Over the last 24 hours a major phishing attack was initiated on Steemit. Numerous individuals had their accounts stolen. Here is what the scam looked like yesterday.
Stay safe by following these steps:
- If Steemit looks like it's randomly asking you to log in, DON'T DO IT.
- Only log into your account using your WIF, not your master password.
- Mouseover all links to make sure you know where they go.
- Don't save images off Steemit, take a screenshot of them instead.
- If your account was compromised, recover it immediately here.
Help stop the spread:
- Flag any infected posts that you may find to hide them.
- Hiding posts helps reduce victims.
- Report infected accounts to Steemit.chat here.
- Be careful of what you upvote to ensure you don't accidentally support an infected post.
Mouse over all links in Steemit posts.
Touch each link with your mouse pointer and see where it goes. If it's a short link like bit.ly or a link to a site with aba.ae in URL, do not click.
If you speak another language outside of English, please either write a post or communicate this warning to other speakers of your language.
Knowledge is the key to resilience.
Resteem or copy/paste this post to spread awareness.
All payouts from these scam warning posts go towards the military veterans project.
The following accounts are known vectors:
@theflu
@bokser1991
@ehrmannii
@shawdisy
If you own one of these, recover immediately if possible.
While flagging the infected posts may damage the accounts' reputation, it's necessary to stop the proliferation of the malicious links.
The originating account for all this appears to be @felix.jasper which has since been flagged into oblivion.
Edit: Good news!
User @birjudanak recovered his account and deleted the phishing posts. Great job, buddy!
@rolf.bakker and @sallybeth23 got their accounts back as well. @rolf.bakker finished account cleanup and @sallybeth23 is still working on hers.
 |
Like what we're doing? Support us as a Witness.Go to https://steemit.com/~witnessesAt the bottom, type in guiltypartiesClick VOTE
 |
On a side note, it is better to use a password manager like LastPass, then using the default browser solution (remember password) or not using anything at all.
There, you could set on which urls, which keys could be used.
Never enter your password/key manually, only through the manager.
If there comes a place, where that the password manager don't give you the option to input your keys, look carefully why. Is it phishing ? Be skeptical.
And don't forget to backup your password manager's data store (or as it is called for LastPass - Vault), preferably in an encrypted, password protected form, at multiple places, at least one of which is cold storage.
RED ALERT There's another one now. Called " how to power down your steem in 10 minutes" Looks like the same Perps !!
On the plus side, 3 accounts were recovered.
Thanks for helping out. As our accounts grow, the stakes are higher. If the scammers gain access to your account, they can drain it quickly and there is nothing that can be done. That's awful. @ironshield
Is there a tutorial on what a wif is, etc and a good strategy to manage keys?
@pfunk posted a few good tutorials which can be found here and here.
Thanks for the warning @guiltyparties
Regards
Resteeming this so my followers are aware of this too. If you are one of my followers reading this please resteem it. Its important that the entire community is aware of this. The accounts that were Hacked had all of their SBD and Steem stolen from them.
Perfect, thanks. It must be stopped before it gets out of hand.
Good job!
Thanks for sharing this vital info, I will be very careful on my own side....Upvoted and resteemed.
Thank you for resteeming.
it was such a horrible experience and really thanks to admins who supported and helped so fast to recover ,though i cant save my fund be since i know i was hacked i spread this scam site to all of my friend and ask them to make post so people are aware of it , i am glad that non of my friend faced this problem because they are aware and they are not succeed in their target and i was the last one i think.i generally didnt enter password but in my mobile direct log in page seen and no URL address and just before 2 days i changed my password so i though i have to enter password to see and i did big mistake and i lost everything. but learn something and scammer cant digest that money that is for sure karma will work and god seeing everything.
You did a good job man cleaning all that spam up and recovering your account. Out of all of those hacked, yours was the first recovered.
It's such good news to here some folks got their accounts back. What a horrible thing to happen. Most of us work so hard on our accounts here. To think that just a momentary lapse could allow such damage to occur. Thank you for keeping us up to date on this mess.
Beep! Beep! This humvee has patrolled by your post and approves of its content. @shadow3scalpel will be supporting new veterans, retirees, and military members on Steemit. If you would like to support this project simply give this comment an upvote and see @chairborne's page for other ways to support the veteran's community.
