Hey there,
A quick warning to all steem users. There are some well-made phishing attempts going on who try to get you password. If you entered your password in a phishing site, please immediately change it at https://steemit.com/change_password !!! (this deserves three !!!)
One example of a phishing attempt is this post (I only provide screenshots and no links so users don't attempt to click them):
This user tries to get you to click on a link. Under it is a lot of intentionally blanc space to give you the feeling of a paywall. If you click the link you get to 
(Translation: not safe (no https, a first indicator that something is wrong) and not steemit.com as the url):
It now shows you a fake screenshot of the same article and a fake login box. If you enter your password here, the scammer succeeded. To iterate again: If you entered your password in a phishing site, please immediately change it at https://steemit.com/change_password !!! (this deserves three !!!)
I flagged this specific post and will flag all other attempts of this sort that I know of. Please always check the browser url before you enter your keys and use your brain. If something seems off even by a small bit, stop and think for a second. If you notice something new or something weird, go through this checklist:
- Is the url steemit.com?
- Is is a https site?
- If you can, verify that the certificate is valid:
- If you can, verify that the certificate is valid:
- use a bookmark to steemit.com to be extra safe
- never click on links from email or inside posts
- if you are unsure, ask others to have a second look. You can always ping me on https://steemit.chat/direct/reggaemuffin if you think something is off
How to change your password:
Click on this link in the sidebar. Make sure it really is this url: 
Enter your username and your old password. Then click on Generate Password and save it somewhere safe. reenter your password and check the disclaimers. Then click on Update Password.
If done fast enough this will lock out all scammers from your account. Be sure to not fall for them next time. If you use services like Steemvoter, remember that your keys changed and you have to give them your new key, if you want to continue using their service.
I am watching the comments under this post, so if you have something to add to this list, please leave your suggestion.
To support me, vote for @reggaemuffin as a witness:
Go to the witness page https://steemit.com/~witnesses
Scroll down and enter reggaemuffin in the box:
Click on Vote
Thank you for supporting me :)
-My original witness post-
https://steemit.com/witness-category/@reggaemuffin/witness-reggaemuffin
Dear @reggaemuffin and all dear Steemit users!
I firstly apologize for being so stupid to click on this post, but the title seemed interesting...
I gave my posting key, because the pop up window looked the same as if I was logged out of Steemit.
And then the nightmare started....
Someone posted the same viral post in my name three times and started making upvotes. I immediately wanted to warn others not to fall into the same trap and tried to post a comment under the original post, but this has been deleted.
Then I changed my password and tried to delete the spammer posts somehow, but I could not succeed. I could delete the content, but the first tag remained (bitcoin, cn etc.), I could not change it to "spam".
And I got receiving downvotes and all the bad replies on what a monster I am for posting such a shit.
I was really shocked, I felt embarrassed and puzzled, I really did not know what to do. I tried to post and ask for help, but @cheetah immediately commented on me and said I was a spammer, and ID-thief.
It was so miserable.
Finally I managed to get in touch with @patrice on steemit chat, and I received a wonderful assistance. Thanks again for it! I was cleared from the black list and finally the great darkness around me started to dissolve.
I would like to thank everybody in this community for helping me in the recovery. Now it seems that things are getting back to normal.
And I have learned a huge lesson: look at least twice before you type your key and click on anything suspicious.
BEWARE OF "WELL-SOUNDING" POST TITLES posted in popular tag categories.
PS: I hate people who use their creative energies to hurt others....
I am glad that you are safe now!
We had to flag your posts so other users don't fall into the trap. I gave this comment a big upvote, so your account should not have lost anything from the flags it received.
Pushing this to the top of this post so others can read as well :)
Thank you very much I really appreciate your help!
I learnt my lesson I think... Hope others will learn from my mistake too. :-)
Voted on you as a witness! :-)
Thank you for your support!
These scamming attempts work because they make it look like the original site and only a moment of paying less attention is enough to get the nightmare started. :/ Thankfully you got everything fixed. If these phishing douches will do the same here they do everywhere else, then the next steps will be photoshopped positive comments glorifying the article and fake emails. "Enroll in the monthly Steem giveaway! Win up to 1000 Steem!" OR! Using someone's name+picture for an article to deceive their followers. Slightly changing the name, sometimes it's really difficult to see the difference.
