CAUTION: Steemit Clone Stealing Passwords + 50 SBD Reward for an Anti-Phishing Browser Extension

in #steemit7 years ago


Uncovering the largets phishing attack operating today. A Steemit clone called Steewit.com or Steelit.com are aiming to steal your keys so be carefull when you put in your passwords if the URL is correct. If you've been suddenly logged out of Steemit and have logged in again you might be at risk because that might have been the clone website. So be sure to quickly change your passwords and store them somewhere safe. I propose writing them down a couple of times and store them on paper instead of online because keeping them online is way too dangerous and susceptible to attacks.

My friend @enjoyinglife got hacked yesterday and lost 200+ SBD and 750 of his SP is delegated out to multiple accounts most likely operated by the "hacker" who owns the steemit clones. Watch his video about it here

SCAMMER and his other accounts:

OG scammer @good-kama -> notice the fishiness of his name
ALT accounts operated by the scammer: @omikunlejackson, @samriamelissa, @lalo78, @kilbride

The malicious user got control of many other accounts and through them spammed out comments with links leading to the steemit clones...

As Steemit grows and our accounts are worth more, this kind of attacks will be more often and sophisticated, harder to recognize so I propose a solution. We desperately need a solution and we need it now!

As a soultion I propose a tool that will help us spot the scams before entering our credentials to a scam clone website.

||| I will give 50 SBD to anyone that can make a bulletproof anti-phishing browser extension |||

It would need to check each steemit-based website we visit and see if it's the correct URL or is it a scam. If it's a scam the app would need to alert the user by an alarm sound and a big gif saying SCAM or something like that! It just needs to be very visible and obvious so no one can miss it.

The app also needs to be open source and the code needs to be checked out to prove it has no malicious code.

If you are willing to do it, please contact me on discord.

Stay safe peeps!


▶️ DTube
▶️ IPFS
Sort:  

Thanks for letting us know about the. Is so sad that scammer want to reap other people off their hard earnings. From the comments and links dropped here, seems the scammer has several ways of contact and sending the link to people to fall for it. I will be very careful of these accounts @good-kama fished out, as well as resteem this post to spread the alert to as many as possible.

This is awful and well done for creating this video! I just resteeemed this and I hope it will be resteemed everywhere! Its such an obvious scam, but most people wouldn't realise! Keep us posted on what happens!! well done!! It needs to be trending!!!

Thanks a lot for re-steeming, anything we can do to get the word out will be worth it because we might save a couple of people. That's why I "wasted" so much on promoting it :)

Thanks for the information. So many scam artists this day and age. You can't do anything about it if they're in counties like Pakistan. You just gotta be careful. I got a few private messages on Twitter before and the URL clearly says Instagram.com but it directs to phishing sites.

Thanks for the video bud.

I appreciate your support and I appreciate the fact you are getting this known to the masses

It means a lot to me (and other potential targets)

I made a short video on Dlive speaking about 2 crucial steps (we spoke about) to prevent this, so if anyone feels like it - check it here.

Np, just hope that no one else will get scammed...

@runicar
I also made a post about this with his whois info and everything:
Check it out: warning-fake-grumpycat-phishing-spammer
Be safe guys!

thanks for sharing ... already resteemed !

Thank you for sharing this with the community. Another user posted something similar yesterday as he got scammed through the same scammer's website. Here is the link: https://steemit.com/steemit/@nossy/be-careful-where-you-click-or-steem-phishing-or-stolen-sbd-from-users-or#@nossy

Talking about links, the browser extension should also reveal hidden phishing links in links in comments (bit.ly and other URL shorteners as well) as that is the way people are being deceived.

We are willing to contribute an additional 25 SBD to the VERIFIED and LEGITIMATE programmer(s) that will take on this project.

Stay safe and always verify the links before clicking on them.

P.S. There are some web scripts that will even click on links on a page without you even doing it! Now that is scary! One thing that may help is having the AdBlocker extension on.

Yep, I have seen that. It really enrages me that this kind of stuff is going on but it doesn't surprise me at all. As our accounts become more valuable over time and steemit grows this kind of attacks will just be more often and sophisticated. I really hope someone makes the extension :)

Thanks for the support and willingness to donate more for the cause.
That's insane, but I always have adblocker on though :)

Would be nice if you could post an update post once the anti-phishing extension is created and give a shout out to all involved ;) Cheers!

Will do, as mentioned in my new post the community will have a week to test the apps and decide which is the best. You'll be see all the devs involved and apps made. Thanks for your contribution to the cause!

Rotten scummy bastards. Isnt there some sort of emergency hotline thing between all the witnesses so they can all instantly resteem an alert ? Between them all they surely have every member on their followed or followers ?
anyway, thanks for the heads up. Will resteem to my 400 followers..mainly bots lol :-)

PS @runicar have you this post with another version of the same scam ?
https://steemit.com/scam/@friendly-fenix/warning-fake-grumpycat-phishing-spammer

I'm not sure there is but I hope they get to work and stop this and block the websites from working and scamming other unsuspecting users.

There is another phishing site at "steemil" dot com as well.

Upvoted for visibility... and steempower and sbd of course 🤨😜

I am by no means a software developer but I think you would want the extension to validate proper sites as opposed to invalidate bad sites. For example if it validates proper sites it would have a green check (much better to have no default image and force users to set a personal image) every time you signed into a proper Steem platform by the sign in. If it is invalidating websites then it would have to invalidate all non-Steem programs to be truly efficient against scammers and thus could get annoying and lead to users uninstalling it.

While I have free time (seldom at times) I wouldn't mind to look at starting it (but you'll not see progress for a long time because as I said I'm not a software developer lol) but I think that it would be better for someone like @r351574nc3 to really get it set up within the next decade. Regardless I also resteemed in hopes of finding actual minds that can bring a product to everyone. Thanks for shining a light on op sec @runicar!

That's somewhat close to what I was hoping someone would be able to make. Let's hope they actually it :)