so years ago, I did so via steemit.com, and I remember painstakingly writing down all my keys by hand, including my masterkey (password)

I've changed them a few times since though!

Yeah. You might be right. So, it is possible that I lost mine if that is true. In 2019, I created another account via Steemit and did not get a master key. But when I created 2 other accounts via another website, I did get the random twelve words or passphrase similar to what you get for Bitcoin and other cryptocurrencies. So, I saved those master passphrases for those two accounts.

Are you talking about just a password or a passphrase as in twelve random words?

Password. Mine is not a key phrase.

Thank you. Resteemed.

Good to know. Thanks.

Sad to see but I guess we might have a better chance with blacklists and downvotes this time to deal with them then we did in the bull run.

Thank You!
Very Good Info!
👍🏼😁👍🏼

Good looking out as always. Retweeted and resteemed.

At the moment, I didn't encounter such comments. Thank you.

Using Keychain rather than manually entering keys should reduce the risks.

Спасибо за информацию и с праздником вас 8 Марта.

The evil forces are amongst us on the steem blockchain.

Thanks so much for the warning @guiltyparties!

Resteemed 🤗

Thanks for the warning. Resteem

This has been around and people should be aware to never click anything that is from an unknown

Congratulations @guiltyparties! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You got more than 3750 replies. Your next target is to reach 4000 replies.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard:

Downvote challenge - Add up to 3 funny badges to your board
Use your witness votes and get the Community Badge
Vote for @Steemitboard as a witness to get one more award and increased upvotes!

@guiltyparties Two questions if I may.

Where have these evil forces come from all of a sudden?
Did they see opportunities on twitter, or is it something else?

How can we see a list of entities that have our active key?

Thank you for this warning my friend. Upvoted and resteemed!

Passwords:

2 of accounts were made via Steemit and I can confirm that I've not seen master passwords or private keys for those accounts meaning that the master key is probably kept by the accounts that create new Steem accounts on behalf of new people trying to join.

Obtaining Master Keys

I've created two additional accounts via another website and was given private master keys for those two. So, I can recognize the difference. At first, I thought I lost my master key for my first Steem account that I created, which is this one, via Steemit in 2017, but I am pretty sure now that I never got the master key in the first place. I used to ask people about this the past three or so years and I have been confused about the details off and on over the years.

Not Via Steemit

I'm writing all of this for the record to let people know that it would be better to create accounts via other websites. Well, technically, you would need to have a Steem account or at least be sponsored by another Steem account that can create an account for you on your behalf. If you don't do it yourself, you may not get a master key or somebody else may obtain a copy of that master key.

Changing Master Keys

If it is possible to later change your master key, then that might be an option. Making an account on your own might be a bit complex for some people. So, I can understand if people would prefer the easiest way to join or register or sign up possible.

Congratulations @guiltyparties!
Your post was mentioned in the Steem Hit Parade in the following category:

  • Pending payout - Ranked 6 with $ 64,22

Thank you for the warning!

So what's the reason you are downvoting me?

Can you show me where?

I do apologise my bad
I clicked in wrong place it wasn't my post you downvoted but the Mormon comment underneath
Good on ya!