Bitcoin Forum

It is not an advanced tutorial but not all crypto enthusiasts have good knowledge and experience enough to avoid downloading fake apps which will help bad people steal their money.

Easy tutorial to download official applications (of wallets, exchange softwares in crypto, and can be expanded to any other applications in other industries).

- Visiting official websites
- Scanning official websites to find section for apps that is given by the official companies.
- Click on it and download it.

Don't:
- Google to find official websites because you can find phishing sites.
- Don't search on Google Play or iOS store to find applications.
- Don't click on links that are sent by anyone to install any application.



Examples
You should not trust on links are given by me. Visit the official websites by yourself.

Binance
Official website: https://www.binance.com/en
Where to get their applications: at the left bottom corner.

Huobi
Official website: https://www.huobi.com/en-us/
Where to get their applications: at the left bottom corner, click on Download APP or visit the page: https://www.huobi.com/en-us/download/#exchange


OKEX
Official website: https://www.okex.com/
Where to get their applications: at the right side you will see the section like the image.

Myetherwallet
Official website: https://www.myetherwallet.com/
Where to get their applications: https://www.mewwallet.com/
See images.

It is enough for examples. You can get more tutorial for your security and privacy in Good topics on security and privacy (https://bitcointalk.org/index.php?topic=5239098.0)

(I snipped a large part of the post)

These are quite contradictory - we're basically replacing the trust we have in search engines with your post. Someone with malicious intent could edit the links from your post and redirect other users to fake ones. I guess the best way to find if a website link is legit is by looking through various sources and, if you're that paranoid, search from another device as well.

• Websites such as Binance have social media accounts. You can check them out because most of them have their websites placed on their profile.
• If you're using Tor Browser, there are some sites (such as ProtonMail or the website of Qubes OS) the browser automatically detects an ".onion" link for - that's another good sign that the website you are on might be legit.
• Some sites such as Facebook show the company details to the left of the address bar. Facebook (https://www.facebook.com/) displays "Facebook, Inc. (US)" and you can check for more details by clicking on that thing.
• Always visit https sites.
• Sometimes, a scam verification is as easy as a "<insert_domain_here> scam" search away. Our forum, for example, has a lot of suspicious domains found by users. Chances are you might find an accusation made by reputable members.

There are a lot more ways to validate a website's legitimacy, but this is all I can think of for now. :)

Everything you say is true, and I agree with you that doing the downloading of applications from the official websites is better and safer than downloading applications from external websites and stores because it is possible that these applications inside the stores are arranged by a fraudster who aims to steal, in addition to your example I want to add an example of Blockchain wallet where we must download the program for this wallet from the official website and to download the application for this wallet from an external source is dangerous because there are many fraudsters who created fraudulent applications similar to blockchain wallet

Google has one of the most notoriously slipshod app approval process, this make it app store most dangerous and anyone trending on it should trend with cautions. I attributed many mistakes to our inability to distinguish between fake and original. Here are some tips:

Check app developer: The name of the developer should be correct in spelling.

Ensure to disable app installation from unknown sources.

Check app permissions: you must be smart with this,  dubious permissions are on app store.

Always read reviews of others.

I say that people have to be responsible to visit official websites by themselves and should never rely on my links or links are given by anyone else. It is a first vital step to do.

All my links in OP are for examples to visually explain people how to find and get official applications from official webistes. Yeah, they need to have official websites first.
Anyhow, you made a point that I must leave a note that all links should not be trusted and used without verification, to avoid any phishing attempts or simply typos from my side. Thanks.
But your advise here is not good. Social accounts can be hacked and compromised too so don't rely on any third party websites, search engines to visit official websites.

Yet another helpful post, OcTradism. My best bet to avoid visiting scam sites has always been to follow my own intuition. Someone suggested visiting the social media accounts of these  platforms but that's a burst as I've seen scammy accounts that look exactly if not the same as the official one.

Talking about visiting only https  enabled sites, that works too. However, it's important to know that anyone can get an SSL certificate like Let's Encrypt which is even available for free.


Ensure to click the padlock icon to verify the security details.

