WARNING: Phishing is Back!


image.png


DO NOT click on any links in comments. Phishing is back on Steem.


image.png


Do not use your active key or password in any website. Use your private posting key only.


If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.




How does it work?


You will likely see comments and posts with threatening or attractive links. Ignore them. Don't click! This is a common phishing ploy and over 1000 accounts are currently under phisher control. Some of them you may know as former friends. Whatever you do, do not click on anything.


The links look like they belong on Steemit or another legitimate front end but they do not. They take you to a website that looks similar and trick you into revealing your credentials.




Resteem this to get the word out.




More resources:
https://github.com/gryter/plentyofphish
https://goldvoice.club/steem/@guiltyparties/phishing-warning-2-0
https://goldvoice.club/steem/@guiltyparties/phishing-messages-faq






Comments 53


Thank you. Resteemed.

08.03.2020 00:20
0

Good to know. Thanks.

08.03.2020 00:45
0

If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.

You can change your recovery account via Steemworld.org

Click account details.

Click Change Recovery account

Sign the transaction with your private owner key.

image.png

08.03.2020 02:37
0

I'm a little bit wary of using my owner key there. And the Steemconnect link is invalid.

08.03.2020 03:12
0

Change keys after you do this if you're that worried. :)

08.03.2020 03:13
0

Might have to. Don't want anything relying on Justin Sun providing a service to me.

08.03.2020 03:34
0

Could not get this to work, not sure if I missed some step, always used steemconnect.

08.03.2020 14:01
0

It takes 30 days for the recovery account to change

08.03.2020 14:21
0

Thanks for assistance!

09.03.2020 09:39
0

Good addition!
However, two remarks for those not so familiar with the topic:

  • If you set this to an account that is not your own, talk with the new recovery partner beforehand. He/she better knows how the recovery works and how to verify it's actually you in the case somebody is requesting the recovery.
  • If your account was not created by Steemit/@steem, don't set @steem as recovery partner. They use the mobile number and/or email provided during signup to verify the recovery request. They don't have this information from you and won't be able to recover your account if your account was created elsewhere.
08.03.2020 14:20
0

Yep! My recovery account is one that I own. Prompted by this very post!

08.03.2020 14:22
0

My recovery account is Steem but can I change that without a master key?

09.03.2020 12:34
0

You need the owner key or the master password to change the recovery account.

09.03.2020 16:46
0

Oh ok, thanks.

09.03.2020 18:18
0

Just who to trust?! ha

08.03.2020 14:56
0

Thanks to share here

08.03.2020 19:37
0

good to know, scary still

08.03.2020 21:09
0

I have a question. What is required to create a recovery account? My first account, this one, was made via Steemit in 2017. I have not seen a private master key for this account and I assume whoever created this Steem account (my Steemit account, @joeyarnoldvn) for me on my behalf has my private master key. According to Steemd, my recovery account is Steem or @steem.

Which keys are required for changing recovery accounts or can I change mine?

09.03.2020 12:31
0

If you log into steemitwallet.com you can get your private keys.

Your master key (or password) provides access to all the below

Your posting private key lets you post transactions to the blockchain.
Your active private key lets you transact - power up, send steem, etc
Your owner private key lets you change your recovery account.
Your memo private key lets you read encrypted memos (transfers sent with a prefix of a pound symbol (#)

Hope that helps

Think of this as having different locks to different sections of your house.

09.03.2020 12:36
0

No. I've tried many times for years. I've been having this problem for many years now. I used to write articles about this. Based on what I've seen since like 2017, I have not had access to my private master key. I believe I never got it in the first place. I am not new to Steemit. I have made three other accounts and I obtain master keys to two of them and do not have master keys to the ones I made via Steemit as they keep the master keys. My recovery account is @steem.

09.03.2020 12:41
0

I'm not sure I understand, when I signed up my account ~3 or so years ago, I did so via steemit.com, and I remember painstakingly writing down all my keys by hand, including my masterkey (password)

I've changed them a few times since though!

09.03.2020 12:43
0

Yeah. You might be right. So, it is possible that I lost mine if that is true. In 2019, I created another account via Steemit and did not get a master key. But when I created 2 other accounts via another website, I did get the random twelve words or passphrase similar to what you get for Bitcoin and other cryptocurrencies. So, I saved those master passphrases for those two accounts.

Are you talking about just a password or a passphrase as in twelve random words?

09.03.2020 12:47
0

Password. Mine is not a key phrase.

09.03.2020 12:55
0

When I created 2 Steem accounts, I got key phrases. It is the same as Bitcoin. And then there is the master password which should be one level under the passphrase.

10.03.2020 09:33
0

@holoz0r bit green here but in account recovery what are you changing @steem from to what? what are we changing to exactly? I have all keys safe yes

18.03.2020 08:33
0

I don't think @steem needs to be changed.

18.03.2020 18:20
0

Well didn't you lose your owner key? I'm wanting to remove my account recovery from steemit because I think that doesn't exist hence the keys but I heard it's possible to do account recovery elsewhere such as splinterlands for example

18.03.2020 21:26
0

When I created an account in 2019 via Steemit.com, they did not give me an owner key. Account recovery depends on how your account was created in the first place. I created two accounts via Steemit.com and I created two other accounts via a different website.

18.03.2020 22:02
0

well if you didn't get owner key whats the site steemwallets like? or steemworld ? i'm sure a site exists that will let you generate your owner key.. I was given all keys when I created my account in 2016

18.03.2020 23:19
0

Did you create your account via Steemit.com?

