Phishing has restarted on Steem. Hackers have produced hundreds of comments using over a dozen different stolen accounts. The comments have malicious links and are written in a way to entice and trick users to click on them.
This is an example of a phishing comment.
A comment like the one above will take you away from Steemit or any other Steem front end. It will take you to a website that's made to look like a legitimate service. It is actually a fake website.
The fake website is designed to trick you to put in your account name and password (or active key). When you do that, the hackers log into your account, steal all your money and change your password. Then they use your account to spam other phishing comments with.
Flags/Downvotes
The @steemcleaners team of accounts (which includes @guard and @plentyofphish) will flag any malicious phishing comments a hacked account posts. We will try to flag it to negative reputation where possible.
If you restore your account, make sure to let us know right away. We will remove all the big flags we can to restore your reputation. In return, you will have to delete all the phishing comments the hackers posted through your account.
Warning: Please don't delete comments that have a large flag/downvote on them or we cannot remove it!
No Free Money
The hackers want you to fall for their tricks. There is no free "30 STEEM". There never will be. They just know that you want to earn on Steem and are trying to trick you.
Report!
Report any phishing to us at https://discord.gg/STXSV4g or through our form at http://steemcleaners.com/reports/new. Phishing takes precedence over every other form of abuse. Even if you're on our blacklist, we will still help you. Our #1 goal is to stop phishing and support the Steem ecosystem.
Recover
Take a look at your account's Steemd.com profile.
Example:
Creation Service
Recovery account: @steemmonsters in this case. That's the Trustee Account that must be used to recover your password.
Last account recovery: The default date is 1970. If it says a different date that's the date the account was previously recovered (password reset).
In this case, the user will have to contact @steemmonsters (by going to their Discord and asking for help) to have their recovery process started.
Steemit Inc Account
Recovery account: @steem. This is the most common situation as most accounts were made by Steemit Inc for users.
To start your recovery process if your Trustee Account is @steem, go to https://steemit.com/recover_account_step_1
This is what the recovery form looks like
- Put in your account name
- Put in the last password you have for your account
- Submit the form and you will see a form with more information
- In the second form, make sure you put in the email you signed up with originally
Check your email often! Account recoveries take Steemit Inc approximately 24-48 hours.
Reference Guide
If you're not sure how to reach your Trustee Account, check out this contact list on the @plentyofphish GitHub repository: https://github.com/gryter/plentyofphish/blob/master/guides/account-recovery.md
We welcome users to translate this post in their own words and post their own phishing warnings!
This is urgent information for everyone to be aware of.
Phishing is one of the top abuse we need to minimize on the platform. It has a tendency of creating domino effect that we shouldn't allow to happen.
I hope everyone can be safe and help flag the phishing comments.
I also hope that the different non-English communities can translate this post as soon as possible and let every member share to their followers.
Thanks for the warning and for staying on top of it.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Chat with us on Discord.
[utopian-moderator]
Thank you kindly. We're asking for all possible translations to get the warning out.
I will do my best to translate it to Greek today.
It has been already resteemed by the official @greek-trail account.
Thank you for all your hard work, keeping this platform safe.
Thank you.
Just dropped the Japanese translation and hope could spread to the community
https://steemit.com/japanese/@glastar/be-aware-of-phishing-website
Thank you! Domo arigatou! :)
Thank you for your review, @lovenfreedom! Keep up the good work!
Resteemed. Thank you!
ǝɹǝɥ sɐʍ ɹoʇɐɹnƆ pɐW ǝɥ┴
Hahaha, I looked for him in the translator and he gave me Vietnamese-detected. Hahaha I love this writing around.
Spanish Translation/Traduccion al Español https://steemit.com/peligro/@lalupita/advertencia-de-phishing
thanks for the heads up and the process to recover accounts...
resteemd
Tagging @luueetang who was a victim of the scam
Re-Steeming this.
I've noticed that within the "legitimate" Steem community of websites and applications, one will be asked for one's private keys on a regular basis, and these legit sites and apps will store (if you allow it) your keys so you don't have to provide them each time you use it.
Myself, I don't use many of these 3rd party sites but most other Steemians I've met seem to. Even so, I've provided my private keys to at least a few such legit companies/apps, and so far haven't had a problem.
This warning gives the impression that users who provided their keys to scammers, who presumably looked/acted just like all these other legit sites and apps, were greedy and/or stupid.
I bet many of them simply got a bit careless. That it happened to so many people that a site-wide warning had to be issued seems to indicate that this wasn't just a couple greedy idiots. But perhaps related to the fact that even amongst the legit sites, we're made to provide our keys often, and these sites often sound very similar, so it's easy to mix them up.
Maybe changes need to be made, because there will always be a few careless people, or instances where normally careful people make a mistake. It shouldn't be so easy for scammers to take over large chunks of a blockchain. It's not just greed and stupidity imo.
I'm in the same boat, now I only use posting keys but for @steemfollower and @steemengine I think originally I accidentally used my private key. Seemed good so far....
This is the Greek Translation
Thank you! These phishers, they always find new ways and new names, but it all boils down to the same manipulative comments or messages. I'll accept their 0.01 Steem when they send it to send me their messages, but I'll ignore their messages.
I wonder if increased phishing attacks can be a sign of a market that is about to rebound?
Posted using Partiko iOS
I think they just wait for a new round of unsuspecting users. There's usually a gap of a few months between waves.
