Warning about phishing links
Lately, I have been seeing a lot of posts getting comments from bots or some random dude who can't even write proper English, I can hear you saying "But Deathwing, this always happens, it is not something new" but there is one caveat in those comments.
All of them have a link, a link that seems similar to steemit.com or any other big sites such as busy but in fact, it is not.
In this picture, you can see the user posted a link with a normal spam message you say? But in fact, it's not a link to his "usual" profile, well... It is. But not on Steemit. More on that later.
What is Phishing
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Wikipedia
Phishing is pretty much a way of scamming, stealing your private information. Most importantly, your private keys or passwords here on steemit (never, ever use your password to login, always use a posting key on a daily basis. ONLY use active key when you are verifying stuff (well, transactions in this case).
Alright, back to the "link" thingy.
As you can see when I hover over the link, you see "sleemit.com" so, what is the difference?
This image is taken on Steemit.com, as you can see; I am completely logged in with Steem Plus active.
And this is Sleemit.com, I am no longer logged in and Steem Plus is not active anymore. I am not on Steemit anymore, but the site looks EXACTLY like Steemit and works like it. So this is the phishing right here. As an innocent user, you would think you just "got logged out" and would instinctively log back in once again.
You see the normal login page of Steemit, and only a few scripts are running
And there you go, this is Sleemit's login page. A few extra scripts right there and the most notably, app.js which is the javascript file they use to steal your passwords as soon as you log in.
Ways to prevent this:
Always check the link you are clicking to
Install the Steem Plus extension made by @stoodkev as it will warn you whenever you are clicking a link that directs you out of steemit.com
Don't click the links at all if they are posted by low rep users, or have no meaning.
TLDR: Never click a link before checking where it redirects you to. Especially on Steemit. Otherwise you will have your password stolen, your account and your money gone. Always have Steem Plus installed.
P.S.: The site and the user I shared here were completely out of coincidence, during my observations for the past few weeks I know that there are more than 15 maybe 20 phishing sites available on the internet just to steal your passwords.
Yes, I have to be careful who I contact because they got their account hacked and lost their SBD/STEEM:(
You have received an upvote from @nicestbot. I am an automated curation bot trying to make minnows happy.
hello @deathwing, i want to be a moderator of utopian under your supervision. can i have any chance? i want that job, i need that job.
You got a 5.39% upvote from @postpromoter courtesy of @deathwing!
Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!
Hey, Dear! You seem very creative! :) Great to have you here. Looking forward to your adventures!
I’m into motivation, psychology and healthy lifestyle in case you would like to visit my channel, VALUE guaranteed.
I've verified that your content is original, and that means it's so good that I had to check.
Very nice Post
Thanks for sharing this Post
I appreciate your life.......
Your post has just been upvoted by @ehsan847 - The nonprofit service that rewards and promotes original photographers on Steemit.
That's dope.
Man they are trying like crazy. Just you should never click on anyone asking you to follow or whatever
Nice advice please follow me via this spotlessben
My name is chandra.
I'm from contry indonesia.
Saya berterima kasih kepada seluruh pengguna steemit.
Saya berharap teman teman bisa membantu saya untuk lebih populer distimeet.
Thanks all
Chandra you are welcome to steemit its a place to be hope you enjoy it good luck.
ayudenme con mi perfil https://steemit.com/@jlalvarez
Goog warning . Resteem it!
yes sir @deathwing, i also get comments on my post 6 hours ago from purpleandgold account. I am very worried about this. certainly not just me but comrades who have long existed in this platform. we should now be very careful, whether we can know the account is a danger? I mean other than sending a link on our post?
Thanks for the heads up amd advice!
Excellent thank you for the headsup daethwing
Informative post! Thanks for the warning. I will be very careful from now.
good info thamkyou!
Good information earn from your talent not to damage any one profile
be a good man
I am new here so I don’t have anything to take... yet. Besides not clicking on suspicious links, is there something else I should do?
Everything is mentioned in the post.
You could add the extension suggested and not login with your password.
Good luck.
Nowadays it's a lot more easier to hack individual accounts than the institution. It's all about "Social Engineering", and the only way to counter it is common sense and education. You can check my blog post about it: https://steemit.com/steemit/@cortexx/how-to-protect-yourself-from-hackers-or-social-engineering-or .
I agree. Hackers are trying to exploit people in any way possible.
I make it a point to downvote those type of accounts whenever i see spammy posts.
Yep, when security gets too tight, they have to go for the individuals instead.
Honestly, the site shown in this post is scary in terms of how good it is. Most scam sites are not quite as good at matching the real site.
thank you so much. Resteeming this. Just last week I read about how a user lost his money but regained his reputation back and his account, thankfully
I am not getting why these people interfere even in a well assembled and genuine ways of earning. Why they don't try the actual and genuine ways of earning instead of fake and pathetic tricks. What is the reason of their evil acts? Poverty might not be the valid reason so far
Wow! Thanks for being on point. I don't have much for phishing scam jerks to steal yet, but maybe in the future this will be great info to have.
