Never give your password and double check on which website you really are!
I already warned you about several (potential) scam attempts (see bottom of this post for a list of them). Here is a new one.
Description
The scammer publish the following comments on user’s post
Or
If you click on the link in the comment, you will be redirected to the following site:
The site is a simple one page website created with Wordpress.
If you click on the “Connect to Steemit” button, or on the “Connect“ menu in the top right of the page, you will land on the following page:
The page maliciously mention SteemConnect, despite the fact it has clearly nothing to do with it.
If you enter your credentials and click on the “Connect Now” button, you will get the following result:
A quick review of the page source code shows that this is a simple form and guess the entered credentials will be stored to hack your account!.
Preventive action activated
Up to now, the scammer has already posted 325 comments to users.
I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.
If you find similiar pishing attemps, contact me on steem.chat
To protect yourself, you can:
- always double check before clicking on a link, especially if this links take you away from steemit.com.
- verify the reputation of people writing comments on your posts. A user with a low reputation shoud trigger you attention.
Previous threat alerts
If you missed them, please find here the previous alerts I published:
- Scam alert and white hat counter-strike
- Phishing exploit has been stopped - Scammers thwarted!
- Potential scammer reported- @jones420
- Fake Steemit website try to steal your password!
- Phishing attack to steal your active key
- Potential scammer reported - @minnowpond
- Scammer reported - @russiann
- Scammer reported - @steemitrobot
- Scammer reported - @tripadvisor.com
- Scammer reported - @harquick
- Scammer reported - @gtg.witnesses
- Phishing site reported - sleemit(dot)com
- Phishing site reported - www.steemitfollowup(dot)ml
- Phishing site reported - www.steemitfollowup(dot)cf
- Phishing site reported - www.autosteemer(dot)com
- Phishing site reported - www.autosteemer(dot)club
- Phishing site reported - upperwhale
- Phishing site reported - steamit(dot)ga
- Phishing site reported - steenit(dot)cf
- Phishing site reported - steemautobot(dot)ml
reminder
A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:
Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!
Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.
Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.
Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!
4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.
Spread the words, resteem this post to your friends, and you will make the platform safer.
Thanks for reading!
If you notice any new suspect activity like the one described above, drop a comment on this post, contact me on steemit.chat or via Telegram (@The_Arcange)
I am the victim of AutoSteem(dot)info. After connect its auto comment at many posting and people downvote me. Now my reputation is lower and my post cannot display. They also stole my SBD in my wallet. @arcange said :WARNING - The message you received from @abbyrich is a CONFIRMED SCAM! Pity me. I don't know how to make my reputation back to normal from -1 to 25. I'm a newbie in steemit. Please help me.
Hey @abbyrich
Sorry to hear about your account.
I have been hacked two weeks ago, and I managed to get my account and reputation back. It can be done, but it will require some effort.
First: I’ve written a guide on which steps to take to get your reputation back.
You can find it here:
Got Hacked? Here's How To Get Your Account And Reputation Score Back! (legit link - I promise)
Basically, you’ll need to edit every single phishing comment that has been sent out from your account to make it harmless. (Important: do NOT delete any of the flagged comments. Once deleted, the flag can’t be taken away anymore!)
No worries, in the guide is said you need to do this manually, but meanwhile a script/website has been released which will make the process faster and easier.
I haven’t tried it myself (since it didn't exist when I was hacked), but it should beat editing them one by one, especially if there are a lot of them.
You can find more info about the mass comment editor here:
New Project: Steemit Massive Comment Replace
Once all comments have been replaced by an innocent message, you need to get the flags removed. The Steemcleaners Discord channel should be your first stop (explained in the guide), then you’ll have to explain the situation to everyone who has flagged one of your comments, let them know you’ve edited it and ask them to take the flag away.
Since the phishing scam has been going on for more than two weeks, I assume most people know about it by now. I don’t see why people would refuse to take the flag away when they see the comments is harmless.
I told you, it would take some work. But I’m the living proof that if you take the correct steps, you can get your reputation you’ve worked so hard for back.
Good luck.
If you have any questions, feel free to ask. Also, people over at the Steemcleaners Discord channel (https://discord.gg/aVJ5cGy) will be there if you need more help.
@simplymike
This is amazing info, I can't believe it doesn't have more upvotes. Very helpful. I haven't been hacked but I'll definitely use this info if I ever do. I almost fell for the one the original post mentions but it just felt fishy. Now I'm interested in busy.org but am worried that it was Steem info so I'm trying to get opinions on it. And does anyone know why I can't resteem this article?
You can’t resteem posts that are past-payout (7 days old)
What you can do (I did it inthe past), is write a new post with a short introduction and then add a link to this post to it.
Awesome thanks Simplymike. This is an amazing service that Arcange provides to the community and, as for me, is greatly appreciated. As well as your kind help with resteem I g and reposting. Thanks much
Hey @abbyrich
I see you’ve got (some of) your reputation score back.
Could you let me know if you used the mass comment replacement script and if it worked?
Yes, I used replacement script and it worked. Thanks for your suggestion.
WARNING! The comment below by @haccolong leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
I am learning new things @arcange. Thank you for letting us know. This is very helpful to us.
thank you @arcange for warning us about this scam people who devour our fellow steemians hard earn money.. your blogs helps us a lot God bless
WARNING - The message you received from @haccolong is a CONFIRMED SCAM!
