Dear Steemit Friends,
I just wanted to remind and warn the Steemit community to always be vigilant about their account information and not take everything at face-value. Unfortunately, everywhere in the world, there are people looking for unscrupulous ways to make money, all at someone else's expense, loss, and suffering - unfortunately, Steemit is no different. When there is money involved, scammers and people waiting to take advantage of other people will be lurking close behind.
For most of you that have been using Steemit long enough, the scams are easy to detect and often times they are the same over-and-over again. Once in a while though, one may come around that is truly unique that goes undetected and victimizes many people before it is finally identified. There is no way to combat it and even the most careful people may eventually become a victim when they let there guard down.
Over my Steemit career, I have been scammed a few times and despite the number of warnings that are put out there, it is difficult to stay ahead of all of them. Repetition and constant reinforcement are one of the most effective ways to get the word out and hopefully will protect more people from falling prey to the same incidents. Let's admit it, we are fighting a losing battle, but... that isn't going to stop me from trying to warn as many people as possible.
Yet another Phishing Scam
Today when I woke up, I did what I usually do and went to check on the replies to my most recent posts. As a daily blogger, I want to make sure that I pay attention to all my followers and potential followers by responding to their comments, suggestions, and feedback. It helps me become a better writer and content developer and helps me figure out what topics I should post about.
I was going through my comments when I got to one that recommended I visit a post that related to the topic I had just written about. I thought
"Why not? Let's check it out..."
BTW, the comment was the one pictured below
As you can see the user has a pretty good reputation and the link led to another author with a fairly decent as well.
When I clicked on the link, It took me to another Steemit post which was written fairly well by an author who had a pretty good reputation. I read the post and decided that it did merit a response, so I clicked on the reply button and started to type my comment. By this time, I had noticed that I was no longer logged in, which on occasion happens (although for the most part, I'm always logged into Steemit.)
Like most people, I don't have the time to review the profile and previous posts of everyone who comments on my blog, but I do on occasion make an effort to take a look at other peoples content when they have taken the time to look at mine - especially when they make an effort to leave a comment.
I clicked the login button and was about to type in my login details so I could submit my comment when I glanced over and noticed the URL for the post.
If you look closely enough, although secure, you will notice the URL is directed towards https://steewit.com.
Today the Steemit blockchain has so many new applications being built on top of it, and there are so many front ends that are created which provide an alternate source for posting to the blockchain, but typically when a URL is so close to the spelling of the original name of another legitimate site, chances are it is a scam. What makes it scream scam even more is the fact that nowhere is there a post about this new front end website.
I replied to the comment and asked what steewit.com was, but I doubt I'll get a response.
I continued to reply to comments on my post when 2 responses later I ran into another comment that said the following
This comment led me to a post of a well-known witness who I have known and worked with for a while now (@aggroed) and like the previous post had a steewit.com URL. Again, I was not logged in. It is no doubt that this site pulls information from the Steemit blockchain and very well could be legitimate, but too many things just send warning signals. The commenting accounts are bot accounts that scam for keywords and responds with comments pulled from a random list of responses and adds links to posts from legitimate content creators through the steewit website.
Below is another example of a comment leading to the phishing site using a post from a well-known witness, @yabapmatt. What is troublesome and alarming is that it is a comment by a witness who is no longer active in the Steemit community. Assumingly, the account has been hacked, but if you will notice, still has a very high reputation and is still posting.
There are a number of accounts associated with steewit.com and a number of commenting accounts linking to the site. When you do a lookup of the sites registration details, no details make sense or are legitimately working. I tested the contact numbers and they lead to a disconnected number.
Domain Name: STEEWIT.COM
Registry Domain ID: 2233973912_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ilovewww.com
Registrar URL: http://www.ilovewww.com
Updated Date: 2018-03-02T02:32:07Z
Creation Date: 2018-03-01T17:34:11Z
Registrar Registration Expiration Date: 2019-03-01T17:34:11Z
Registrar: Shinjiru MSC Sdn Bhd
Registrar IANA ID: 1741
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Millian Dyroy
Registrant Organization: Ideal Garden Management
Registrant Street: Ramsvikveien 211
Registrant City: GODVIK
Registrant State/Province: GODVIK
Registrant Postal Code: 5179
Registrant Country: NO
Registrant Phone: +47.4742343443
Registrant Phone Ext:
Registrant Fax Ext:
Registrant Email: firstname.lastname@example.org
Registry Admin ID: Not Available From Registry
Admin Name: Millian Dyroy
Admin Organization: Ideal Garden Management
Admin Street: Ramsvikveien 211
Admin City: GODVIK
Admin State/Province: GODVIK
Admin Postal Code: 5179
Admin Country: NO
Admin Phone: +47.4742343443
Admin Phone Ext:
Admin Fax Ext:
Admin Email: email@example.com
Registry Tech ID: Not Available From Registry
Tech Name: Millian Dyroy
Tech Organization: Ideal Garden Management
Tech Street: Ramsvikveien 211
Tech City: GODVIK
Tech State/Province: GODVIK
Tech Postal Code: 5179
Tech Country: NO
Tech Phone: +47.4742343443
Tech Phone Ext:
Tech Fax Ext:
Tech Email: firstname.lastname@example.org
Name Server: ns1.ipchina163.com
Name Server: ns2.ipchina163.com
Registrar Abuse Contact Email: email@example.com
Registrar Abuse Contact Phone: +603 2031 8850
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2018-03-02T19:01:20Z
Just to make sure I wasn't crying wolf and to confirm if the site is legit, I used a dummy account to log in. I left it alone without changing my login details and after about 1 hour the information was changed and I could no longer log into that account. True, this gives the scammer another account that he can use, but I doubt it since the account is titled with an obvious name depicting it as a scammer account.
As I am writing this post and doing additional research, I came across a Steemit user who was scammed. You can see her post HERE.
My warning and advice to all users new and old. Be sure to be extra vigilant and observant of who or what you give your password, login, and personal information to. Not everyone can be trusted. The world is a big place and the internet provides an even bigger playground of victims for people who have bad intentions to take advantage of
I hope this serves as good advice and is timely enough to help get the word out before more people are taken advantage of.
Thanks for reading
If you have any questions, inputs, or feedback, please feel free to post a comment below. Please also help me spread the word by upvoting and resteeming this post. Thanks and be safe!