Recently there were found various kinds of link spamming posts and phishing links in the Steem Sri Lanka community. We are muting them as soon as we notice, but you have a big self responsibility to protect your self.
What is happening when you click a link?
Do not try out this.First they make a comment on your posts by giving information about different kinds of Airdrops with a link.
ex:
If you are not aware, you may click on them. Let's say you clicked on following link,
You will redirect to a fake website, which is similarly designed to the real one.
Fake One
Real One
Then you'll see a button called claim now (Do not click)
If you click "Claim Now" you will redirect to a form,
SteemConnect. Let's see what happen if you give your user name and keys there.
If we inspect the page, you can see a script written to pass your username and keys to a google form
They are getting your username and passwords and then collect them into a google sheet.
Let's have a look at the google sheet.
This attack can be come in a nature of a direct google form too. Remember google never recommend you to submit your passwords to googles forms, because they are fully visible to owner of the google form.
Now the hacker can read your username and passwords and accesses your accounts.
What they do?
- They stole your STEEM and SBD
- They power down your account
- They may alter your keys
From your side
- Do not click these links. There are no airdrops officially announced by Just or Steem
- Change your master password
- Start account recovery process
Refer the instructions given by @justyy : What to do after your account is hacked?
- If you saw a risky comment, notify community moderators
- There are some spammers posting copied contents from others posts. Becareful about the profile before you vote comment and share your private data with them.
- Keen about reputation of unknown accounts
- Use private browsing/incognito windows when checking unknown links
Do not allow any one to take out your valuable earning.