Thank you for you words.
Relying on links and updates on social media is bad. If people can get phished by phishing websites and fake applications, they can certainly get phished by fake social media accounts. I only visit official social media accounts to get news. For things relate to updates (softwares, wallets) I will do my own works.
Again, don't totally rely on it. I read some topics on the forum about it but don't remember those topics. Hang on a few minutes, I will search and give you.

I reported several fake applications recently, and as I saw many people installed then sadly.
People need to open eyes and make triple check if they are on official website.
Better to have official websites bookmarked in your browser than to search on Google.

For sure, hence why I said that checking from multiple sources is something I advise. Almost anything could be compromised in the online world, so I'd rather not believe anything and be safe than skip a website verification and have damage occuring to my wallets.

At least with social media you can see when a certain change happened. If you have a website and someone gets to hack it, it could be as simple as the criminal redirecting your real site to his fake one. Chances are way lower to get onto a fake site if you verify whether the same link corresponds on multiple sites (e.g. an older article mentioning the website, a social media account, a Bitcointalk thread, maybe even asking a friend who uses it etc).

Ensure all sites are https means the padlock will be locked and that the connection is secure but very possible the sites itself to be scam is not ruled out, they can actually be scam. But you are right, the connection to the site is secure and contain no malware, so the information is useful.

Those padlock signs and SSL are not an assurance that everything is perfect, and it's easy and cheap to get a SSL certificate.

I think it is not discussed is how you access your crypto, if you have the habit of always opening your wallet using "Public Wifi", chances are one of this days hackers can intercept your details like passwords and private keys. And then took all your crypto belongings in one swoop.

That is really only going to ensure that the data you transfer/receive over the internet is encrypted, but it does not mean much nowadays in terms of the reliability of the site you connect to.

This is from a while back, but show us just how much the padlock means nowadays:

One of the best ways to prevent yourself from being a victim of phishing is to use a good password manager. It will not be fooled by similarly spelt domains, .orgs instead of .coms, homograph attacks, and so on. If you have it set up to auto-populate the username and password boxes and it fails to do so, then it means something is amiss.

You are correct in your suggestion not to trust the Google Play store or Apple App store, as they frequently host fake and malicious apps. The suggestions you have given do not prevent a user from downloading a fake app, though. In terms of the developer name, it is possible to use a name which appears legitimate or so similar to the real thing to be impossible to tell apart. If you saw six bitcoin wallet apps, for example, being developed by "Bitcoin Core", "Bitcoin Wallet", "Bitcoin Core Wallet", "Bitcoin developers", "Bitcoin Wallet developers", and "Bitcoin Core developers", would you be able to tell which one was the real thing? Most apps ask for unnecessary permissions, but the only permission an app needs is access to the internet and it can send your username/password/seed phrase/private keys/whatever to a scammer. Disabling app installation from unknown sources does nothing to prevent downloading scams from the app stores, and reviews can easily (and often are) faked in huge numbers.

The best way to download apps is directly from the developer, and verifying its signature prior to installing.

Many fake sites that harm us. They are very good at using loopholes, making web addresses look like the original,same interface. I think if you give advice about the official site address associated with crypto I think this is good. You can classify them into many categories. For example, Exchange Address, Wallet address, etc. Sory this is my opinion, if wrong ignore it.

It's not really a bad idea but what that's just repeating what others already said, which is trusting another source without proper DD. I think the point that newbies should get from this thread is that if you don't know an official website of service, then look it from multiple sources. After that, always verify the apps you've downloaded to make sure you don't get a fake one.

I actually do google for official website when I want to get the site or install some software, but I don't just click on the first google result, instead I look at mentions of it from multiple sources and check that they all lead to the same address.

It's actually easier to verify the more popular sites, because they will be mentioned by other sites a lot, so despite all the phishing, you'll easily find the real one, but with some less obscure things, it's hard to find even the references to them. For example, it's hard to find a legitimate cracks for software by googling and nearly all results will have malware, and you'd need to get to some specialized forums to find links to relatively safe cracks.

