Someone recently got his account stolen after following a link from @twinkledrop
Here is how the hacker proceeded:
EDIT: Seems like steemit updated their code and phishing links are now displayed in red. Great news !
The hacker posted a nice comment on one of his post saying:
(This is a demo)
Someone stole your post, you need to report him :
https://steemit.com/@potential-plagiarist/stolen-post
Here is the trick:
If you click on the link, you will be redirected outside of steemit.com, on a site that looks like the real site (it's fake) and you will be asked to login like you would on steemit.
The hacker used the fact that you can format a link in markdown like so:
[ LINK YOU SEE ] ( REAL LINK )
The link in the demo is formatted like so:
[ https://steemit.com/@potential-plagiarist/stolen-post ]
( http://www.bitsharesfcx.com/ )
How to prevent this from happening again
One way to prevent such hack in the future would be to warn users when they follow a link that redirects them outside of steemit.com
What to do if your account was stolen
Start there: https://steemit.com/recover_account_step_1
Thank you very much for the warning. I am always leary about entering any of my passwords.
It's so gross that people would be willing to stoop so low :/
That's what people do
I've been following this lately. The scammer is getting smart by using a 65+ account. I hope your friend gets her account back.
Thank you a lot @destbest for sharing this post. I am new here and most of my followers too, so upvote and resteem. Thats a serious problem. Greetings from Mongolia, Silbart.
Rainie Song @twinkledrop is still operating on steemit. I went in & saw Chinese language. Seems like steemit doesn't really care hackers, criminals, & terrorists on Steemit as long as they purchase steem...
For all we know, the account @twinkledrop might have been the first hacked account, it's a good thing imo that steemit is not taking any direct action but rather focus on improving the site so that it doesn't happen anymore.
I wrote 3 posts about the details of the scam:
These posts are very detailed, thank you for your work !
UpVoted !
Rainie Song's @twinkledrop was stolen. Now she is using a new account
Common sense is the best anti-virus. Thats what i always tell people
Very useful informations@destbest thanks for sharing with us .
The real problem is I have seen so many clone sites that looks exactly same like the steemit site.After some deep investigation I found out that there are some site exists there somewhat officially, and people were referring those sites while the steemit site was down.
So at this point how could we find out which clone site is real and which is phishing??
Hackers did their terrible job very smartly without any doubt. All of users be safe from them & provide more secure system. Very useful link you give us for report them if our account has stolen. tough task but possible one..all us will be protect maybe can be happen to us..Absolutely brilliant post @destbest.
Woah , That's Terrible .
Thank you so much for sharing this!
I'll keep this in mind !
That's one of the reasons I do not like URL editors.
Thank you very much for the warning.
if a smart guy before the check and control the link is safe or not but sometimes we forget it and directly click .! so this happens internet always . be safe be secure !
regards
be smart !
here is your vote result's - how is earn much money in steemit
Good example !
thanks dude follow you + :D
here is my post dude :D https://steemit.com/tr/@moorkedi/steemit-guevenlik-konusu like you
Great work !
I just upvoted your post 👍
thanks a lot your effort i only use your idea and write some good stuff :D like exp. programs free in turkish users and :D your result : turkish people not see any spam or hacks like that I hope ..
oui c'est un bonne travaille Merci a vous de @bakabou159704
C'est normal
Soyez prudent
Useful
I think this too
Thank u
You posted more valuable one bcz in this summer lot of account had hacked from scammers. You nicely introduce link as our if account has stolen. Also i hv suggestion. its do the needful for redevelop more secure connection.
Followed/ Upvoted & Resteemed
Hey. @destbest Very useful information thanks for sharing with us .
Thank you sir for importent information.
I am aware of the phishing site from the first or second day on steemit since and still haven't logged in to any other sites similar or clone to the main steemit site( Though i use busy.org).
But still I can see there are so many applications out there for steem blockchain and asking me for my steem key. I have been always afraid in heart while using those think what if they could steal my password.
How to find or measure the trustworthy authority of those other third party sites/apps , do you have any idea??
Very helpful and important post you sharing @destbest about steemit hackers.
You nicely wrote article how to report account hackers if our account stolen with give to us link.
Thanks a lot for give best service.
I`m follow you
Phishing is the right term, just be careful of what is in the address bar.
Also, if you make your browser remember your user/pass, it should not ask you that data again if you are in the real website.
Hacking is more like exploiting a bug to get an account.
thanks for it......
This phishing technique has been exploited since the beginning of time! What's surprising is people don't check the URL on top of their browser. Before entering your password, also check is the site is secure (begins with https://).
OMG, good thing I just found this blog! Thanks for sharing!
Interesting Information , Thanks for sharing . This scammers are a big trouble at the moment . When we get rid of them they are like pain in the ass.
I had upvote you.
Your post r very interesting and helpful. So I appreciate your working. It may inspaire many other. Like it inspires me. Can u plz follow me and upvote me . If u help me, my friend I will follow you. I had vote you. It's about amazing facts and Funny joke's.
I had upvote you and followed you. Follow me and upvote my posts.
Woah , That's Terrible .
Thank you so much for sharing this!
I'll keep this in mind !
thanks for sharing this. being new.. I don't like signing up for stuff through links on here.. lol!!! I am paranoid. lol
Signing in.......
@destbest,
I found this post helpful and therefore I am upvoting & resteeming it. I will be coming back for more.
Thank you for creating this hackers awareness post.
@stevenmosoes
Signing out........
Hopefully not many people fall for the scam. It's actually pretty common to see this type of link manipulation in e-mail scams, so hopefully most of use are aware of it by now.
Thanks @destbest. Information is solution to the problem as hand. I don't know what is wrong with all this internet hackers,an account that someone has labour and grow for months or year will just be taken by another person in twinkling of an eye. God is watching oooo
On judgement day,some people will not make heaven because they are hacker on earth. Keep doing it ,for your father the devil is waiting for you!
Thanks for the info and the warning against hackers. Hacker will go to any length. Sad. Many steemians wouldn't have known this if you didn't discover it. Thanks again.
hackers are everywhere, we have to be more conscious and thanks for informing us..
I resteemit your post. @destbest
Excellent post very informative @destbest.
Thanks for sharing.
Thanks for the heads up @desbest, Resteeming this one to my friends.
Good work!! Stay cool!
Why the *** this people keep doing scam!
Would they not know how hard to keep evolving in steemit?
@destbest thanks for the warning
Thank you for this great info, regards Gez
@destbest thanks for this very informative post. I am new here and I never knew what is really totally in here after I read your great post. Thanks again hope to no one hacked again.
thank you for sharing your post i cant believe there are people out there that would get joys out of doing stuff like this they need to get a life . kind regards amanda.
Hackers and phishing are stock intrade of the NWO , agenda gain control , sow fear ... I am under constant attack
one can never have enough education on security ... a bit of yubikey or something not connected would go a long way too
viewed, voted, commented, and re-steemed ...
anyone follows me i'll follow back within a few days
thank you for the warning
I always login with POSTING KEY, and avoid using the master key, unless Im gonna do some banking type stuff.
Thanks for the warning, passing it on!!
Ouch... No lube
Thanks for warning us! Be careful everyone :)
Thanks for getting the word out.
Hopefully these guys can get caught. Never put in your password if your already logged in .
@destbest ,
Thanks for posting this, I know I am a little late to the party but I just ran across this post . Very good and very helpful information to keep in mind before clicking a link.
Thanks,
@sultnpapper