Phishing site reported - upperwhale

in #steemit7 years ago (edited)

Scammer is using several domains, with the same phishing technique

Description

The scammer publish the following comment on user’s post

The scammer use 3 domains: upperwhale(dot)gr, upperwhale(dot)ga and upperwhale(dot)ml

If you click on the link in the comment, you will be redirected to one of the following sites:

The site is a simple “static” website created using the gooyaabiteloates.com website creator.

In the middle of the website, you are invited to “test the service for free” for 30 days.

If you click on the “Join Now” button, you will be redirected to a fake SteemConnect page

Let’s have a look at the source code of the fake SteemConnect webpage

What we can see is a script that, when you click on the Sign In button, will send the entered information (usernale and key or password) to another do.php page.

What is Phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

source: Wikipedia

The sleemconnect.ml website looks EXACTLY like steemconnect.com, but its behaviour will differ as it clearly want to steal your credentials to hack your account!.

Preventive action activated

I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.

If you find similiar pishing attemps, contact me on steem.chat

To protect yourself, you can:

  • always double check before clicking on a link, especially if this links take you away from steemit.com.
  • verify the reputation of people writing comments on your posts. A user with a low reputation shoud trigger you attention.

Previous threat alerts

If you missed them, please find here the previous alerts I published:

reminder

A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:

Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!

Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.

Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.

Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!

4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.

Spread the words, resteem this post to your friends, and you will make the platform safer.

Thanks for reading!


If you notice any new suspect activity like the one described above, drop a comment on this post, contact me on steemit.chat or via Telegram (@The_Arcange)


footer created with steemitboard - click any award to see my board of honor

Support me and my work to protect the Steemit platform.

Vote for my witness

Sort:  

A very high value post. These things must be reminded again and again and again. Resteemed

Thank you!

keep up the good work @arcange, maybe i should ask the guys and gals at @comedyopenmic / #comedyopenmic to put some entries about scams and phishing sites to give it more visibility.....people do remember better when they laugh!....though this is no laughing matter :|

This is becoming very rampant. As steemit grows it will only get worse. Stay vigilant everyone as I myself was a victim once in my early days here. I hope to not be a victim again. Thanks.

what will I do If I joined to this scammers? I didn't know... I thought it was a good offer from uppewhale

Wow, tricky. Thanks for the info!

I voted for you for Witness.

I just noticed your ensignia is of an angel with a sword so I guess you dropped the "l" in your ID.
Cheers.


Screenshot_2018-03-23-21-07-12.png
Actually i attack yesterday one of my post of this scammers! Thanks to @arcange for suddenly informing me in my post, Or else ill be one of their victim if im not informing immediately. Thanks so much @arcange.

It never ends, Great work keeping us informed and safer :)

Peace

It never ends

Yep, this is becoming nearly full time fight 😅

Nice comment...

Important comment....

I want to flag all those spammers, But my sp is low. How can i mention big someone so that they can see the spaming things after my flag?

if we are already victims what should we do? please clue! my friend has become a victim.

Your friend should change his password immediately!

Does it mean we must generate our password? Or we should do recovery account? I think recovery does not work

ok I will convey, may this info I translip in Indonesian for me to share to my community and friends,


Saved itThanks for your warning @arcange , and the phishing link-list.

have a nice day
and Steem On
Raoul

Its really scary, thank you very much for the information.
Let's take care with each other. Its one of the pillars of steemit community.

Let's not make evil win.

Thanks a lot @arcange for aware us about such type of scammers. good work, I appreciate your efforts really helpful and guideline for us.

thank you very much, you have given us very useful information. we will be very careful of evil things. hope you always succeed

Seriously, stop spamming my blog! It's just a sad strategy, a desperate attempt​​ to to get more upvotes. It's not working, so cut it!

Man, you received 2 warnings because you got 2 phishing comments. One today, and one 2 days ago.
Is that what you really call spamming?

We all know who is spamming with the same comment all over the blockchain.
I'm not phishing anyone, don't accuse me of something I didn't do. Please show me my 2 phishing comments.

Re-steeming this post. Thanks for doing all of this followup to keep the Steemit platform safe and functioning.

Thank you for the warning and tips on how to elude scam sites and scammers

Thanks for your warning @arcange. Resteemed!

Capture.JPG

Thanks for looking out! I figured thats what it was... most anything in crypto now is a scam, we gotta find a way to fix this... Gotta dig through all the crap to find those gems :D

Wow nice catch! There should be a community build incentive where people would get rewarded with tokens for finding this trash. To also teach people about steem and steemit and what we expect as a quality content platform. Cheers.

VERY GOOD POST! THANK YOU SO MUCH!
IMPORTNAT NEWS!

#news #bitcoin #etherum #blog #litecoin

Thanks for you @rcange for information to my post about the phishing comment

since I'm in steemit thank God I have not been scammed by anyone, I only use the original platform I do not look for other applications to get votes or more referrals .. all I get is for my own effort .. it's good to be informed of the new website that try to steal our password to later withdraw our funds that we have worked so hard to have it.

This is becoming more common. We need people like you to warn the newbies before they lose their accounts. Thanks

Glad to help =)

Thank you so much.

Thanks for the post.

Upvoted - Resteemed and followed.

Where do we find these different active keys? posting key etc

Realy important post for phishing

Thanks for compiling all the posts into one, much easier to share one then a ton.

it arrived at me today, thanks God I double checked, resteeming this

Good very good. I like this pogram

Thanks alots for helping steemians really appreciated

my friend's steemit account @zamanhuri14 is already hacked, how to restore it?

What if I already joined to this kind of scammers? I wasn't informed.

Good job! Well done! :)
If you want to read about Tabnabbing and Clickjacking on Steemit and other social media please take a look at my article too :D
https://steemit.com/security/@gaottantacinque/steemit-chat-is-unsafe

Ohhh its too difficult to identify these kind of sites... Thanks for information