The beginning of this process was inevitable. Accs of Steemians are so good rewards for bad gays.
Thank you for security information. It must be resteemed.
I've seen several people posting similar comments. I reported them to @steemcleaners. I recommend using a password manager like Lastpass as that only fills in the password for the legitimate sites
Thanks for opening my eyes to this... Though I have been seeing links like that but never clicked on one. I wish everyone on steemit can see this so the risk of being defrauded will be minimized. You are a soul saver @deathwing
Thanks a lot for this information! At least, I am now aware the existence of this kind of acts in the community. It is very helpful, most especially that I am just a month old in steemit and not that very familiar yet on does is works! Again thanks a lot for sharing!
Nice post. I will follow you @incognitoct
I made a Chrome desktop browser extension to help identifying those links more easily: https://steemit.com/utopian-io/@quochuy/steemed-phish-v0-0-14-is-out-a-chrome-extension-to-protect-yourself-from-steemit-like-phishing-scam-websites
If you know of other websites to be blacklisted, let me know
Quochuy please could you enlighten me more on your post? Please follow me here spotlessben
whaa, many people using it domain looks like steemit cckck
thanks bro for post and your warning
Thank you for the heads up! I wish these scammers would get a life, bunch of losers. Nice post
Oh what the hell man, i usually dont fall in traps like that. But this indeed looks way to legit, i could for real fall for that. Thanks for posting this
Thank you very much for this post. Its really helpful especially for newbie like me. Stay blessed
Wow, holy s..t!
You learn everyday something new.
Thanks deathwing for bringing attention to this. Could have easily clicked on one of those links the past few days.
Thanku soo much sir for this information
why should warning
Stop phising
Very interesting find. Very sneaky form of attack. Scary thing is it is so easy to register a domain name and even SSL certificate these days. Also scary because anyone can pretty much run a frontend for condenser, but it is hard to know if the site is trustworthy or not. Thanks for the article, I find this kind of thing super interesting. Will be following you.
Some of the guys that do phising like do make use of url shorteners to hide the actual link. Or from what I could tell in your post they used steem markup to disguise the actual link. In the case where the use a url shortnerer for example tinyurl then you can actually check what the link redirects to by making use of curl. You can do it like this:
See the output. The actual url it redirects to is in the "Location" section in the response.
This link for example was a tinyurl link for the video:"Rick Astley - Never Gonna Give You Up". Haha I got you!
Anyways tinyurl has a feature where you can take any link shortened by tinyurl and preview it by prefixing tinyurl with "preview" like this: https://preview.tinyurl.com/2fcpre6.
Just take in mind that tinyurl is one of many sites that people could use to shorten a url. Twitter even have their own site that they use to shorten any links posted on twitter. My curl trick should work on almost any url shortener, but if you aren't that technical I would suggest that you try:
http://www.checkshorturl.com/ which you can use to check shortened urls. For example I did a check for this url that was shortened by twitter's url shortening service: https://t.co/LGaAniJH32
Something you can also do if you aren't sure if a frontend/site other than steemit.com is legit or not is to use security related reputation checking site to check what other people have to say about the site. Here is a list of sites you can use to check if the site is flagged as malicious by other users or not:
https://www.threatcrowd.org
https://www.virustotal.com/ (It has a feature to check a url and there is a very handy comments section)
https://www.phishtank.com/
(Btw I check sleemit.com and its not mentioned on any of these sites yet , unfortunately).
These are some really nice resources to know about. I myself have clicked on a redirecting phishing link on here but it is worrisome especially for those who don't have a good idea about how front-ends interact with the blockchain.
Anyone can build their own Steemit-like front-end, that's not a problem at all as it can be totally legitimate without needing Steemit to sanction it, but knowing who to trust when it's not Steemit or doesn't use Steemconnect is tricky. It's nice that there are easy technical and user friendly options out there to check but yeah, keeping an eye out and protecting yourself starts to get a bit more serious in decentralized systems.
Be careful what you are clicking on. If it runs javascript then it can do a great deal on your computer, for example people can even go so far to open a shell on your computer using javascript. This is something that people do often when they exploit xss attacks, but if you are willingly visiting a site then they don't even need to trick you into running the javascript.
You can see more about this type of attack here:
https://www.slideshare.net/BartLeppens/owasp-appseceu-2015-beef-session (See from slide 49)
Thanks for your feedback on my comment!
Awesome stuff again, especially those canary tokens. I'm not sure how exactly it could be implemented, but I can see maybe some sort of interesting key-specific decryption of a picture like they were talking on a website that logs use automatically. Not sure how that would work on attacker's own websites or even Steemit though. Interesting to think about.
And yeah, I even read somewhere that web javascript could exploit those Spectre and Meltdown vulnerabilities. I just love it because it runs so easy... everywhere.