It's all about judging something from its external appearance tbh. Anyone can notice a fake site as long as they pay much attention, especially when trying to visit a new one. Also, search engines aren't fake, and most results would probably result in the official site first before the phishing sites. Additionally, if you were to look up using search engines, you may chance upon a phishing site and an official site, with a bit of a good eye, you can notice the difference and see which is fake or not. Most phishing sites just adjust the name to MAKE it look like the original.

What to avoid is opening sites in forums and the like especially if the link title seems suspicious (first time seeing it for example). That, or when you see a link being spammed across various threads in a forum, avoid it, completely. That's one way to ensure safety.

It seems so wrong that a phishing/ malicious site could actually rank better than the original if that ever happens.

Usually those "top" results are from Google Ads. I fell for it once and shit, it was scary af.

The only "safe" crack is one in which you have personally reviewed all the code yourself prior to compiling and running. If you do not have the knowledge to do that, then I would say there is no such thing as a "safe" crack.

The problem with these pieces of software is that you have no idea who has written them, and they are widely downloaded, often by people with very limited technical knowledge. Most anti-virus and anti-malware software will stop them from working, and so people will either whitelist them or disabled their anti-virus while they install them. They are therefore a very easy way to distribute malware. If you are going to use something like this, then I would suggest only using it on a computer which has no personal information at all, doesn't log in to any of your online accounts, and certainly has absolutely no connection to your bitcoin wallets.

Not true. Google and other major search engines accept money from scammers to boost sites to the top of search results. Malicious sites often appear as the very first link.

Not necessarily. If you don't know what the official site is (and why would you if you were Googling for it), could you tell which one was the real site between (for example):

• blockchain.com
• block-chain.com
• blockchain.org
• block-chain.org

Take a look at this, how pathetic.
https://i.ibb.co/tcChWJT/site.png (https://imgbb.com/)

Ranking such websites only require Black Hat SEO, they will rank fast but as soon as Google discovers them they will get banned. Still, if they rank on the first page for just 48 hours their job will be complete as many fools will open their links without even noticing the URL address.

Therefore always check the URL of a website before downloading or uploading anything.

A simple pro tip to visit official crypto related sites from one place is coinmarketcap.Yes it is.

You can find almost every crypto related websites with official links so you can trust them while visiting and also it is good to double check the link once you entered into the official site.

coinmarketcap.com is a legit site but it is not wisely to rely on a single site to find what you need. Start with coinmarketcap.com and double or trible check with results you get from other search engines.

A legit site can be compromised, we simply don't know when and how it will be compromised. We can only take care of ourselves and our capital.

Fear not my young padawan. After Binance acquired CMC, we have this guy to assure everything is a-ok.
https://s3-ca-central-1.amazonaws.com/cdn.hedgetrade.com/wp-content/uploads/2019/12/29032640/Screen-Shot-2019-12-05-at-2.30.49-PM-360x558.png

Jokes aside, it's always better to have more reference

I never said we should rely on coinmarket for every kind of search but we can use this website to cross check with our results on google or any other search engines.But whenever I want to visit an exchange I use coinmarketcap to save time and I will always check the URL after entered into the exchange.

Additionally to the ones you said, in order to avoid downloading phishing apps from stores, cryptog users be practice in checking in on social media page. This is another way of winning bad hackers, social media page carries the correct and legit URL of website of projects. Absolutely, newbies falls into this victim at all times so this information would probably help allot.

That's absolutely true, only searching directly the application on the play store/AppStore is not recommended enough. There are several fake applications that may be very difficult to differentiate. Moreover for the newbies who don't know exactly about the right application.
Let's say how MEW also seems to be imitated by the fake MEW App. It has been from along time ago and the scammer always renewed it until nobody realizes it. And of course, there may be several other similar cases that point out the fake applications that we may not aware of it.

Actually, this article is good enough for us to spot out the fake Andoird application. AN dit can be sued for any kind of application. Let's have a good read here:
https://www.howtogeek.com/341905/how-to-spot-and-avoid-fake-android-apps-in-the-play-store/

Watch out "scammer's everywhere"

Yeah, there may not be only using one point to download the official application.
1. Visit the official website, ensure that the site is the official site. we can look at the URL link or its domain. Scammers may also create a certain similar website but different URL characters, domain name characters, and also the TLD.
2. Join the official telegram group pr other social media. Be careful, many scammers also create a fake telegram group. We must confirm it with the information on the official website.

then, after confirming the right place, we and download the application from the link provided on the website or official telegram group.

