Bitcoin Forum

Since I recently  received a phishing PM (https://bitcointalk.org/index.php?topic=5406530.0), I thought I'd condense what I learned from other members into a very simple guide.

What is phishing?

Phishing is any kind of attempt to trick you into doing something that you believe is safe, when in fact, it isn't. In the context of keeping your Bitcointalk account safe, phishing is when someone tries to trick you into revealing your password to them.

How does phishing work?

Typically, it works by misleading you into clicking on a link that takes you to a login page that looks legitimate, but isn't. If you type your password into such a page, expect your account to be "hacked". If you realize your mistake in time and act quickly you may be able to reset your password (https://bitcointalk.org/index.php?action=profile;sa=account) before any damage is done.

What can I do about it?

If you receive a PM from a new/unknown member, be extra careful. Check their posting history first to gauge what kind of user they are.

As a rule, you should never click on unsolicited links. Instead of trying to decide whether a link is safe or not you can avoid any risk by simply ignoring it.

If you can't ignore it, then make sure to examine it closely. Bitcointalk has a feature (https://bitcointalk.org/index.php?topic=1432118.0) that makes internal links (to boards, posts, etc.) have a green hover color. If the color of the link changes to green when you hover over it, then it's probably safe. Try hovering on this link (https://bitcointalk.org/index.php?topic=5092492.0) to see if it turns green.

The other type of link is an external one (pointing to elsewhere on the Internet, not Bitcointalk) which won't turn green when you hover over it. You can check if this type of link is safe by hovering over it and then looking at the lower-left corner of your browser to make sure that you know where the link will take you. Try hovering on this link (https://www.youtube.com/watch?v=Hge0klNjDtA) to see if you can tell where you'll be taken.

Don't expect a proper phishing link to be easy to spot, however, because there are various techniques (involving BBCode and Unicode) that can make a bad link look like a more-or-less normal URL, so always make sure to carefully inspect the link before clicking it.

This topic (https://bitcointalk.org/index.php?topic=5184169.0), about so-called "homograph" phishing attacks, is well worth reading.

What does a real phishing attempt look like?

Like this:

https://i.postimg.cc/PrWKDJX4/Untitled-cleaned.png

Notice how the link is blue when it should be green (because it's an internal link and I'm hovering over it). Also, notice the weird underlining that stops short of extending all the way to the left.

Anything else I should know?

It's a good precaution to learn how to sign messages (https://bitcointalk.org/index.php?topic=990345.0) and then "stake" your bitcoin address here (https://bitcointalk.org/index.php?topic=996318.0).

That way, if your account gets hacked, you'll be able to prove that you are the rightful owner and reset the credentials.

I can understand your effort about that to give a warning to Users about phishing links and that they always should check a Link few times before they click on it.
But i guess the most here in the Meta board already know that with the Links and phishing things and that there are a few Fake Bitcointalk Pishing Websites.
So if you want to get more attention and warning for this case you should be moving this topic to the beginners board as there are some Users maybe that dont know about it.
You can move the topic by yourself , in the bottom left corner you can click " Move Topic "

To all the suggestions the OP has described, I would suggest completely disabling private messages from newbies.
In addition, having received a PM from other people unknown to you, you can always wonder why he writes this. I like to immediately view the latest posts that were written by the sender. You can often tell a lot from them. Whether this user was recently active and what he is actually interested in on the forum.

You can go one further by avoiding all unsolicited links. This include links sent in emails, messages on social platforms or PM on the forum. There is a high chance that anyone sending you a link which was not requested for, is a scammer, or best case scenario a spammer; You lose nothing by ignoring.

Also, avoid clicking websites there is a well-known phishing attack before the URL is actually the same as the real one like Punny code domains.
Read more about this here https://bitcointalk.org/index.php?topic=5184169.0

Spoofed URL is another technique that the URL or link looks the same but if you actually check the character one by one the one is different. Always check the URL and better always bookmark the legit one to avoid future phishing attacks.

I believe detecting the phishing site thing with hovering of the mouse on a link will work on PCs and desktops, not on phones; at least not on android phones. I noticed the URL. The criminal went a step further by insuring there's an "s" to the URL now. Criminals are always trying to beat the noose tightening in on them.

Those who've neglected doing this wallet address staking thing are really not doing themselves any good at all. Users should stake their address and make sure to keep the passphrase to that wallet secured even if they aren't still using that wallet or have deleted it for want of space. With the passphrase they can restore and sign from it.

It is also noteworthy to add that even though these links may appear to be from the account of a trusted members of this forum they should also be ignored because you do not know and cannot confirm the state of their account which may at the time be compromised. Your safety is a personal responsibility you hold to yourself, don't take it for granted.

That's true. If you do not trust the message, as you should if an unsolicited links in involved, then request a signed message from an address posted previously on the forum.

@lovesmayfamilis: That's actually how I noticed something was off. The account that sent me the PM had been inactive for a long time. I've added something about that to the OP, thanks!


@Upgrade00: That's very true, I've added something to that effect to the OP, thanks!


@Mpamaegbu: You're right, I've changed the title to reflect that, thanks!

@BitMaxz: Thanks for suggesting that topic, I've added a link to it in the OP.

Speaking of "Phishing", why don't you try these quizzes complied by @dkbit98
- https://bitcointalk.org/index.php?topic=5178375.0

I'd bet you'll enjoy learning by answering those questions -- it's fun!

