Phishing site reported - upperwhale

Scammer is using several domains, with the same phishing technique

Description

The scammer publish the following comment on user’s post

The scammer use 3 domains: upperwhale(dot)gr, upperwhale(dot)ga and upperwhale(dot)ml

If you click on the link in the comment, you will be redirected to one of the following sites:

The site is a simple “static” website created using the gooyaabiteloates.com website creator.

In the middle of the website, you are invited to “test the service for free” for 30 days.

If you click on the “Join Now” button, you will be redirected to a fake SteemConnect page

Let’s have a look at the source code of the fake SteemConnect webpage

What we can see is a script that, when you click on the Sign In button, will send the entered information (usernale and key or password) to another do.php page.

What is Phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

source: Wikipedia

The sleemconnect.ml website looks EXACTLY like steemconnect.com, but its behaviour will differ as it clearly want to steal your credentials to hack your account!.

Preventive action activated

I will add any account sending phishing links to the black list of my Warning-Bot and it will issue warnings with a link to this post, notifying users of the malicious activity of those accounts.

If you find similiar pishing attemps, contact me on steem.chat

To protect yourself, you can:

  • always double check before clicking on a link, especially if this links take you away from steemit.com.
  • verify the reputation of people writing comments on your posts. A user with a low reputation shoud trigger you attention.

Previous threat alerts

If you missed them, please find here the previous alerts I published:

reminder

A bit of paranoia is the basis of security.
There are a few simple rules to follow in order to avoid having your account hacked:

Rule 1: NEVER, I repeat, NEVER use or give your owner key or password!

Rule 2: Use your posting key to login, post and vote on trusted websites like steemit.com or busy.org.

Rule 3: NEVER give your active key as this key allows to control your funds! Only use your active key for special operation like money transfer or account update on trusted websites like steemit.com.

Rule 4: Anywhere else, if you are requested to provide any of the above key: RUN AWAY!!!

4 simple rules. It's not much to remember. Follow them scrupulously, and you will only have to laugh at unsuccessful attempts from scammers.

Spread the words, resteem this post to your friends, and you will make the platform safer.

Thanks for reading!


If you notice any new suspect activity like the one described above, drop a comment on this post, contact me on steemit.chat or via Telegram (@The_Arcange)


footer created with steemitboard - click any award to see my board of honor

Support me and my work to protect the Steemit platform.

Vote for my witness

H2
H3
H4
3 columns
2 columns
1 column
Join the conversation now
Logo
Center