Phishing

What is it

Phishing definition (for steemit), is when someone tries to obtain your "Active or Master" password key. Once they obtain this information from a steemit user, things get bad really really fast. They obtain your password typically by embedding a tiny URL link in a comment to you that may look legit but contains a link to a fake website that replicates a real one.

Methods/Examples

Some examples from the past have been various forms of spelling steemit in a link, not used to often anymore, they have moved to more hidden methods.

Now if you know me you would know that image on the left is associated with @IFC game. Clicking on this image will take you to the IFC home page. The image of the Eagle and Seagull will take you to my latest entry into the IFC Challenge. How many of you actually look at where a link is going to take you before clicking it. Do you know if my account has or has not been hacked? Do you know how easy it is to go in and edit one of your post, or for a scammer that has access to your account can edit your post? When your mouse pointer changes to a hand indicating a clickable link you must look at where that link is going to take you, each and every time. I don't care if it is your wifes, or your husbands page, just because everything look okay, does not mean it is. Right now most of the hubbub is on protecting your Active and Master key. You need to guard your posting key equally well. Did all the links above behave as you expected? Did you click and go without looking where?

^{Thanks to @jogreh for developing the #newbieresteemday banner and divider}

Suspected Bad Comment, What Now

You absolutely need to let someone know. If you are on Discord, or Steemit chat head over to @steemcleaners chat and leave the link to them or contact @arcange on steemit chat. Here is a link to @arcange latest Phishing site reported - steemone Read this report, learn to look at where you are going and then to make damned sure you are where you expected to be, and then look again at the URL, if you can not clearly see it, then get close enough to your screen so that you know its a "2" and not a "z", or a "1" and not a "l", or an "I".

After you do that then return to the questionable comment and reply to it in a manner similar to how I did:

WARNING WARNING no one click on that link I mean NO ONE until @arcange or @guard or @steemcleaners has deemed it safe. Any tiny URL is a very real and potential danger to your account.

@guard is a creation of @anyx. Here is the announcement post announcement post introducing @guard

I've Been Hit

You have just become a victim, what now.
Here two of the best links to learn about the process, it was written by a victim, she has fully recovered her account, and is sponsoring get the word out contest about the phishing scams.
The first link is how to regain control of your account, and how to get your reputation back.
The second link helps you to quickly recover your reputation and to clean up your account from all the scam comments.
These are two links you do not want to lose. I would suggest you make a bookmark folder called Steemit Account Recovery and place these two links in there.

• Got Hacked? Here's How To Get Your Account And Reputation Score Back!
• Got Hacked? This 'Mass Comment Replacer' Script Will Help You To Recover Quickly (Video Tutorial Included)

Additional Resources

A few links to read, then add to your folder:

1. Phishing Messages + FAQ
2. Phishing site reported - steemone
3. Introducing @guard -- a Proactive Measure to Limit Phishing on Steemit

Conclusion

It is no fun being hacked. As a new user the easiest way to avoid scams is to know where you are going when you click a link. If you did not expect to have to enter a password on that link, then DON'T. If you get to a page that says you need to re-log in leave that page, and return to one you know is safe and then see if you really need to re-log in. Remember even a stolen posting key can get you into a lot of trouble.

This post was created in support of @simplymike, and her desire to get the phishing scam and what to do message spread to as many users on steemit as possible. She recovered her account, not everyone has. If you have a friend that was unable to fully recover direct them to this or one of @smileymike 's excellent post on this subject. There are people that can help.