19.03.2020 00:12
0

Yes

19.03.2020 19:11
0

Other Websites:

When I created two accounts via not Steemit.com but another website, I got master passphrases which is a level above the private master key (password) and the passphrase is twelve random words similar to how Bitcoin, Ethereum, and other cryptocurrencies do it for their passphrases. When I created 2 accounts via Steemit.com, I did not get master passphrases because I didn't actually make the accounts.

Master Passphrase

Twelve Random Words

Private Master Key

Password code of letters and numbers

Creating or Registering

Because when you register on Steemit.com for example, you are submitting your request to join and a Steemit staff or somebody will pay 3 Steem or a certain amount of money to create the account on your behalf and they retain the passphrase in my experience. I know this because I have Bitcoin and because I created 2 Steem accounts on my own.

Recovery Accounts

So, when you create your own account, then you can assign a recovery account. When you register for an account on Steemit.com, then the recovery account should be @steem and that probably means that the Steem or Steemit Inc account (@steem or whichever accounts that may do those types of things) keeps the master passphrase for each account they create on behalf of the people that joined, that signed up, that registered to join Steem via Steemit.

Accuracy

Everything I'm saying is based on what I've observed based on things I did, since I created 2 accounts, and registered for 2 other accounts. So, I cannot say everything I am saying is totally accurate but as far as I know, this is what I saw and experienced.

Private Keys vs Public Keys

But at the same time, this account, @joeyarnoldvn, which I registered for in 2017, I may have lost my private owner key as I ended up saving my public private key back in 2017 and I kind of didn't know that there were public and private keys or maybe I forgot. So, that was a lesson I learned the hard way I think.

Changing Recovery Accounts

I think I have heard some people saying it might be possible to create and change the recovery account for a Steem account and I have tried to do that a few times and failed via Steemit.com or the Steemit Wallet website. I think I remember it saying I couldn't as I cannot seem to be able to find my private master key (password code of letters and numbers) or my master passphrase (twelve random words). As of right now, I cannot say that I am an expert in all of these things. I may try to investigate some of these things more in the future. I may try other websites, apps, to see if I can better protect some of my accounts. I think two of my accounts I created has this account here, @joeyarnoldvn, my first account, as a recovery account. In the future, I may try to change that as I do not have a master key for this account. Well, unless if @steem could perhaps reset my passwords, my keys. Yes, you can go into the wallet to try to reset the keys but it requires the master key which I think I lost. If Tron Overlord Justin Sun has control over the @steem account, he or other Tron staff could try to lock me out by resetting my keys. Well, I don't know if that is possible or not. But I kind of don't want to find out the hard way.

Hive

The good news is that we can at least try to move over to Hive and leave Steem tomorrow, that is Friday, and perhaps I will try harder to key my private keys saved lol.

19.03.2020 20:13
0

Sad to see but I guess we might have a better chance with blacklists and downvotes this time to deal with them then we did in the bull run.

08.03.2020 03:23
0

Thank You!
Very Good Info!
👍🏼😁👍🏼

08.03.2020 05:15
0

Resteemed

08.03.2020 06:27
0

Good looking out as always. Retweeted and resteemed.

08.03.2020 06:34
0

At the moment, I didn't encounter such comments. Thank you.

08.03.2020 07:53
0

Using Keychain rather than manually entering keys should reduce the risks.

08.03.2020 08:05
0

Спасибо за информацию и с праздником вас 8 Марта.

08.03.2020 11:25
0

The evil forces are amongst us on the steem blockchain.

08.03.2020 13:19
0

Thanks so much for the warning @guiltyparties!

Resteemed 🤗

08.03.2020 13:20
0

Thanks for the warning. Resteem

08.03.2020 13:41
0

@guiltyparties,

Resteem...Thanks!

08.03.2020 18:18
0

This has been around and people should be aware to never click anything that is from an unknown

08.03.2020 19:58
0

@guiltyparties Two questions if I may.

Where have these evil forces come from all of a sudden?
Did they see opportunities on twitter, or is it something else?

How can we see a list of entities that have our active key?

Thank you for this warning my friend. Upvoted and resteemed!

09.03.2020 07:59
0

Passwords:

2 of accounts were made via Steemit and I can confirm that I've not seen master passwords or private keys for those accounts meaning that master key is probably kept by the accounts that create new Steem accounts on behalf of new people trying to join.

Obtaining Master Keys

I've created two additional accounts via another website and was given private master key for those two. So, I can recognize the difference. At first, I thought I lost my master key for my first Steem account that I created, which is this one, via Steemit in 2017, but I am pretty sure now that I never got the master key in the first place. I used to ask people about this the past three or so years and I have been confused about the details off and on over the years.

Not Via Steemit

I'm writing all of this for the record to let people know that it would be better to create accounts via other websites. Well, technically, you would need to be have a Steem account or at least be sponsored by another Steem account that can create an account for you on your behalf. If you don't do it yourself, you may not get a master key or somebody else may obtain a copy of that master key.

Changing Master Keys

If it is possible to later change your master key, then that might be an option. Making an account on your own might be a bit complex for some people. So, I can understand if people would prefer the easiest way to join or register or sign up possible.

09.03.2020 12:18
0

09.03.2020 15:49
0

Thank you for the warning!

14.03.2020 05:44
0

So what's the reason you are downvoting me?

14.03.2020 23:25
0

Can you show me where?

15.03.2020 00:20
0

I do apologise my bad
I clicked in wrong place it wasn't my post you downvoted but the Mormon comment underneath
Good on ya!

15.03.2020 05:54
0

Good work from vijay!

14.04.2020 17:53
0