A couple of days ago I got an interesting message in my wallet by someone claiming to be 
It seemed really sketchy on so many levels. One of them being that I know that no witness will ever pay for your vote or reward you later for voting them. Another was his super fishy name 
Curiosity wouldn't leave me alone so I went to the website to see how it looks and how will it actually try to scam me into giving up my password. The website looked pretty basic with very little to no information, just a pop-up leading to a fake SteemConnect where you need to put your credidentials to "claim" the "reward".
After "claiming" you get redirected to the SteemConnect clone who's only purpose is to get your passwords and send them to the attacker. Cloned websites can easily be discovered by checking the actual URL of the website it claims to be and see if it matches to the real website. In this case the cloned websites URL was a real thorn in the eye and something that should easily be noticable for everyone.
Fake
Real
Somehow I stumbled upon 
With a fully flagged account and a wallet full of the same scammy messages for the same phishing scam,
ALWAYS CHECK THE URL
To be safe when handling your password and giving it to third party services, be sure that its not a clone by double checking if it has the correct URL. In the above-mentioned case it was pretty obvious, but what if the difference was in only one letter and the clone was steemconect instead of steemconnect, would you notice?
Most likely not and unknowingly you would have given someone complete access to your account.
As Steemit grows
Write them down
Your keys are the only thing separating you and some malicious user from spending your earning. Passwords should never be kept on the pc, in the mail, on your phone or anywhere online because the will be susceptible to attacks. You should write your passwords on a piece of paper, repeat a couple of times and hide them the best you can.