ATTENTION! Steemit Comment Phishing EXPOSED! Take a look how this guy try to steal passwords!

in #steemit7 years ago

As experienced IT security specialist this things always take my attention. When I see that someone try to break system I want to analyze in detail how and what is he doing.

After I read @denmarkguy 's post *** WARNING! *** New Steemit Phishing Scam -- Be Very Careful with Certain Comments, I decided to make more investigate on this case.

Warning! Take this serious and you should be very careful. Share it with others because someone could lost his Steemit account.

Explanation:

What is phishing?

There is no one who is not heard for this term. In short, phishing is way of stealing usernames, emails, passwords etc. with FAKE page (website) for which you think that is real.

Now, this guy leave comments like this:

What he do?

He uses markdown to try to fool Steemit users. As you know if we post link in our blog posts or in comments, we can make it with markdown like this:

[Title of link](Url of link)

He simply puts FAKE Steemit URL as 'Title of link' and phishing page in 'Url of link'. Than it just looks like real web URL but it's clever masked with Steemit url writed as 'Title of link'. So when someone click it redirects on page who ask for username and password from you.

Take a look at URL in address bar! Obliviously this is not Steemit!

If I leave my username and password here, and press Login button I will lost my account definitely, so be very careful!

How to defend?

Always, but always look at address bar and url of website you are on. If you find it suspicious leave it without any actions.


Hope this will help as educational and prevention tips for making Steemit community safer!
Thanks!
@mightymicke

Sort:  

It is very easy to fall for those scams if you dont know what to look for. Very important post, lots of people still fall for phishing

Truth to be told. Thanks for your comment.

Thanks for this... never paid much attention before. Think I'll just not enter my username and/or password anywhere except during transfers. Should be safer.

On Steemit and steemconnect should be fine.

Thank you for bringing this to my attention. Always wary of such things but people are often tired after doing something else and get careless.
Perhaps Steemit should have a "You are now leaving Steemit!" page scripted to popup when clicking a link taking the user from Steemit to Offsite. Like on many social media websites now.
That might be useful. However only the developers can implement that . . .

That could be one of solution, good point of view.

Thanks for sharing!

You re welcome Vangie.

WOW. That’s scary. It is so simple for someone to steal your stuff

Very scary!

It could be simple if someone don't take attention. Good thing is that we are well organized and always inform each other about this stuff, because all of us care about Steemit ecosystem and protect it.

Thanks for the warning That is very essential to alert others on such behaviour by other steemians in our community

Very truth, that's why I made this post.

We should all report his account
Share his link so we can all flag him

Main Steemit board already take actions about this case. We should not worry until he or someone else make new account.

Yes even I've flagged a good amount of his posts

My opinion is that information is essential in prevention of this. So we need to be informed and spread information to others.

Very informative and useful text!

Thanks for your reply.

#Wow
Thats a great post,,
i am a big #fan of you,,

keep it up,,
i always #support you

Thank you @mightymicke

Great, I will become big fan of you too. :)