This is actually what mostly I did every time going to download certain applications. It is better than being confused on the play store to find the right application.

I guess we always end up googling a lot of things on the internet and we cannot really avoid it.

I think we just need to be aware of the website we are going to visit most of the time when you google a website the first one that is going to appear is the legit one and you can easily tell most of the time when something is wrong about it. But for sure you are going to have doubts if you don't know or its your first time visiting the website.

I search Google (of course with ads disabled, just disabling ads can save you from many phishing sites), Going from official website and you can find official websites from their tg/discords.. see where I'm going? It's a rabbit hole and everything can be compromised.

Not every newbies are aware of this, 80% of newbies still fall victim of this as when Google Search something, phishing sites also appear, some newbies must understand that good URL starts wiht "https" but the main solution is what op has said, going through official website and click on app you wish to download and will redirect to playstore.

Not any more … The "s" part will ensure that the traffic between you and the site you connect to is encrypted (meaning that a sniffer should not be able to make heads or tails from it), but it does in no way mean that the site you are connecting to is safe:

Telegram and Discord are a scammer's paradise. It is trivially easy to impersonate someone else, including a service or an admin or mod from that service, and direct people to fake websites, fake apps, fake bitcoin addresses, and so on. I definitely wouldn't be using either to try to find a genuine URL.

If you are manually checking whether or not the site you are connected to is using https or http, then you are doing it wrong. You should install HTTPS Everywhere (https://www.eff.org/https-everywhere), open its settings, and check the box "Encrypt All Sites Eligible", which will automatically block any unencrypted traffic and requests. Relying on yourself manually checking that every page you visit is using https will fail almost immediately.

However, this is one of the bare minimum things you should be doing to secure your browsing activities. As DdmrDdmr has pointed out above, this only protects against man-in-the-middle attacks and says nothing about the legitimacy or otherwise of the website you are connecting to.

Fake apps have become part of fraud. When searching in the store or Google, we will find many similar applications that belong to one name, some of them modified or unofficial, and hackers can access our data, so it is better to work with your advice and enter the official sites first and see if there is an official application for the site and download it.

This is the right decision to download the app from the official website. But in this case, you need to be sure that you are really not on a phishing site, but on an official website. And if you don't have this site in your bookmarks, then it will be really difficult for you to determine what you will download.

What OP say is not always work. For example there is a topic "Opps, Google did it again (https://bitcointalk.org/index.php?topic=5263433.0)" - where first google link lead to fake ledger app, that asked for secret phrase. Of course google fixed it, but there are people who downloaded it and got tricked.

Official websites are not a panacea against scam. Check everything two or even three times before you type your personal info in it.

This is true, you can fake an official website and make it at the top of the search engine via search engine optimization, many scammers are paying for these so that they can be the top search but this is not that unstoppable, there are red flags for people if you do not know if that is the real website, one good example is using an extended domain name like adding a country prefix (com.au, net.ru, com.us), you can also check if the site is secure by checking the lock icon next to the website, this one is tricky because they can buy it to make it look legit, the fake websites can only fake their apperance but the website name will never be faked, each name is unique so you better pay attention to that because that is the biggest nope flag that can help you avoid this malicious sites.

If you go to official websites to get official links to apps on app store or Google play, you will not be trapped by fake apps like what the topic you quoted warn. You should never pay your funds on the carefulness or responsibility of Google or Apple to check and 100% prevent fake apps to be listed on their stores. They should do because it is good for their app ecosystem, and their reputation but you in your own side has to be responsible for your fund's safety and security.
Official websites are good places to start but sure official sites can also be compromised. It rarely happens but there is probability for compromise on official websites. If you care careful, you can verify apps if possible.

bump

I do also use google to search the official website and use google play to download thier apps. However, before clicking the link I do check first and for some reason I can identify which link is legitimate and what is not perhaps because I am computer literate. Back in a day my friend was almost got signed in on fake Bitcointalk forum luckily I was there and prevent him before he could do it. The lesson here is that you can do use google to find the website you were looking for but verify it first for your safety.

most of people first time visit website is do Google first. most of adversited website is always on top in google search, we don't know if that website is official or fakes. So we must be careful to visit website.
this isn't mean we must don't google to find official websites.

