CommunitiesEcosystem
Search
Login
Signup
Write a post
Switch dark

ILoveWWW Phishing Attack on STEEM

70
7 years ago
in#phishing

The ilovewww.com registrar and hosting company is the source behind the massive phishing attack on the cryptocurrency community, including STEEM. This is a multi-vector, prolonged attack.

We estimate over a dozen STEEM accounts have been compromised and had their funds stolen.

Crypto communities are particularly attractive to hackers as wallet transactions are irreversible. Unlike with many traditional institutions, you won't get your money back if someone gets into your wallet and transfers it out.

Phishing Attack on STEEM

Do not click on any links in any comments.

If your account has been compromised and your password changed, use this form to immediately initiate your recovery process (information at bottom of post).

Examples

  • Wallet messages from @gtg.witnesses
  • Comments telling you you're trending
  • Comments advising of abuse
  • Long comments with graphics

Other Crypto Communities Attacked

Bitcointalk members got their own version of the same phishing scam.

Numerous other services also targeted and crypto stolen:

This person visited what he thought were known websites as per his Reddit post.

Online Services Attacked

Netflix users are reporting the same type of scam from ilovewww.com domains. An example can be seen here.

A simple search for "phishing ilovewww" reveals many other community-specific phishing sites and victims. Try it yourself. These douchebags have been around for a long time.

Originator

Every phishing domain is hosted by ilovewww.com. This would not indicate culpability in itself except that this has been going on for a long time now and ILoveWWW is not responding to email, form, or phone messages. In fact, the phone is non-functional. It is highly unlikely that this is a real business.

WHOIS of ilovewww.com

Update:

http://www.viewdns.info/reverseip/?host=steemil.com&t=1

IP: 111.90.149.128 out of Malaysia

A large number of phishing domains is owned and hosted by these hackers. Click the link below for the full list. Fortunately, there are only two Steemit-style domains at this time.

Update 2:

We received a poorly-written email after days of waiting. It is clear by their response that their entire enterprise revolves around cybercrime and illicit services.

Reporting

Every registrar and hosting company is responsible for tackling abuse stemming from their services.

Reported to 'Public Domain Registry' Registrar

In this step we assumed that the privacyprotect.org aka the 'Public Domain Registry' is a legitimate company.

No response has yet been received.

Future Reporting

The shit ball that rolled down hill reached bottom long ago, now it bounced and is rolling up hill until it hits its target and the phishing operation is dismantled.

Update:

Public Domain Registry responded that they did not find any abuse. We send them over this post for review.

Your Recovery on STEEM

This is taken from our previous phishing-related post.

Private Posting Key

Using your private posting key instead of your password will keep your account safe. It will ensure that even should someone get your key, they will not be able to take your money or lock you out of your account.

To get your private posting key go to Wallet --> Permissions --> Show Private Key (the key will be revealed)

Recover Your Account

If your account has been compromised and you can no longer log in with your password, you will need to recover the account immediately. Fill out the following form and wait for the Steemit Inc team to do their magic: (may take up to 24 hours)

https://steemit.com/recover_account_step_1

See a Phishing Account?

Report it to @steemcleaners and other community members at https://steemit.chat/channel/steemitabuse and we will flag the account to hide its comments. DO NOT report via mentions!

Flagging

If you have flagged an account distributing phishing links, remember to keep an eye on it and remove your flags from the innocent person when they recover ownership and edit out the phishing messages!

I will update this post with new developments. All funds earned from it will go towards supporting worthwhile communities -- accounting post to follow. You are encouraged to resteem and translate this post into other languages.
Like what we're doing? Support us as a Witness.
Go to https://steemit.com/~witnesses
At the bottom, type in guiltyparties
Click VOTE

phishinghackingattackabusecrypto
7 years ago
guiltyparties70
via steemit
$ 25.52
H2
H3
H4
3 columns
2 columns
1 column
44 Comments