You can maybe ask these guys:(Who wrote this blog post)
http://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html
To add a honey/canary token for steemit active or posting keys to their site. Which would enable you to see if somebody tries to use a fake made up posting or active steem key that you posted to a frontend, the site emails you if someone tries to use the details that you generated on: http://canarytokens.org/generate
Hope that makes sense? Maybe somebody needs to make a site to track the reputation of steemit frontends.
Hey @deathwing, gotta love Steemit! Still awesome platform and community and it's nice having great people contribute so we all benefit. Keep up the good work! Cheers!
Can't agree more! The best platform around @asad24434!
I'm new to steemit, and this is really important info...for real! Thanks a great deal @deathwing
Good information!
Thanks!
....upvoted and resteemed
someone sent me one of those when I was on steemchat and I was also talking to people on the general chat and they told me not to log in with my account. I was relieved I didn't do it though. :) thanks for the post
this link also another phishing site, Be careful!
If you look closely, there is another small dot under S.
thank you for sharing information,
Nowadays it is very common on steemit. One of my friend got hacked few days ago. Than he recovered his account by clicking on stolen password option. Toady I also got similar comment but I avoided because It seems phishing. So guys please always check before clicking on theese type of links. Most of them have less than 25 reputation.
Lately telegram has become a breeding ground for scammers/phishers. I recently wrote an article about that. https://steemit.com/ico/@chiraagnd/trolling-ico-phishers-scammers-on-telegram
Phishing is relentless on every platform, be it email facebook etc.
Be aware and read! read the link you are about to follow
highly important information for all new to steemit as well as any who may not know about all the different ways one can be hacked if not attentive. thank you for this.
thanks for the warning
very useful post, thank you dude!
PLEASE MAKE A SEPARATE PAGE FOR COMPLAINERS, PROGRAMMERS AND MEETUPS. THESE DONOT COME UNDER GOOD CONTENT. STEEMIT IS ABOUT GOOD CONTENT CREATING GOOD POSTS/BLOGS, STEEMIT IS NOT ABOUT STEEMIT.
HAVE YOU SEEN QUORA MAKING BLOGS ABOUT QUORA AND TRENDING?
STOP THIS NONSENCE
WE NEED TO FIX THESE THINGS FIRST:
a) We need good content on trending page, and no 2 liners or only specific content related or of specific members only or just a dinner shot.
b) Bots should review the posts before upvoting.
c) Need genuine Meritocracy, not fake (Give Fair chance to everyone, not just the rich)
d) Meetups/Programmer related should be funded privately, and not by trending, This is not called good content. Need a speprate page for it like an UPDATE or ANNOUNCEMENT page.
e) Or You can remove Trending and Hot page, so people will only look for content they are intrested in, using search bar or tags, & not upvote only for rewards.
f) We also need Reward limits and Posts limit. I guess if we keep max 200$ per post and max 5 posts, that comes to 1000$ per day means 30000$ per month. Which is morethan enough for any one to live life in any part of the world. and obviously you can invest in steem/SBD or other cryptos. This will also limit greed.
g) Also a minimum reward like 50 cents to 1$ (more or less i leave to experts) for every post with a minimum content (bots can handle this im sure) will give a boost to minnows, and will also lead to genuine wealth distribution.
All the above points will eliminate the "Central Banking System for the Rich only" type scenario that going on on steemit.
Reposting here as it gets ignored all the time..
NEVER DID FOLLOW FOR FOLLOW
Thanks for the heads up! I will be extra careful of this phishing scam.
Wow! Thanks for being on factor. I don't have plenty for phishing rip-off jerks to thieve yet, however perhaps within the future this may be extraordinary info to have.
Try to check these phishers!
@farhannaqvi7 is a phisher!
he changed his comment to smile because I mentioned @duplibot
you can also check @sjworld
Thanks for sharing this content! RESTEEMED!
Congratulations @deathwing!
Your post was mentioned in the Steemit Hit Parade in the following category:
It seems simple but thank you for the reminder. It is so easy to get complacent on here and just happy click. cheers.
if the browser is uptodate a https will be enough
also why not clicking on the name rather than the link? ;)
Thanks for letting people know, as a newbie here I really appreciate this. I'll definitely be extra careful if I click any links people provide in the comments. It stinks that horrible people are so dishonest :( Then it makes good people like us weary of one another. It's just unfortunate.
Thank you for sharing this information.
I hate these shits, but unfortunately, in crypto, there are loads of these types trying to steal our coins.
Just got to be careful online :-)
Stay safe everyone
Damn. Thanks for this man.
The site you showed is a seriously well done scam. I almost got hit by phishing on Facebook once - I clicked a link to "Facebok.com". Fortunately I saw that there was only one "o" in "Facebok" and figured out what was up. Another good way to be safe is to go to the website normally and see if you are logged in. I had actual Facebook open in a different tab so I could also tell that way.
Thank you for the information. Will be more careful in future (Y)
They're also sending tiny amounts 0.001 steem to your wallet with a message and phishing links. Don't click!