Okay so google have the SEO or the search engine optimization and there are factors google are looking for a certain website to be on the top of search list so most of the top sites that is appearing when you are searching appplications such as binance, it will most likely to appear on top because google already have looked into all sites and checked its legitimacy so don't worry about clicking the top of the google searched, but of course be sure to search for the right domain name because if you manage to searched the wrong domain name you might be in trouble but teach yourself to analyze the website yourself, in my opinion you can easily tell if a website is a legitimate one or not, just explore the website and check for yourself.

This isn't accurate.

If you browse without an adblocker,* then the first three or four results on Google are going to be ads. Since Google happily accept ads from scammers and happily boost them to the top of results without doing any investigation or due diligence, you absolutely cannot trust the top results on Google to be legitimate.

Second, even if you block or skip the ads, there is no guarantee that the top actual result is going to be the real site. Google do not check the legitimacy of sites before returning them in search results, and SEO can be exploited and manipulated to put malicious sites higher up the rankings. Blindly putting your faith in some random Google algorithm is a sure fire way to lose your coins.

*Side note: The best adblocker and the only one you should be using is uBlock Origin. Download it here: https://github.com/gorhill/uBlock

we can't avoid googling for the website or an address, but mostly there if you will see a legit website they are using HTTPS  and not HTTP
at the same time if you are not sure about the website surely we can ask our friends or even here in bitcoin talk to be sure
mostly in google play, we may encounter bugs, like for example in android, I encounter some issues
Clicking on email or links from someone, I agree with this one, you see a company encounter this problem wherein
after clicking the link the hacker send emails to their clients, in a wallet they may get hold of your keys, and even all the pieces of information
in your laptop or phone
anyway great post and helpful

HTTPS only prevents a third party from intercepting your communication with the website in question. It says nothing about whether the website is legit or a scam. Indeed, the majority of scam sites are using HTTPS. While you should always use it and install the HTTPS Everywhere extension, it protects you against a different attack, not against scam sites.

And don't use Google. If you must use a search engine, use one which won't serve you ads for scams like DuckDuckGo. Ask a trusted source or this forum if you are not sure if a site is legit or not.

Fake apps are uncountable and please apply my tutorial to be safe. You can scroll the Beginners & Help first 3 pages and see reports on fake apps.

- They are uncountable on Google Play.
- They usually appear on top of Google Search, with the Ad tag.
- If you search for the app you want to download, you might be phished with fake apps.

This is exactly what I have been doing in order to avoid getting scammed or ended up being tricked. I have never experienced getting my funds hacked or compromised (except forgetting or lost the mnemonic phrases, private keys, etc.) ever since I’ve entered the crypto world. I am extra careful when it comes to dealing with those sites. I double or triple check them before engaging myself to create account or import existing wallet. I never fell for those fake apps because I dig down deep and researched to see if it’s legit or not.

I will like to ask a question about this topic, for someone who doesn't know about this forum how will such person know the real link to a particular crypto website? As for me I can tell the difference even without knowing the real link, I've been using Google search for a long time now and I know original or official websites from ad and phishing links, before I find my way to this forum most of my research are through Google, that was how I knew binance exchange

You made a big quote (entirely quote my OP). Could you edit your post and skip the big quote, please.

You are lucky (no hack, no compromise) and you do a good practice with double or tripple check with the crypto app you are finding.

In crypto, there are some big and trusted sites and you can find what you are looking for with them. Use them but don't trust them, and always do your checks.

Google search can help you to do your check (double check) with Google and tripple check with other search engines: Duckduckgo.
https://coinmarketcap.com/
https://www.coingecko.com/en