You must be particularly careful because a new pernicious phishing attempt is currently spreading on Steemit!

Never give your password on suspect or unknown websites!!

I already warned you about several scam attempts (see bottom of this post for a list of them). Here is a new one.

Scam Description

The scammer will send you a comment like this:

_{NOTE: the author or the content of the comment may be different from the above screenshot}

If you look closely at this comment in detail, you will notice that it is actually composed of texts and images that serve to mislead the user:

How does the scammer wants to trick you?

1. He uses a fake “upvote/reply” image to simulate the end of his comment.

2. He uses an image containing a well known user name with a high reputation, in our example it is @exyle. Did you noticed there is no avatar in front of @exyle's name?

3. He adds his phishing comment with the poisoned links. You may think this is a comment from @exyle.

4. He adds a fake “upvote” arrow and “reply” link, embedded in an image with an underlying link to the phishing website.

5. He adds a a bunch of blank lines at the end of his crafted comment to hide the real Steemit’s “upvote/reply”

If you click on the link in the comment (the one that contains your supposedly copied post) or if you want to “upvote” or “reply” to “@exyle’s comment”, you will be redirected to a fake Steemit website:

_{NOTE: the domain name displayed may be different from the above screenshot}

After a while, the page will fade out and a popup will appear, asking for your credentials:

_{NOTE: the domain name displayed may be different from the above screenshot}

If you enter your credentials (DO NOT DO IT), you will be redirected to the the real steemit.com website.

The goal of the creator of this website is to steal your credentials to hack your account and funds!

Preventive action activated

I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.

If you find similar phishing attempts, contact me on steem.chat

To protect yourself, you can:

• always double check before clicking on a link, especially if this links take you away from steemit.com.
• verify the reputation of people writing comments on your posts. A user with a low reputation should trigger you attention.

Previous threat alerts

If you missed them, please find here the previous alerts I published:

• Scam alert and white hat counter-strike
• Phishing exploit has been stopped - Scammers thwarted!
• Potential scammer reported- @jones420
• Fake Steemit website try to steal your password!
• Phishing attack to steal your active key
• Potential scammer reported - @minnowpond
• Scammer reported - @russiann
• Scammer reported - @steemitrobot
• Scammer reported - @tripadvisor.com
• Scammer reported - @harquick
• Scammer reported - @gtg.witnesses
• Phishing site reported - sleemit(dot)com
• Phishing site reported - www.steemitfollowup(dot)ml
• Phishing site reported - www.steemitfollowup(dot)cf
• Phishing site reported - www.autosteemer(dot)com
• Phishing site reported - www.autosteemer(dot)club
• Phishing site reported - upperwhale
• Phishing site reported - steamit(dot)ga
• Phishing site reported - steenit(dot)cf
• Phishing site reported - steemautobot(dot)ml
• Phishing site reported - autosteem(dot)info
• Phishing site reported - steemij(dot)tk
• Phishing site reported - steemitservices(dot)ml
• Phishing site reported - uppervotes(dot)ml
• Phishing site reported - steemupgot(dot)ga
• Virus infection threat reported - searchingmagnified(dot)com
• Phishing site reported - steemrobot(dot)ga
• Phishing site reported - postupper(dot)ml
• Phishing site reported - steembot
• Phishing site reported - steemone
• Phishing reported - Scammers use account's profile
• Phishing site reported - steemitfoto
• Scammers must really hate me a lot to create a dedicated scam link
• Phishing site reported - pixz
• Anti-phishing war - The crooks continue their bashing campaign
• Phishing site reported - SteemitProtection
• Phishing site reported - myaprotection
• Phishing site reported - TPM Rotator
• Phishing site reported - SteemPix
• Phishing site reported - minnowboosternetwhitelistinvite
• Phishing site reported - steemituper
• Phishing site reported - steemiv
• Phishing site reported - Post copied without your permission
• Phishing site reported - Black Steem
• Phishing site reported - Steembottracker(dot)trade
• Scammer reported - @still-observer

reminder

A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:

Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!

Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.

Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.

Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!

4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.

Spread the words, resteem this post to your friends, and you will make the platform safer.

Thanks for reading!

---

If you notice any new suspect activity like the one described above, drop a comment on this post or contact me on steem.chat

---

_{footer created with steemitboard - click any award to see my board of honor}

Support me and my work to protect the Steemit platform.

Vote for my witness