PSA Alert: Be Aware of new Apps being used to steal your Steemit/Dtube Information

in #steemit7 years ago

Dear Steemit Friends,

Many, if not most of us all know that there are many phishing scams spread across the Steemit ecosystem. Where money is involved, you can expect that there will always be people who want to take advantage and cheat the system by taking advantage of users. Unfortunately, it's just the way the world works. Nothing good comes without a bad element.

In my last PSA alert, I warned of a new scam that takes advantage of users by utilizing sites such as steewit.com, steemil.com, and various other adaptations of the Steemit name to attempt to trick users into logging in to steal the users login information. Despite the number of alerts from myself and others, people continue to report that they have been hacked and are victims of these and similar phishing scams. Our notices don't often reach everyone given that Steemit has millions of users and new people signing up every day.

You can find my first alert with information pertaining to the above-mentioned phishing scam using the link below:

PSA Alert: The number of Phishing Scams are increasing

Another Phishing Scam has arrived

Because a number of Steemit users are in regions where either a PC is not an affordable expense or people are frequently on the go and need a mobile solution, Smartphone Apps have become a popular and increasingly growing method for users and content creators from across the world to access the Steemit platform. We are beginning to see a number of mobile apps being developed which connect directly to the Steemit platform and the Steem blockchain.

DTube has become an increasingly popular platform built on the Steem blockchain where content creators can share their life experiences with others. It is quickly growing and becoming a more popular alternative to YouTube with regular updates and added features.

This has recently become a popular target for scammers as well. There are a number of people who have been fooled by a new app that is available on the Google Play store portraying itself as a legitimate DTube App. A number of users who have downloaded it and have tried to log in and post content from it have already become victims of this phishing scam. What makes it worse is more-and-more people are falling for this scam because of its availability on a well-known App store which people assume they can trust when it comes to safe applications.

In order to ensure safety, you will not find the link to the App here, however it is easy to find using search on google and the app store.

Because mobile apps are the only alternative to small sized browsers for people in certain regions and for people on the go, a number of people end up using the app due to its potential convenience and claims to be able to connect to the blockchain. A number of people have already reported that they have tried to log in using their credentials and as a result, have had all of their earnings withdrawn and in some cases, their passwords reset and accounts stolen.

Here is an example of someone who recently had all her funds stolen due to the App.

Reading the comments associated with the App, you will see a number of people reporting that their accounts were hacked.

What is worse is that regardless of the number of reported incidents of users getting hacked, the rating of the app remains relatively high, which means people who do not take the time to read the reviews end up getting scammed. Some people even tend to ignore warnings and proceed anyway just because the App is on a trusted platform and has a number of positive reviews.

A little research goes a long way

I looked into a number of the positive reviews and posts on Steemit promoting the App and what I found, was a majority of the people promoting the App are either day old accounts or fake accounts created using profiles of real people.

Many of the people on Steemit who have posts announcing or supporting the app are your typical bot and daily spam generating posting accounts that were created in the last month and add no value or substance to Steemit and probably belong to the creator of the app.

I decided to look up a number of the people who made positive comments supporting the app using a simple google image search on the profile pictures which led me to accounts on other platforms for these users and decided to contact some of them. Most of those that have replied had not even heard of the app and were not even users of Steemit or DTube.

As I am researching and typing this post, a number of the Apps that I am referring to our being removed from the Google Play Store, but even after, a new one is uploaded with fresh new account and a clean slate in terms of reviews, which means a fresh new batch of users who will potentially get scammed.

My heart does go out to those who have been scammed. I'm sure most of us have been scammed in life one way or another and it is not a good feeling. My warning and advice to everyone is to be careful. Be vigilant and show some awareness in who you give your information and login credentials to. Unfortunately, when it comes to warning people about potential scams, we are always on the reactive side since visibility only happens when someone is already scammed and reports it.

Think before you act. There are a number of clues and things you should look out for which indicate if something is legitimate or not. If you have a gut feeling that something might be off or any kind of hesitation at all, it's probably best to avoid it. Generally, most apps and projects tied to the Steem blockchain utilize SteemConnect when dealing with your credentials. This, however, should not be your one true comfort that something is legitimate. Take some time to do a little research and ask around before jumping into something unknown. This is the wild west all over again.

I hope this serves as continued advice and is timely and repetitive enough to help get the word out before more people are taken advantage of.

Thanks for reading

If you have any questions, inputs, or feedback, please feel free to post a comment below. Please also help me spread the word by upvoting and resteeming this post. Thanks and be safe!


Sort:  

Its going to happen again to me a while ago but i am more active right know and currently paranoid with this f*😵k pishing grrrrr so sory for the word.. Cant sleep with this..

That is sad to hear. Did you change your passwords? If you have any doubts, a lot of us are available on community chat to validate apps and tools. It is frustrating and a never-ending fight to always be on alert for people trying to take advantage!

I did not enter my master password he/she asking me to put it. I close the window of my browser and open again another new one and i am shocked that im open and did not log out with my steem account.😧

That's good. At least you avoided it!

Thank you for the information.
This is a very big help for us.
Mostly in New steemians.

Best way to help others to keep post like this being shared into the community, it is not only Steemit and dTube, stay safe, read, research and thanks for the warning @cloh76

I agree. Constant updates and awareness is important to keep everyone informed and updated about threats. Thanks for reading @joanstewart!

Thanks for sharing Ms. @joanstewart and thanks for telling us about it @cloh76 . I was reluctant the first time I came across SteemConnect and trust me Ms. Joan and I know about the #SlimeGoblins aka #SnotGoblins out there!

Snot Goblin MQT 2.jpg

Thanks @cloh for letting us all aware. This is what I also said on my previous post that scammers might still use some links that would exactly look like steemit.com ... So bad!

Yep. New methods of scamming created every day unfortunately

Instead of steewit.com or steemil.com, they should use the name steelit.com, because stealing is what they are doing!

I wouldn't be surprised if that was already in someone's bag of tricks. That domain has already been registered...

This was the latest issue few days ago.. I have friends here that they said Dsound is a hacker application . Where after she log-in her pass.. all oh her SBD gone... many phishing application that steal accounts and income today.. It's rampant...

Yep. And more methods are found daily. I'm sure Dmania and other apps will follow shortly

oh no :( I know it was discussed and they decided not to enable 2FA for example but i really wish there was an option cause i never really feel secure with my steemaccount...cryptospace is a dangerous place nowadays and i see hacks going on everywhere. I also had a few people try to login into my exchangeaccounts lately and at least there i have 2FA... i feel this will be a bigger problem for the steemcommunity since people do fall for this phishings...Stay safe people!

Yep... So far the best precaution we have aside from people not sharing their info is SteemConnect

Hi Cloh76, thanks for the alert information, always in all that good hehehe

Sure thing. Just trying to keep the public informed!

This is of great help @cloh76. It scares me so much that there is a phishing scam going on. Already you as a wtiness.

Unfortunately, everyone is a potential victim... No one is safe and immune from scams.

It that saddens me a lot. A best friend of mine got her account hacked. And there is nothing we can do but to be extra cautious

..Scammer and hackers are evrywhere.. We shud always be alert... Think thrice before you sync your acc to something...

Yep. Unfortunately, that's the way things are. No good comes without a bad element

Never enter your master password into any steem based website, unless you trust that website with all of your STEEM.

Use your posting password or your active password only.

yep. Definitely good advice to follow!