I recall seeing that 30 Steem nonsense a few months ago. Guess they surfaced again.
Dang...
Yeah 30 is their lucky number. Makes them thousands.
Damn scammers. I have been trying to give people 30 STEEM, for real, all this time and i never knew why everyone called me a scammer. All i ever wanted was folks to have 30 Steem.
I have failed. 😟
The irony 😂
#storyofhislife
resteeming thanks for doing this post
phishing means steem is still relevant. thx for the info. resteem.
Yes, one thing about a lot of crypto currencies is there is no community attached to them as they don't have an easy way to contact other users that use the crypto currency. Steem is all about content so it is an easy way to target users since it is about posting content on the chain. That's why Steem users need to be extra cautious with their keys.
one could give negative-reputation accounts to those hackers ;)
We do put all the accounts to negative rep, but unfortunately it doesn't always stop people from clicking the bad links.
i'm kinda new to these parts...i'll try to remember this info...plus i resteemed this post
Definitely good information to have; it's sad that these crooks are once again trying to trick people in our community.
I would add that it's also a good idea — if for some reason you hold a lot of not-vested Steem or SBD — that you move it to savings rather than have it sit 100% available. From savings, it would take someone three days to move out, effectively allowing you to recover your account before the scammers could move your currency out to an exchange.
Bright Blessings, and thanks for all your work @steemcleaners!
Another tip would be to just create an additional account, maybe a "bank" so you don't have to login to it until you require it.
Absolutely, a "cold storage account" is really good and I think a lot of people do that.
This post was shared in the Curation Collective Discord community for curators, and upvoted and resteemed by the @c-squared community account after manual review.
@c-squared runs a community witness. Please consider using one of your witness votes on us here
Thank you for your help.
Resteemed
TANSTAAFL. Be careful, folks!
People should never trust a "SPAM COMMENT" anyway :)
As much as I hate you because you have added me and my account @red-rose to your fucking shit blacklist as much as I still have respect to your efforts to protect the members by your warnings.
This is a statement from my side that you are in some areas doing good things for steemit but you must understand that you have ducked the wrong account of mine by accusing me as a spammer or I'd thief or plargist. ...
Remove my account ease from your blacklist
Posted using Partiko Android
Hi @steemcleaners!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
Feel free to join our @steem-ua Discord server
thank you sir. phishing is bad. terrible.
great info that everyone must be aware of.thanks.
Hey, @steemcleaners!
Thanks for contributing on Utopian.
Congratulations! Your contribution was Staff Picked to receive a maximum vote for the anti-abuse category on Utopian for being of significant value to the project and the open source community.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
Thanks for the hard work and dedication, @steemcleaners.
And thanks for this warning!
Thank you and @xcountytravelers you could use them for your question.
You guys are doing an awesome work on the Steem ecosystem. Thumbs-up!
Thank you so much for the information, @steemcleaners! I'll reblog it in order to spread the word. Hugs!
Thank you for informing the steem public.
We will be more vigilant against malicious users on this blockchain.
Thank you for this useful post.
Thank you for this. I was nearly had - again. Appreciated the subsequent help from @bullionstackers and to @thedarkhorse for the warning.
Thanks for the heads up! It seems like people will go to any limits to rip off others. If only they'd use that same energy toward helping the community they might actually make legitimate money.
Thanks for the information. Now I know better. Resteemed
Nice posts. thanks for sharing.
Thanks for informing us especially for those like myself who are new on here.
Thank you for the warning
Thanks for your awareness and actions about protecting Steemians from security and financial threats. Great job!
We're spreading the security warnings against Steem to Chinese users, in order to to protect more community members from the potential attack.
You article has been translated to Chinese to : https://steemit.com/cn/@robertyan/or-phishing-warning . Thanks again for your great work. :)
hola! me gusta tu publicación sigue asi!
I like your work very well.Hope you do more such things.Which will inspire us.You really do very well.Do more such work.
Thank you very much.
This information is very important. We all should be more conscious and alert.
upvote my steem please
Just two to three days ago, I received an email from Gab...regarding the same happening on their platform - even though there is no money involved, the phishing is to get the real-world details of the posters, while also posting aggressive and offensive messages.
Over here, I doubt many will give the Owners code, but Active code is requested for all kinds of actions which should not need anything more than the post password. Perhaps those can be ecouraged/requested to change their password requirements, so that if we are not transferring funds, for any other kind of transaction, a request for Active Password would be a red flag, warning us of danger?
this content is very important and useful thank you for great informations
Es de gran utilidad la información para los que aun no conoce que es un phishing y como identificarlo y ser mas cuidadosos al entrar a nuestras plataformas de usos.
I have a question along these lines.... Can a hacker steal little bits of steem at a time without you noticing? If a hacker say got my private key, I would see any transaction regarding power up or power down here on the platform in the wallet? Is there a way for hackers to steal our Steem out of our wallets without noticing? Seems like on this platform, it is super transparent what in and out amounts there are? I often think this since I've been on platform for a year and can't get above 100 steem LOL! I know it's the buggered market and all. I get the 3rd party website thang, makes total sense and thank you... I wish I could re-steem this post really good information and followed ya! Are you guys witnessess?
A long time ago, you flagged my original content. Your whole profile/ the way it operates is UNFAIR and you treat the good working users like CRAP Fuck you @steemcleaners
Thanks buddy.