A new scam is spreading on Steemit and try to steal your password using a website that looks like Steemit.
Scam description
Victims receive a notification from @cheetoh with the following comment:
The scammer use the avatar of @cheetah, the well known anti-plagiarism bot created by @anyx, and a name looking very similar to it.
The displayed URL is different than the underlying URL, which looks like:
http:/ /steemif.000webhostapp.com/@steve.uk
The underlying link in the comment is a poisoned link that will redirect you to a fake website looking like the original Steemit website
Notice the target website is not secured with an SSL certificate
The fake website will ask the victim to (re)log in using his password.
Note that the fake website shows where it is hosted.
The attack started 2017-10-20 16:09:00 and up to now, targeted 9 users:
@aishwarya, @skyleap, @me-tarzan, @terrybrock, @noxsoma, @scottybuckets, @karensuestudios, @elgeko and @honeydue
2 of them have already reported falling into the trap:
@twinklesong/twinkledrop
@honeydue/help-password-scam
White Hat in action
The account @cheetoh has been put on the black list of my Warning-Bot and it will issue a warnings comment with a link to this post following, notifying users of the malicious activity of @cheetoh.
Previous scam alerts
@arcange/scam-alert-and-white-hat-counter-strike
@arcange/phishing-exploit-has-been-stopped-scammers-thwarted
@arcange/potential-scammer-reported
Thanks for reading!
footer created with steemitboard - click any award to see my board of honor
Support me and my work as a witness by voting for me here!