More complex phishing attacks can be hard to detect. One can also look up any link sent to them either by newbies or unknown users using search engines to ensure the are legit because links turning green is only an indication it has contents. As time keep advancing Phishing attacks now look some how close to it's original links. So generally search engines either on the proposed site or using a completely different browser that has no information linked to you can also be another advantage...

If all else fails, and you end up on a phishing site, it's going to ask you for your password. This is the last line of defense: don't enter it! Even better if you don't even know your password: I use a password manager, and need to look it up to login. But normally, I don't need to do that, because my browser takes care of it for me. If my browser doesn't pre-fill the password for me, that's a dead giveaway I'm on a different site.

I don't understand why you mentioned the desktop in the title because its same for mobile users as well but as mentioned above if the site ask you to enter username and password while you're already logged into the site on same browser then its s wakeup call. People who apply the same phishing/hacking methods to steal social media accounts are step ahead of this technique because they made us to beleive the tab is opening on default browser so we have to enter login credentials to see the content of the link.

Just report the person using report to admin button then surely the person who send the pm will be banned either temporarily or permanently.

Read the thread and you'll see why I changed the title. I don't mess with mobile and so don't feel comfortable giving advice about it.

Why it wouldn't work on smartphones? Which one are you using? It's an old version of Android and Chrome? You should try to upgrade it to a newer version or to change your mobile phone because if you press a link during one or two seconds within Chrome and a rather modern phone the link should change its color in green if it's an internal bitcointalk link like on computers.

I read the OP and also the replies that is why I asked why we need the desktop is in place, anyway if you never use bitcointalk on mobile then I can't comment on it. But as a regular user I used to logged in my bitcointalk account on both my notebook and also smartphone, most of the time I use smartphone to read the threads all around the forum because where I feel more comfortable than looking at big screen for longer time.

The lesson here is to be careful when clicking link. When you are  browsing using desktop and hover the cursor to the link will show the link if it is a hyperlink. I think pm also support hyperlink so be careful with the links provided in pm. When using smartphones then you have to tap and hold the link until there is a pop up that will show the link that is hidden in a hyperlink if what that person send you is a hyperlink just like this one http://google.com which you can see it's Bitcointalk but when open the link is that it will redirect you to google.

This stresses the importance of staked addresses and signed message as, it makes your account recoverable no matter the circumstances. This would infact make all the efforts of the hacker useless in a successful hack attempt on an active user. It calls for you to be very active on theforum too as it would be followed by a quick response before the damage would be done, possibly getting loans of your reputable account.

Also something to note by those offering loan services:
* That users might have taken and repaid loans isn't a complete free pass as, its best you always reference bpip.org to see if there have been some recent changes on mail address and password.

Phisging don't come by unsolicited PM's alone. Some of us puts ourselves directly in the way by trying to work what is presented in someone else's phishibg attempt report and for others, trying to beautiful your keyboard by downloading just any keyboard online could put you on that part. When you've got no previous issue, don't be in a haste in responding to whatevrr comes your way, even from a reputable account and your device could be just good with the default keyboard.

Phishing attempts are not just in the form of url links. Some can be a form of email message saying that your account like for example bank account is being locked and needs you to verify your information to avoid it. Banks will never ask for your private information via email, if you think it's legit then it would be better to go to their physical branch near your place.

Enabling multiple layer of security like 2fa will also help your account to be more secure. If you accidently click on a phishing link, the hacker can't easily access your account as it needs a verification from your device or email first.

The rate at which phishing methods are evolving is so scary, assuming OP wasn't observant who knows what would have been the outcome? There was  a video I saw on YouTube on how some phiser changed some few characters on a web link which will result to you going to an entirely different website for example changing the "i" to "I" in bitcointalk to  bItcointalk. It would be difficult to note the difference most expecially when you're not conscious of it.

I recieve bunch of messages from newbies but I hardly reply, I would instead look at the username if it's family and open the message. Otherwise I will read and likely not reply if it's not relevant. Meanwhile, I don't offer services for now, I don't think I could have an important message from a random user. I am not also here for hook up. Even in social media, I don't like chatting and I hate it when chat persist. It should be able to start and end within few minutes.

Once you are observant enough I think it's enough to just take some time to check the letters of the site you are going to visit, it won't cost that much but double checking is just enough. Even if you are not computer savvy you still can check them just don't click all the way once you see a link, always be cautious to everything when it comes to internet especially when it's something personal like emails or messages. Always bookmark your top website that you usually visited to avoid any trouble such as finding the link in Google which is not a good idea if you are in a hurry since Google sometimes will give a wrong link.

If you try highlighting a link and it doesn't appear at the bottom of your browser this a red flag for a possible phishing attack. If it eventually appears do well to read the domain name carefully and observe the color of the link just as OP stated. Sometimes even trusted users can launch an attack on your account. Cross checking every link sent is another way to stay vigilant

Hackers now are taking extraordinary steps to get what's they want from their victim especially when they know that the account they are trying to hack is a reputable one with many merits in it. We ourselves need to take extraordinary measure to make sure that we don't fall victim to this kind of attack because they can be tricky most times and we all have to stay safe. Having a wallet address where we can be able to sign message could save us the stress if we eventually falls victim mistaken.

Click and hold the link, your phone should display a menu similar to when you right-click on a link on a PC. On the top you will see the link, and among the options, you can copy the address and then paste it in your address bar in a new tab. There, it's easy to check where it goes.

Yes, you can customize and code a message via PM like any other post on Bitcointalk. Hyperlinks, images, and everything else works just fine.