Never give your password on suspect or unknown websites!!
I already warned you about several scam attempts (see bottom of this post for a list of them). Here is a new one.
Scam Description
The scammer publish the following comment on user’s post
If you click on the link in the comment, you will be redirected to the following page:
NOTE: the domain name displayed and the background image may be different from the above screenshot
If you click on the “Sign In” button, you will be redirected to the following site:
NOTE: the domain name displayed may be different from the above screenshot
The page displayed by the site is a fake SteemConnect login page!!
The goal of the creator of this website is to steal your credentials to hack your account and funds!
Scammers using a rotator - be more careful!
The scammers now use a rotator, meaning the content of the phishing website may be very different than the one described above.
What is a rotator ?
A rotator is a simple URL that when visited, directs the visitor to one of many different websites. This means you one url might lead to several websites.
Preventive action activated
I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.
If you find similar phishing attempts, contact me on steem.chat
To protect yourself, you can:
- always double check before clicking on a link, especially if this links take you away from steemit.com.
- verify the reputation of people writing comments on your posts. A user with a low reputation should trigger you attention.
Previous threat alerts
If you missed them, please find here the previous alerts I published:
- Scam alert and white hat counter-strike
- Phishing exploit has been stopped - Scammers thwarted!
- Potential scammer reported- @jones420
- Fake Steemit website try to steal your password!
- Phishing attack to steal your active key
- Potential scammer reported - @minnowpond
- Scammer reported - @russiann
- Scammer reported - @steemitrobot
- Scammer reported - @tripadvisor.com
- Scammer reported - @harquick
- Scammer reported - @gtg.witnesses
- Phishing site reported - sleemit(dot)com
- Phishing site reported - www.steemitfollowup(dot)ml
- Phishing site reported - www.steemitfollowup(dot)cf
- Phishing site reported - www.autosteemer(dot)com
- Phishing site reported - www.autosteemer(dot)club
- Phishing site reported - upperwhale
- Phishing site reported - steamit(dot)ga
- Phishing site reported - steenit(dot)cf
- Phishing site reported - steemautobot(dot)ml
- Phishing site reported - autosteem(dot)info
- Phishing site reported - steemij(dot)tk
- Phishing site reported - steemitservices(dot)ml
- Phishing site reported - uppervotes(dot)ml
- Phishing site reported - steemupgot(dot)ga
- Virus infection threat reported - searchingmagnified(dot)com
- Phishing site reported - steemrobot(dot)ga
- Phishing site reported - postupper(dot)ml
- Phishing site reported - steembot
- Phishing site reported - steemone
- Phishing reported - Scammers use account's profile
- Phishing site reported - steemitfoto
- Scammers must really hate me a lot to create a dedicated scam link
- Phishing site reported - pixz
- Anti-phishing war - The crooks continue their bashing campaign
- Phishing site reported - SteemitProtection
- Phishing site reported - myaprotection
- Phishing site reported - TPM Rotator
reminder
A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:
Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!
Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.
Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.
Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!
4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.
Spread the words, resteem this post to your friends, and you will make the platform safer.
Thanks for reading!
If you notice any new suspect activity like the one described above, drop a comment on this post or contact me on steem.chat
WARNING! The comment below by @steempix leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
www.steempix.com is a free image hosting platform for steemit. We do not require your posting key for any of our site transactions at this time. Please be safe online and always double check the links before adding your credentials to any site. Thank you
Thanks a lot for sharing this! It can warn everyone especially new users!
thank you for sharing with the very information we need for the security of our account. very good to follow the above instructions in maintaining the key of our account. useful information @arcange
Lets clarify this:
It wouldn't be this site we are talking about here:
https://www.steempix.com/
You don't need to supply any Steemit keys to sign up/in - just simply a user email and a password. It is like any other site hosting pictures. I checked it out, but since I have several websites with unlimited storage myself, I got no use for it, because I post my images to hidden pages on my own websites to use in steemit posts. You don't post from there to Steemit, you simply grab the image url like you would from any other site, to paste into your steemit blog. Not like Bescouted, where you sign up with your posting key.
Of course your reminder is valuable advice.
And yes, I voted for you as a witness, but the regular way, not following your link 😉
Thank you for the clarification @thermoplastic. We however will be integrating steem into our platform so you can earn rewards for your uploads.
WARNING - The message you received from @steempix is a CONFIRMED SCAM!
DO NOT FOLLOW any instruction and DO NOT CLICK on any link in the comment!
For more information about this scam, read this post:
https://steemit.com/steemit/@arcange/phishing-site-reported-steempix
If you find my work to protect you and the community valuable, please consider to upvote this warning or to vote for my witness.
Comment deleted
Do you even read or do you know how to read @arcange? Which part of my message above is confirmed scam? I posted two links, did you even check them out? I ask you a question, but you do not bother to answer - I am tired of robots. For a moment I fell for you being a legit service, I even resteemed it!
I compared the legitimate website with the one you posted about, AND ON THE LEGITIMATE WEBSITE YOU ARE NOT ASKED FOR ANY STEEMIT KEY (not like the one you posted about, that masquerades as being the same service).
btw - I don't follow links blindly - like how do I know that your "vote for my witness" is not a phishing attempt? You want to vote for a witness, open the sidebar and click on "Vote for Witnesses".
Before I go for any links, I have my Norton Security Software check them out (Norton Safe Search) - but the lack of a security certificate is usually a dead giveaway. Even if it has a https URL the browsers I use, as well as my Norton Safe Search, would add a warning sticker to it that it may contain unsafe content. Firefox automatically blocks unsafe content, and you would have to 'unlock' to even go to the site.
Yes, I can read and read you comment.
Insults are useless and for your information, contrary to my warning-bot, I am a human that need to sleep and that sometimes is away from keyboard.
My post is about is about scammers that, unfortunately for the steempix.com domain name owner, used an alternative extension of the same domain name.
As scammer often register all free or cheap extension of the same domain, my bot may trigger on similar words. This is called false-positive. This is what happened with your comment.
OK, I sort of understand, but then your bot would flag legitimate paypal links just because there is a lot of phishing going on with paypal? It is sort of a GIGO program then that needs tweaking to filter out legitimate sites. If this is the case, then your bot is blackballing a lot of innocents! I mean, who can afford to buy and park hundreds of domains just to keep spammers and scammers from using your name?
My bot is not flagging but issuing warnings only. Any flag is done manually.
It is not GIGO program, monitoring and tweaking is done.
Out of thousands warnings sent, I had only a few false-positives (can be counted on the fingers of one hand).
WARNING! The comment below by @charlesowusu leads to a known phishing site that could steal your account.
Do not open links from users you do not trust. Do not provide your private keys to any third party websites.
WARNING - The message you received from @charlesowusu is a CONFIRMED SCAM!
DO NOT FOLLOW any instruction and DO NOT CLICK on any link in the comment!
For more information about this scam, read this post:
https://steemit.com/steemit/@arcange/phishing-site-reported-steempix
If you find my work to protect you and the community valuable, please consider to upvote this warning or to vote for my witness.
@arcange i am a developer at steempix.com and we want you and your bots to do your work well. And stop flagging our post and spreading false information about our platform. We want you to understand that steempix.com is not own by steempix.ml
@arcange will you so kind to modify the title of your post so the domain in question steempix.ml is captured and not just our keyword 'Steempix'. This is all in an effort to not scare users off our platform. Thank you