Check this: ksoIymosi with a capitalized "i" as the 4th letter. and then the original, ksolymosi.
ksoIymosi vs ksolymosi.
OMG, that is almost impossible to notice...
I hope you won't be right, but I am afraid that these bastards won't stop here...
Wow! That’s crazy!
my reputation is just a bit higher then yours but my upvote should not give much in the way of money but might give you just the little rep bump...
and you are right, it is sad that people use their creative energy for stuff like this...
You are very kind, thanks a lot!
The burnt hand teaches best... sadly. Glad to hear you are more wary now.
You are right! Thanks!
Good for you in your persistence and efforts. Good for us that you posted your work about getting back to the fold. Inspirational thank you. Good things can happen in very odd ways
Thanks a lot!
Changing passwords is something most people put on their need to do list ASAP, and before long, they’ve started perusing articles and it never gets done.
Others are wise and disciplined and change their passwords frequently.
I am 99.9% sure I ‘fell’ for one of these scams in the past week or so.
I’m probably just over paranoid after learning about this; but, without logging out, I got a requirement to log in on attempting to read a post.
In my ‘haste’ to read the article, I re-logged in.
Now, of course, this is probably my imagination. And wisdom, said then, and roars even louder now,
Change Password.
Thanks for being the patient example to the benefit of the rest of the community.
Peace.
Thanks for your support!
✌
✌
You are right :-)
Vote #1 Reggaemuffin for witness - let's get him in the top 20 folks!
more effort goes into scamming people than actually writing good posts at this point
Nice post on creating awareness!
I wrote a post here on how to protect yourself on phishing websites.
https://steemit.com/cryptocurrency/@dwongch/crypto-security-aaa-protect-yourself-and-others
Stay safe!
Saddens me to see how much creativity and effort is put into creating new ways of screwing others over. A cost both to those who gets F*&/ed and an opportunity cost generally...
Great to see that the community picks this up quickly and shares it to prevent further damages. Cheers for sharing.
Cryptoland is scam-heaven... really sad.
Nice share and good information for me and the others
Wow. Danke für die wichtige Information. Ich glaube wirklich, je populärer Steemit wird, umso heftiger werden die Attacken auf die Accounts der User. Mann kann vor allem die Passwortsicherheit nicht oft genug betonen.
@reggaemuffin WHAT IS UP BOSS !!?? ITS THE BIGFOOT WEEDZARD @nejc1107 HERE !
Bro just wanned to say that i come across here just becouse your DOPE COOL NAME !! haha ur the man :) i will follow u up :) so we can keep in touch !
All the best brooooo ! :D
Here is the missing piece we spkoke about @reggaemuffin
i made a little background history Post about it
So what happened to that skolymosi? Did he get banned? IP blacklisted?
Kicked out and never welcome again?
As soon as the account is recovered and the account owner contacts me I will remove them from the @cheetah blacklist after I confirm they have secured their account and they understand how it happened. This is just a temporary measure to help stop others from getting scammed.
hey @patrice you're doing much needed hard and good work, but could I have 2 minutes of your time at steemit.chat or discord?
Sure. Either one.
It can be that this as one of the scammed accounts, as the scam is spreading with each victim. @patrice is currently working with @cheetah to hide such posts while the accounts get recovered.
I get it. Once your account is hacked, your blog will function as bait for others.
Go Team Cleaners!!
If you notice any new phishing posts that are not hidden, please mention @patrice and @reggaemuffin so we can react :)
how many times are we allowed to change password in a year or the whole Steemit life?
Infinite times. There is no limit to it.
thanks for writing this to help people! Resteemed!
Be safe be smart be secure.
Good luck
@reggaemuffin
Regards,
@juliawilliams
Interesting post i think steem will ride on rocket soon. @reggaemuffin
Follw me
@juliawilliams
It is very easy to avoid such issues by incorporating a Two Factor Authentication for signing in. Everyone has a phone these days, and one form of identification could be to authenticate by way of a code sent to the phone. So it is not too inconvenient for users, and in fact people will appreciate the additional security - just as all of us appreciate the extra security at airports even though it adds to the waiting time.
I did read an earlier post about why n-factor identification would be an overkill for a social media site. Every established website has this, at least as an optional feature, so there is no reason why Steemit shouldn't have it too. All the more reason since there are financial transactions occurring on Steemit, and most active users also have money stored in their wallets.
