Lately, I have been seeing a lot of posts getting comments from bots or some random dude who can't even write proper English, I can hear you saying "But Deathwing, this always happens, it is not something new" but there is one caveat in those comments.
All of them have a link, a link that seems similar to steemit.com or any other big sites such as busy but in fact, it is not.
In this picture, you can see the user posted a link with a normal spam message you say? But in fact, it's not a link to his "usual" profile, well... It is. But not on Steemit. More on that later.
What is Phishing
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Wikipedia
Phishing is pretty much a way of scamming, stealing your private information. Most importantly, your private keys or passwords here on steemit (never, ever use your password to login, always use a posting key on a daily basis. ONLY use active key when you are verifying stuff (well, transactions in this case).
Alright, back to the "link" thingy.
As you can see when I hover over the link, you see "sleemit.com" so, what is the difference?
This image is taken on Steemit.com, as you can see; I am completely logged in with Steem Plus active.
And this is Sleemit.com, I am no longer logged in and Steem Plus is not active anymore. I am not on Steemit anymore, but the site looks EXACTLY like Steemit and works like it. So this is the phishing right here. As an innocent user, you would think you just "got logged out" and would instinctively log back in once again.
You see the normal login page of Steemit, and only a few scripts are running
And there you go, this is Sleemit's login page. A few extra scripts right there and the most notably, app.js which is the javascript file they use to steal your passwords as soon as you log in.
Ways to prevent this:
Always check the link you are clicking to
Install the Steem Plus extension made by @stoodkev as it will warn you whenever you are clicking a link that directs you out of steemit.com
Don't click the links at all if they are posted by low rep users, or have no meaning.
TLDR: Never click a link before checking where it redirects you to. Especially on Steemit. Otherwise you will have your password stolen, your account and your money gone. Always have Steem Plus installed.
P.S.: The site and the user I shared here were completely out of coincidence, during my observations for the past few weeks I know that there are more than 15 maybe 20 phishing sites available on the internet just to steal your passwords.
Nowadays it's a lot more easier to hack individual accounts than the institution. It's all about "Social Engineering", and the only way to counter it is common sense and education. You can check my blog post about it: https://steemit.com/steemit/@cortexx/how-to-protect-yourself-from-hackers-or-social-engineering-or .
I agree. Hackers are trying to exploit people in any way possible.
I make it a point to downvote those type of accounts whenever i see spammy posts.
Yep, when security gets too tight, they have to go for the individuals instead.
Honestly, the site shown in this post is scary in terms of how good it is. Most scam sites are not quite as good at matching the real site.
That's dope.
Man they are trying like crazy. Just you should never click on anyone asking you to follow or whatever
Nice advice please follow me via this spotlessben
yes sir @deathwing, i also get comments on my post 6 hours ago from purpleandgold account. I am very worried about this. certainly not just me but comrades who have long existed in this platform. we should now be very careful, whether we can know the account is a danger? I mean other than sending a link on our post?
good info thamkyou!
Thanku soo much sir for this information
They're also sending tiny amounts 0.001 steem to your wallet with a message and phishing links. Don't click!
if the browser is uptodate a https will be enough
also why not clicking on the name rather than the link? ;)
Stop phising
Excellent thank you for the headsup daethwing
Damn. Thanks for this man.
The site you showed is a seriously well done scam. I almost got hit by phishing on Facebook once - I clicked a link to "Facebok.com". Fortunately I saw that there was only one "o" in "Facebok" and figured out what was up. Another good way to be safe is to go to the website normally and see if you are logged in. I had actual Facebook open in a different tab so I could also tell that way.
someone sent me one of those when I was on steemchat and I was also talking to people on the general chat and they told me not to log in with my account. I was relieved I didn't do it though. :) thanks for the post
Nowadays it is very common on steemit. One of my friend got hacked few days ago. Than he recovered his account by clicking on stolen password option. Toady I also got similar comment but I avoided because It seems phishing. So guys please always check before clicking on theese type of links. Most of them have less than 25 reputation.
Wow! Thanks for being on factor. I don't have plenty for phishing rip-off jerks to thieve yet, however perhaps within the future this may be extraordinary info to have.
