Checking Steemit a few minutes ago and I was surprised to see @simplymike's account with a very low reputation. After checking recent activity, it became clear that this was due to a series of downvotes by @blacklist-a and @steemcleaners.
<h4><span>But this is very uncharacteristic of <a href="/@simplymike">@simplymike, judging by the history of posts and the active participation provided to the <a href="/trending/newbieresteemday"> #newbieresteemday initiative. <h2>What is happening? <h4><span>1. The downvotes from <a href="/@blacklist-a">@blacklist-a and <a href="/@steemcleaners">@steemcleaners seem to be the result of <a href="/@simplymikes">@simplymikes spam posting a certain comment over the last 40-50 minutes. <p dir="auto">See the following image: <p dir="auto"><img src="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375515/yilnofvnjljj9jgrjugl.png" alt="Screen Shot 2018-03-06 at 10.24.35 PM.png" srcset="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375515/yilnofvnjljj9jgrjugl.png 1x, https://images.hive.blog/1536x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375515/yilnofvnjljj9jgrjugl.png 2x" /> <h4>2. This is the offending comment: <p dir="auto"><img src="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375433/zwxlfiwc7psjr1ut8msp.png" alt="Screen Shot 2018-03-06 at 10.26.04 PM.png" srcset="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375433/zwxlfiwc7psjr1ut8msp.png 1x, https://images.hive.blog/1536x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375433/zwxlfiwc7psjr1ut8msp.png 2x" /> <h2>WARNING: THE COMMENT IS A PHISHING ATTEMPT. <p dir="auto">Clicking on <em><strong>See more brings you to a fake website:<br /> <code>https://steemil.com/abuse/@grumpycat/... <p dir="auto">^ Notice it's <code>steemil instead of <code>steemit! <h4><span>3. <a href="/@simplymike">@simplymike's account was hacked after he fell prey to a comment left by <a href="/@kilbride">@kilbride on his post. <p dir="auto"><a href="https://busy.org/@simplymike/7-day-b-and-w-challenge-entry-2#@kilbride/re-7-day-b-and-w-challenge-entry-2-900" target="_blank" rel="nofollow noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">7 DAY B&W Challenge - Entry 2<span>If you go to <a href="/@simplymike">@simplymike's post <span>, you'll see that <a href="/@kilbride">@kilbride left that exact same phishing post. <p dir="auto">This was 1 hour ago.<br /> <img src="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375813/dxrjx1go5ev18hvlnu0c.png" alt="Screen Shot 2018-03-06 at 10.27.09 PM.png" srcset="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375813/dxrjx1go5ev18hvlnu0c.png 1x, https://images.hive.blog/1536x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375813/dxrjx1go5ev18hvlnu0c.png 2x" /> <h4><span>4. Shortly after that, <a href="/@simplymike">@simplymike's account was updated (looks like password was changed), recovery account updated and then he started posting the phishing posts. <p dir="auto"><img src="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375896/expketoivpn0xcqfvpta.png" alt="Screen Shot 2018-03-06 at 10.37.22 PM.png" srcset="https://images.hive.blog/768x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375896/expketoivpn0xcqfvpta.png 1x, https://images.hive.blog/1536x0/https://res.cloudinary.com/hpiynhbhq/image/upload/v1520375896/expketoivpn0xcqfvpta.png 2x" /> <h2>Everything can be found in the blockchain. <p dir="auto">For now, everyone should take measures to protect themselves. Make sure you check the websites before logging in to prevent your account being stolen! <h2>If you clicked on the post and logged in, change your password using Steemit immediately!! <h2>Edit: You can help by resteeming this post to help protect other users' accounts from the same hacker. <h2><a href="https://steemit.com/mapsters/@simplymike/the-most-important-thing-i-ve-learned-from-getting-hacked" target="_blank" rel="nofollow noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">this post about the experience and security lessons everyone should know on Steemit and in protecting your cryptocurrencies in general.<span>Update (9th March 2018): <a href="/@simplymike">@simplymike managed to get the account back. See
Yeah it's been hacked. I nuked it to zero with the sc account to hide the comments as they were being posted.
Great! I've been trying to spread the news on a few discord channels. Hopefully, no more users fall prey to this.
Tell everyone you know, that's the best way. Great job man.
Not only do you like creating puzzles, you are also quite good at solving them! We definitely appreciate community service posts like this and will help you spread the word as well... I think there are other posts that have mentioned this scam too.
By the way, thought you might be interested in @apolymask's Information Finding Championship if I haven't already mentioned it. We are looking for people of all skills and talent to contribute, and I was very impressed by your code breaking puzzle quest (which I am still stuck at the last stage :p). I think your participation would be welcomed :)
There's still a prize of ~4.6 SBD to be won! It'll be there until someone solves it =)
Thanks for the heads-up @plushzilla. Didn't know about it but I'm going to head over and have a look.
So close yet so far from reach... :D
I love the work that you are doing for our fellow Steemians, and I am looking forward to your participation in other groups :)
I am going to tag this comment with #blockchainbi to let @paulag and @eastmael know about the great work that you are doing using data to help people on Steemit. If you haven't been to the group this is the standard PR statement:
"I am part of a Blockchain Business Intelligence community. We all post under the tag #BlockchainBI. If you have an analysis you would like carried out on Steemit or Blockchain data, please do contact me or any of the#BlockchainBI team and we will do our best to help you...You can find #BlockchainBI on discord https://discordapp.com/invite/JN7Yv7j"
Jeez hope she will be able to have her account back soon. she gave me few guides on writing and help me how to create a good article content...Thanks and done resteem hope this will get quicker to rest of Steemit user.
Hi @dylen, the account was, thankfully, successfully recovered. I just posted an update:
this post about the experience and security lessons everyone should know on Steemit and in protecting your cryptocurrencies in general.Update (9th March 2018): @simplymike managed to get the account back. See
Hope you're not using your master key to log in as well! I recently made that very important change.
Thanks for the reminder.
Gosh, I’m really enjoying my 15 minutes of fame ... ;0)
Resteemed!
Thanks for the support @rlt47!
You're welcome! Thanks for posting!
Does this mean there is no way for simplymike to recover the account anymore?
This is not good.
24 minutes ago Start power down of 249.021 STEEM
She's trying to go through the account recovery process. Hopefully all goes well!
I hope so too. All delegations are cancelled and powerdown already started. Fingers crossed!
Could this be some sort of retaliation for support in the fight?
Oh, and simplymike is a she.
Don't think so. Seems like the hackers are using some of these common canned responses with different links to get users to the other website.
This one was quite smart in that it claimed a downvote and violation of the @grumpycat's "bot rule" when the bots were clearly not being used, which is strange and hence draws users to click on the link to find out what's happening.
I will definitely be paying more attention now.
What can you do if you find one of those Grumpycat comments/posts. I'm sending out an alert to a few discord groups I'm in with this post, but is there any action people can take if they get this 'Grumpy Cat' or other up/downvote. I can imagine if they can do this with the cat they can do the same with upvote bots.
So that's not the real grumpycat sending out those phishing comments. Seems like the hackers hijacked his canned message available here and edited it for their own nefarious purposes.
If you see something like this, the best thing to do is to report it to @steemcleaners at https://steemit.chat/channel/steemitabuse so that they can flag the account till 0 rep to hide all its comments. You can also try leaving a downvote on the comment and a reply saying it's a phishing attack, but unless you're using a bot, it's impossible to catch up with them.
Excellent, thanks for the tips.