DO NOT FOLLOW any instruction and DO NOT CLICK on any link in the comment!
For more information, read this post:
https://steemit.com/steemit/@arcange/phishing-site-reported-autosteemer-dot-com
https://steemit.com/steemit/@arcange/phishing-site-reported-autosteemer-dot-club
https://steemit.com/steemit/@arcange/phishing-site-reported-autosteem-dot-info
Please consider to upvote this warning if you find my work to protect you and the platform valuable. Your support is welcome!
Thanks for reminding
I did not know about that!
It shouldn't be hard to detect when a user is posting the exact same message over and over again on hundreds of posts, and you should be able to flag USERS not just posts, that way they can have their accounts analyzed by the community. Everyone should be able to take a moderator role and be rewarded for the time they spend sifting through posts and flagging spam, because as it currently stands, we receive no rewards for the time we spend moderating steemit.
All human psychology is based on risk and reward. Human beings will not waste their time moderating steemit if they do not perceive some sort of value as a result of their hard work, and I'm sorry but "making steemit better" isn't going to motivate everyone.
Simply reward users for flagging spam.
How? By waiting until a post or a user has been flagged over 100 times then rewarding every user who contributed to that flag and deleting the post and flagging the user as a potential spammer. After 3 account flags, your account enters group moderation and anyone who wants to spend the time investigating the account can do so and put forth a vote on whether or not the user should be banned on the platform. After 100 votes to ban a user, they are banned.
How do we prevent this banning system from being abused? After all people could just flag things they don't like?
If you flag something to be banned and after 3 months it has not received enough votes to result in a ban, it is escalated to high priority and users are rewarded even more for voting on it. If after 1 more month the user does not receive enough votes to end in a ban, all users who flagged them receive a flag on their account as potential abusers. After 3 flags, THEY enter the moderation system and the process continues.
What do you guys think of these ideas? Obviously we don't have to set the number at 100 votes, that was an arbitrary number. Please upvote if you think this would be useful to the developers, as I cannot code these ideas myself.
Thanks for letting us know @arcange. Im sure this article is very helpful to us. Thanks :)
Thanks for your service in keeping the steemit community informed of such. This will go a long way to protect fellow steemians and the general steemit community.
Keep up the good work!
Thanks. I don't know, why I goed to that link.. I'm a very stupide
Great work your doing! so actually we can log in with just our posting key?!
Yes. You should always log in with your posting key and only use other keys when needed.
Thank you so much @arcange for this warning, good thing we learn this from you, so we will be very carefull in the future if we encounter same scenario we will make sure to follow your instructions and guidance...you're such a blessing, thanks again!
@arcange thanks for the inform, thou have been thinking of you viewing the site from another phone, but feeling skeptical about it.. Not until i stumbled upon your message in my acoount. Thank you so much for your help...
You're welcome!
thank you very much for the information you provide
Warning
The phishingsite you showed here
https://steemit.com/steemit/@arcange/phishing-site-reported-steemautobot-dot-ml#@isfet.mage/re-arcange-phishing-site-reported-steemautobot-dot-ml-20180329t203353580z@isfet.mage/re-arcange-phishing-site-reported-steemautobot-dot-ml-20180329t203353580z@isfet.mage/re-arcange-phishing-site-reported-steemautobot-dot-ml-20180329t203353580z
Has changed
know the website has a different look and another account advertise this post
Here the phishingatttempt:
(in the comment section)
https://steemit.com/warning/@isfet.mage/spontaneous-phishing-warning
i tried to follow those instruction but before that i have read your post and then i ignore that post. so thanks very much for the sincere and supportive info. follow and upovte my profile @mirror001
MUCHAS GRACIAS, POR ESTAR AL PENDIENTE, DIOS LO BENDIGA
Thanks , I realized when i clicked on the name, but I didn’t connect , I just wanted my post naturally grow without any artificial boost.
I hope these kind of scam accounts can be shut down to ensure the safety of this website
Thank for information. Good lucky for you
Good
I fell for this, I have googled the site and nothing showed up. Now I have nothing to lose because I don't have much money on my account. Does resetting my password resolve this problem or do I need to do something else?
If you still have access to your accounts, resetting your password will be enough.
MUY ÚTIL TU POST GRACIAS!
Thank you for announcing me in my post because I like to click on the page I throw an error I never did anything and closed the page and you told me later I check that it is, thank goodness that you warned me and I did not do anything very many thanks to you vote as witness greetings
Very thanks!! I was about to press him and you saved me.
can i traduce it to spanish?
I do not know why he got into my post comment when his reputation -1, I do not know either. provide a solution for me, I do not want my account to be a problem, a lot of energy that I spend to achieve my reputation. thanks for suggestions and feedback for me.
Can they use my posting password ?
I'm very interested in busy.irg but it wants my steemit account information to log in? I think anyhow. Can anyone explain this to me or couch for this website? Seems a lot like steemit, I'm just confused as to why it wants Steem info if its it's own site
oh thats really bad if you don,t tell me i would never know about that
am sorry m not well in english m trying my best this post would be really helpful for all steemians you did great GOD bless you thank you for your kindness
hola yo cai en ese error como hago para solucionarlo
I guess autosteem(dot)info is also a scam site.
I have doubts as soon as I get the link from the comment.
Thanks for the information
I have corrected it