As you can see in the top left corner of the screen it clearly states non secure site. I didn't notice. I didnt think to look even. I just saw what I often see during days in and out of steemit which is the familiar box for signing in.
Had I stopped to scrutinize the page there would have been more than one sketchy looking aspect which would have alerted me but I wasn't looking for such things.

Then I made a glaring mistake in my personal security. I signed in using my main password rather than my private posting key which while giving me full access to my account would only give a hacker access to post on the account and not access to do things in my wallet.

So at this point I was no longer on steemits website and handing over my main steemit password !!!!

Of course they had me!

They had woven their web and I had walked straight into it.