Please let me know if you think that it is not a good suggestion at all.
That is sadly not possible, to cite my other comment:
It appears the user @ksolymosi, who "published" this post may have been actually phished first. Read her appeal here:
https://steemit.com/helpme/@ksolymosi/heeeelp-i-was-trapped-by-a-phishing-post
Thank you for researching this! Yeah every scammed account spreads the scam. I should probably have edited the name out, but at that time I didn't knew that 😊
Thank You @reggaemuffin this could save a lot of people from some major headaches in the Future...............
Thanks for your information. It could be so valuable and important to know.
@alexKARKI
You are right,security is biggest concerns than govermnet polices
I also recommend strong passwords
This post received a 20% vote by @mrsquiggle courtesy of @scooter77 from the Minnow Support Project ( @minnowsupport ). Join us in Discord.
Upvoting this comment will help support @minnowsupport.
Hey boss
Thanks for this great information, it will surely save a lot of people from trouble. Resteeming and maybe if everyone can as well, it will eliminate this bloody scammer and save more steemians
thank you, your posting is very helpful to us, you are worthy to get the award, your effort has been happy to people around you.
good work
nice information
thank you so much
Very good . . Thankyou for sharing @reggaemuffin. .
thanks , and thanks for you attention! This will indeed help new users not to fall to the tricks of someone.
Wow 😳 that is so terrible that people's passwords are getting stolen like this. Thanks for the warning, will be on the lookout.
All the work that goes into cheating others. Some talented people, too bad they do things like that.
really helpful. great work.
Really helpful...thanks for the information
Thanks @reggaemuffin
I thought i just saw someone has posted that kind of article last few minute ...lucky enough not trap by someone who does that...even i have nothing on my account ...😂😂
@reggaemuffin thank you for reminding us,
this is a very useful post for all users of steemit accounts.
but I've done this from before.
this is very valuable, please guys be careful
Thank you very much for exposing the scam
Scarry stuff
We need to keep them out of Steemit.com
Thank you for the heads up. That is certainly scary. Need to double check everytime it asks for a pw.
thank you for your update @reggaemuffin
Thanks for the info,it is in deed help to secure yourself from those scammer who want to scam people of their money,may God save us. I hope the steemit ceo should help out on how best to help secure our account
I really wish the crypto world wasn't plagued with such people. :/
Very very good work
nice information
Thank you so much
It would be really good for steem to introduce something like 2fa - at least one pin or seed that would be completely paper bases and let us reset every password - even master.
2fa won't work in a decentralized environment.
steem has the owner key/master password that is exactly for that purpose. To keep offline in case of crisis.
And it has a recovery process if your owner key got compromised, where your last owner key and your recovery account (most likely steem) together change your owner key to a new one, recovering your account.
there is such a need for education here.
Also I hope people are using more and more only their posting key to log in.
good
Thanks , for the informative article !
Always be vigilant at all times and watch out use you're brain. You're steemit account is like your bank account, malform are eager to take it from you.
Thank you for the post. Can you elaborate on not clicking links 'in posts' and how to avoid a bad link? The not clicking on emails is almost standard procedure now but a link ON Steemit would be something most of us would click. Is that what you were referring too?
There is a difference between 'on steemit' and 'in a post'.
I could right now in this comment put a link to superduperscam.com and you should not click on it. But for example the steem logo in the top left corner of the page is safe.
If you hover over a link, you can see where it will really take you on the bottom left corner of your browser window
(not necessarly true for cell phones), for example sometimes we make:pretty name link
some times we just paste the link:
http://steemit.com
But it is possible to trick you into
http://steemit.com
Hover over those links and find the one that will trick you into a different place.
It is just my profile, but a scammer can trick you into going to superduperscam.comLinks in articles are good because sometimes they take you a good article, or to the following article, or to other article that gives context, by hovering before clicking at least you can make sure that it is taking you to where is claiming to take you...
@patriot if you are still up to make those security series, this is something you might want to cover.
Thank you so much for sharing this! Have resteemed it to spread the word!
This post has been resteemed by @mrsquiggle courtesy of @scooter77 from the Minnow Support Project ( @minnowsupport ). Join us in Discord.
Upvoting this comment will help support @minnowsupport.
If only these criminals used their ingenuity on more constructive issues, we would be colonizing other planets!