You got a 5.39% upvote from @postpromoter courtesy of @deathwing!
Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!
Yes, I have to be careful who I contact because they got their account hacked and lost their SBD/STEEM:(
You have received an upvote from @nicestbot. I am an automated curation bot trying to make minnows happy.
hello @deathwing, i want to be a moderator of utopian under your supervision. can i have any chance? i want that job, i need that job.
My name is chandra.
I'm from contry indonesia.
Saya berterima kasih kepada seluruh pengguna steemit.
Saya berharap teman teman bisa membantu saya untuk lebih populer distimeet.
Thanks all
Chandra you are welcome to steemit its a place to be hope you enjoy it good luck.
ayudenme con mi perfil https://steemit.com/@jlalvarez
Goog warning . Resteem it!
Thanks for the heads up amd advice!
Informative post! Thanks for the warning. I will be very careful from now.
Good information earn from your talent not to damage any one profile
be a good man
I am new here so I don’t have anything to take... yet. Besides not clicking on suspicious links, is there something else I should do?
Everything is mentioned in the post.
You could add the extension suggested and not login with your password.
Good luck.
thank you so much. Resteeming this. Just last week I read about how a user lost his money but regained his reputation back and his account, thankfully
I am not getting why these people interfere even in a well assembled and genuine ways of earning. Why they don't try the actual and genuine ways of earning instead of fake and pathetic tricks. What is the reason of their evil acts? Poverty might not be the valid reason so far
Wow! Thanks for being on point. I don't have much for phishing scam jerks to steal yet, but maybe in the future this will be great info to have.
The beginning of this process was inevitable. Accs of Steemians are so good rewards for bad gays.
Thank you for security information. It must be resteemed.
I've seen several people posting similar comments. I reported them to @steemcleaners. I recommend using a password manager like Lastpass as that only fills in the password for the legitimate sites
Thanks for opening my eyes to this... Though I have been seeing links like that but never clicked on one. I wish everyone on steemit can see this so the risk of being defrauded will be minimized. You are a soul saver @deathwing
Thanks a lot for this information! At least, I am now aware the existence of this kind of acts in the community. It is very helpful, most especially that I am just a month old in steemit and not that very familiar yet on does is works! Again thanks a lot for sharing!
Nice post. I will follow you @incognitoct
I made a Chrome desktop browser extension to help identifying those links more easily: https://steemit.com/utopian-io/@quochuy/steemed-phish-v0-0-14-is-out-a-chrome-extension-to-protect-yourself-from-steemit-like-phishing-scam-websites
If you know of other websites to be blacklisted, let me know
Quochuy please could you enlighten me more on your post? Please follow me here spotlessben
whaa, many people using it domain looks like steemit cckck
thanks bro for post and your warning
Thank you for the heads up! I wish these scammers would get a life, bunch of losers. Nice post
Oh what the hell man, i usually dont fall in traps like that. But this indeed looks way to legit, i could for real fall for that. Thanks for posting this
Thank you very much for this post. Its really helpful especially for newbie like me. Stay blessed
Wow, holy s..t!
You learn everyday something new.
Thanks deathwing for bringing attention to this. Could have easily clicked on one of those links the past few days.
why should warning
Hey @deathwing, gotta love Steemit! Still awesome platform and community and it's nice having great people contribute so we all benefit. Keep up the good work! Cheers!
Can't agree more! The best platform around @asad24434!
I'm new to steemit, and this is really important info...for real! Thanks a great deal @deathwing
Good information!
Thanks!
....upvoted and resteemed
this link also another phishing site, Be careful!
If you look closely, there is another small dot under S.
thank you for sharing information,
Lately telegram has become a breeding ground for scammers/phishers. I recently wrote an article about that. https://steemit.com/ico/@chiraagnd/trolling-ico-phishers-scammers-on-telegram
Phishing is relentless on every platform, be it email facebook etc.
Be aware and read! read the link you are about to follow
highly important information for all new to steemit as well as any who may not know about all the different ways one can be hacked if not attentive. thank you for this.
thanks for the warning
very useful post, thank you dude!