I recently see a surge of complaints about clone websites of Steemit that asks users to login again and then steal their credentials and break into their accounts. I saw some people asking for help on the @steemcleaners Discord server and others posting about it like @runicar here
Those scam websites are just using the same code as Steemit.com so they just look identical to the official website: same look, same content, same behaviours except that they will record your login and password when you type them thinking your Steemit session has just expired. I switch between posting and active key multiple times a day, so I might not suspect anything if the website asking me again for login even if I’m usually careful about these stuffs. The new beta design of the official Steemit website does not help, you could think the official site is a scam and the clone site is the official...
Additionally to the same look and feel, the clone site have a domain name does looks like the official one:
- steemit.com (official)
- steewit.com (scam/phishing)
- steemil.com (scam/phishing)
If you don’t pay attention, you wont notice the one letter difference here, especially when the URL is long such as the link to a blog post.
Getting these clone site taken down won’t be easy task, unless maybe we all complain to the web hosting provider behind them. But even if you succeed they can go to another hosting company and built it again or buy another domain name.
Yesterday night, I attempted to build a Chrome extension that whitelist official sites:
- steemit.com
- busy.org
- chainbb.com
- steemitstage.com
- mspsteem.com
- utopian
- dtube
- dsound
I will add more of them soon,
When accessing these sites, the extension will inject a little javascript code that I will use to check links from the current website. The current logic is:
- the extension icon changes color depending on whether the website you aren’t on is an official website or not: a green icon means it is an official Steemit website, an orange icon means it is not a Steemit related website
- if it is an official website, clicking on a link that takes you away from it will show a pop up warning you of it. This will be changed soon to another, less obtrusive method.
- if you land on a blacklisted website, it will cover the whole page in red with a warning message
I will be adding more features over the weekend such as a new scam website reporting screen.
This should remind all of us to never use our Steemit password (Owner Key) but use the Posting Key and Active Key instead. If something goes wrong you can recover your account.
The extension can be found here:
Steemed Phish chrome extension v0.0.7
I will release the code on GitHub next week for people to verify the safety of the extension.
Vote for your 30 witnesses
I don't follow for follow, I don't upvote for upvote. If you make quality posts that I like/enjoy then I will upvote and/or follow you