Bitcoin Forum

Other => Meta => Topic started by: Pmalek on January 15, 2021, 01:47:54 PM


Title: @theymos and admins: Have a look at this
Post by: Pmalek on January 15, 2021, 01:47:54 PM
I tried to copy/paste a phishing email on the forum, but I ran into a weird bug. For some reason that addresses in the email can't be pasted into a block explorer. The explorer doesn't recognize the pasted address as a valid address.

The other problem is previewing the message on Bitcointalk. When I copy/pasted the content in a new post and clicked on preview, this is what I get:

https://talkimg.com/images/2023/11/12/zU0A8.png

The address isn't visible in either the code or quote tags, even though it's there. And look at the email content. Is the message encoded in some way that causes this glitch? Has anyone experienced this before?

Once I made the post, it became visible just fine. But you still can't look up the address on a block explorer after removing the special characters. What kind of sorcery is this?
Here is the link to the post: https://bitcointalk.org/index.php?topic=5284407.msg56102812#msg56102812

Title: Re: @theymos and admins: Have a look at this
Post by: actmyname on January 15, 2021, 01:54:24 PM
In reality, the text you copied is no different from me doing something with this kind of font.

Sᴏᴍᴇ ᴄʜᴀʀᴀᴄᴛᴇʀs ᴀʀᴇ ʙʟᴏᴄᴋᴇᴅ ᴏɴ ᴛʜᴇ ғᴏʀᴜᴍ, sᴏ ɪᴛ ᴡᴏɴ'ᴛ ᴅɪsᴘʟᴀʏ ᴛʜᴇᴍ.

I believe this was to remove the effectiveness of using unicode confusables: examples here (http://unicode.org/cldr/utility/confusables.jsp)

Title: Re: @theymos and admins: Have a look at this
Post by: Pmalek on January 16, 2021, 08:01:38 AM
It's unicode, noted.

Here is the funny part. Let's assume someone falls for this phishing attempt and wants to pay the 0.3 bitcoin to the suggested address. He can't do it. ;D Because the address doesn't get recognized when pasted into a block explorer. I wonder if it would be recognized by a wallet software like Electrum? I don't have it installed on this device to try out.

If it doesn't get recognized, the question is why use Unicode?
Was the scammer not aware of what he is doing or was it intentionally done this way?

Title: Re: @theymos and admins: Have a look at this
Post by: LoyceV on January 16, 2021, 08:41:08 AM
Quote from: Pmalek on January 16, 2021, 08:01:38 AM
was it intentionally done this way?
They're probably trying to get around spam filters by doing this. Kinda like the homograph attack (https://bitcointalk.org/index.php?topic=3094459.0) to avoid plagiarism detection (which doesn't work anymore (https://bitcointalk.org/index.php?topic=4967143.msg44852662#msg44852662) on Bitcointalk).


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines