|
Title: What to do to avoid phishing sites Post by: hd49728 on August 01, 2019, 07:55:05 AM Today, I saw this thread, started by @nakamura12, that reminds me that I read a few topics on the same issues with phishing sites and scammers.
A Reminder To Newbies! (https://bitcointalk.org/index.php?topic=5171021.0) I think it is helpful to generalize some basic strategies of scammers and methods of phishings.
Some basic examples for two types of phishing sites: Type #1: Code: http://electrum.org.uk/ Type #2: Quote https://s18.directupload.net/images/190731/d2aengwh.png https://twitter.com/ElectrumWallet/status/1144678604523147265?s=20 Source: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) (https://bitcointalk.org/index.php?topic=5126880.0) Remember that scammers apply same strategies to build fake bitcointalk forum, exchanges. So, apply those steps will help you being safe from attackers. thebitcointalk.net and bitcointalk.to are FAKE phishing sites ! (edited) (https://bitcointalk.org/index.php?topic=4426885.0) BitcoinTalk.org is the ONLY domain the forum has. Exchanges (Poloniex, Bittrex, Binance have phising sites with unicode, but I still not find them for examples; so if you know such topics, please help):I've just received an email from some scammer which asked me to review Poloniex's new terms of use. But the link leads to: https://secure.poloniex.work/ When you know they are phising sites, you should do two things: Report them to Google Like this I check all sites from the list, the result is the following : First and last site from the list are loaded quite normal (no blocking from adblock, av or other security software), and other sites are blocked by my browser (Firefox) as Deceptive site ahead with the following warning : Quote electrumclient.org has been reported as a deceptive site. You can report a detection problem or ignore the risk and go to this unsafe site. Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. http://i68.tinypic.com/2euol82.jpg Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to Google (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en). In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected. It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software. Protect your computers by editing your hosts file Another one to be added to your hosts files then. On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor. On Mac, navigate to "/private/etc/", and open the hosts file in a text editor. On Linux, open terminal and write "sudo nano /etc/hosts" Add the following two lines to the bottom of the hosts file: Code: 0.0.0.0 bitcointalk.to Your browser will now be unable to open those two phishing sites. There are some of the most active users who keep updating phising sites: - socks435 (https://bitcointalk.org/index.php?action=profile;u=558519) - Baofeng (https://bitcointalk.org/index.php?action=profile;u=984384) - GreatArkansas (https://bitcointalk.org/index.php?action=profile;u=1164368) If you are a fan of bitcoin, use Electrum wallet to store your bitcoin, you should be careful with phishing sites that try to clone Electrum site and never stop popping up. You should follow them to get fastest updates on phishing sites. Warning! Remember addresses of important sites are always the best! Sometimes, links to upgrades provided by official wallets might be abused by attackers, so it will be the best if you remember exact address of sites (to download walelts, ie.) Thanks @NeuroticFish by reminding me about it Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds. There is announcement of admin: Electrum vulnerability allows arbitrary messages, phishing (https://bitcointalk.org/index.php?topic=5090097.0)I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort. IMPORTANT NOTES: - Don't arbitrarily click on links (using Google to search that link plus keywords 'phishing sites' or 'phishing' to check those links) - Remember exact links of limited, but extremely important sites. - Bookmark links of wallets, exchanges, forums (important sites). - Report phising sites when you find them or know about them by other's warnings - Using Host-file to deal with phishing sites (https://bitcointalk.org/index.php?topic=5178198.0) Read more: - Tampering attacks! (https://bitcointalk.org/index.php?topic=5171134.msg52175133#msg52175133) - Punnycode attacks (https://www.wandera.com/mobile-security/phishing/punycode-attacks/) - [LEARN] Phishing Quizzes - Beginners & Experts (https://bitcointalk.org/index.php?topic=5178375.0) - Host-file to deal with phishing sites (https://bitcointalk.org/index.php?topic=5178198.0) Title: Re: What to do to avoid phising sites Post by: Upgrade00 on August 01, 2019, 08:50:06 AM Nice post. It would be helpful to bookmark all the sites you visit regularly, and always review any new site before adding it to your list.
Never click on links from unsolicited emails, telegram messages or even PMs here on the forum. Before clicking on edited links here on BT, hover over the link to view the original HTML or copy and paste the link if you're using a mobile browser. Title: Re: What to do to avoid phising sites Post by: NeuroticFish on August 01, 2019, 12:49:15 PM There are also browser extensions that help you finding out pretty easy if a site is legit or phishing.
However, the best approach is being careful and instead of searching for the websites on the internet, typing directly the correct address will keep you out of troubles. Title: Re: What to do to avoid phising sites Post by: hd49728 on August 01, 2019, 01:10:06 PM There are also browser extensions that help you finding out pretty easy if a site is legit or phishing. Browsers have bookmark features to do it. Or people can save links of their most visited sites in their own ways (beyond bookmarks) for later use. No one can remember all site addresses.However, the best approach is being careful and instead of searching for the websites on the internet, typing directly the correct address will keep you out of troubles. Title: Re: What to do to avoid phising sites Post by: NeuroticFish on August 01, 2019, 01:17:22 PM Browsers have bookmark features to do it. Or people can save links of their most visited sites in their own ways (beyond bookmarks) for later use. No one can remember all site addresses. You're right, however, for some cases (namely electrum) I still advise remembering it (electrum.org), just because one may need it on a fresh PC or a live OS. But yes, for normal use bookmarking the proper site is also a great approach. Anything, just don't search for it, because fake sites are often returned in the top of search results, and don't click onto links in e-mails, websites and so on. Title: Re: What to do to avoid phising sites Post by: hd49728 on August 01, 2019, 01:20:06 PM You're right, however, for some cases (namely electrum) I still advise remembering it (electrum.org), just because one may need it on a fresh PC or a live OS. Sure. It is the same with forum address. Anyone of us don't remember the forum address: bitcointalk.org. It is easy to remember most important sites. For the rest, use bookmarks, and spreadsheets.But yes, for normal use bookmarking the proper site is also a great approach. Anything, just don't search for it, because fake sites are often returned in the top of search results, and don't click onto links in e-mails, websites and so on. If someone use the same computer, that already install Electrum wallet (for example), just click on link from the wallet to upgrade to newest version. There is no need to search for site of Electrum, then might get trapped. One more thing, people should dedicate one computer for extremely important things: Wallets. Their rest devices can be used for other stuffs: log in emails, log in exchange accounts, log in the forum accounts, and for entertainments. Title: Re: What to do to avoid phising sites Post by: NeuroticFish on August 01, 2019, 01:29:10 PM If someone use the same computer, that already install Electrum wallet (for example), just click on link from the wallet to upgrade to newest version. There is no need to search for site of Electrum, then might get trapped. Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds. I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort. Title: Re: What to do to avoid phising sites Post by: hd49728 on August 01, 2019, 02:10:09 PM Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds. Exactly!I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort. I know that time, when the forum has running text warned about that phising attacks, and theymos created a thread to warn about it, too. Hang on minutes, I will give you theymos' thread on this. This one: Electrum vulnerability allows arbitrary messages, phishing (https://bitcointalk.org/index.php?topic=5090097.0) Anyway, you made a point, that deserves to add in OP. Thanks. Title: Re: What to do to avoid phising sites Post by: welovedcrypto on August 01, 2019, 04:27:36 PM There are few tools which detects phishing site. You should add them in your thread.
NetCraft: https://chrome.google.com/webstore/detail/netcraft-extension/bmejphbfclcpmpohkggcjeibfilpamia?hl=en WOT: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=en HTTPS Everywhere :https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en Title: Re: What to do to avoid phising sites Post by: hd49728 on August 02, 2019, 01:24:01 AM The point is there is no phisers will build their phising sites to clone small, unfamous sites. They always target at famous sites, like the forum, Binance, Electrum and so on. I don't see issues to remember extremely important things in my life, such as my wife's phone number, my house address, and it is the same for important sites in crypto. Just remember them (always narrow down your list of most important sites for your interests - less than dozen, maybe; then you will remember them). Always bookmark for cases you forget their addresses.
Title: Re: What to do to avoid phising sites Post by: boyptc on August 02, 2019, 02:09:21 AM Best is to use Google chrome and adblocker, also keep track on HTTPS This is good for google chrome browser users but how about for other browsers?I've installed metamask before and whenever I landed to a suspicious sites, it gives me a warning but I have uninstalled it. I want to know if someone who's still using it and if its still working? Title: Re: What to do to avoid phising sites Post by: Kakmakr on August 02, 2019, 08:50:24 AM I think people should be more observant and also not be too lazy to double check and to verify the link that they use on a daily basis. Some people simply click on a bookmark in their browser, thinking that the URL cannot be tampered with. They will simply click on links in emails, without verifying that the URL does not redirect them to a phishing site.
If a URL is short, just type it... it is as easy as that and also check the auto-completed part of the URL, if it is stored in the browser cache, because that can also be tampered with. Simply be more observant and double check every URL, before you use it. ::) Title: Re: What to do to avoid phising sites Post by: hd49728 on August 02, 2019, 09:00:07 AM Additional point:
In previous posts, I wrote about important sites. For example, coinmarketcap.com, from which you can easily search for links to exchanges, Binance, Bitmex, Okex, and so on. It is good if you remember those sites, but if you don't remember, searching them from reliable sites, that you remember. Most of things in crypto can be searched with coinmarketcap.com (project's website, explorer, social channels, available exchanges, etc.). Honestly, I always begin from CMC, not Google. Title: Re: What to do to avoid phising sites Post by: Pmalek on August 03, 2019, 08:22:39 AM Best is to use Google chrome and adblocker, also keep track on HTTPS 10 years ago that would be enough but today HTTPS is no proof of anything. It costs only a few $ or is even free and all it does is it creates a wrong sense that the website in question is legit due to the encrypted connection. Title: Re: What to do to avoid phising sites Post by: mk4 on August 06, 2019, 03:33:39 AM This is good for google chrome browser users but how about for other browsers? I've installed metamask before and whenever I landed to a suspicious sites, it gives me a warning but I have uninstalled it. I want to know if someone who's still using it and if its still working? Yes, Metamask still has that feature as far as I know. But seriously. You really just need to stop googling websites that you know and already use anyway. Instead, simply accurately type it in on the address bar, and bookmark the page for future use. Problem resolved. Title: Re: What to do to avoid phising sites Post by: Baofeng on August 06, 2019, 03:23:36 PM Thanks OP for mentioning my name, ;D
Best is to use Google chrome and adblocker, also keep track on HTTPS 10 years ago that would be enough but today HTTPS is no proof of anything. It costs only a few $ or is even free and all it does is it creates a wrong sense that the website in question is legit due to the encrypted connection. Correct, actually I open up a thread about that one, PSA: Cyber Actors Exploit 'SECURE' Websites in Phishing Campaigns - FBI (https://bitcointalk.org/index.php?topic=5167031.0) Title: Re: What to do to avoid phising sites Post by: Baofeng on August 08, 2019, 10:07:05 AM For FF users, there is one trick in the book that can help you see the punycode.
[1] Type "about:config" in the address bar https://i.ibb.co/vJHbNmz/Screen-Shot-2019-08-08-at-6-00-54-PM.png (https://imgbb.com/) [2] Then type "punycode" in the search bar https://i.ibb.co/hsnKhdw/Screen-Shot-2019-08-08-at-6-02-45-PM.png (https://imgbb.com/) [3] Then double click on "network.IDN_show_puny_code" and enable it to true. https://i.ibb.co/3mfDq5q/Screen-Shot-2019-08-08-at-6-04-33-PM.png (https://ibb.co/DfGxyPy) Title: Re: What to do to avoid phising sites Post by: Nnuego on August 08, 2019, 01:57:47 PM I believe when you search for something on google, it will give you different result of what you've searched for and it abit highlight of the result found. You read carefully and, click on the one that's explain it better
Title: Re: What to do to avoid phising sites Post by: hd49728 on August 15, 2019, 03:49:30 AM I believe when you search for something on google, it will give you different result of what you've searched for and it abit highlight of the result found. You read carefully and, click on the one that's explain it better In crypto, the first place you should visit and use when you want to search on crypto projects is coinmarketcap.com.Visit that site, type project name in search box, and see what you get. If you can find project on coinmarketcap.com through its search box; it is somehow give you links to those projects' channels (Websites, Github, Available exchanges, Explorers, etc. - official ones, not phising ones). Projects already listed on coinmarketcap.com do not equal to good projects, but at least you will not get phised by phising sites. For important sites, you have to remember their site addresses, and bookmark can be used and helpful. However, bookmark has its own risks of being tampered. Avoid starting to search using Google if you can find those projects from coinmarketcap.com Title: Re: What to do to avoid phising sites Post by: ccryptopark on August 15, 2019, 04:22:26 PM I just learned about these guys https://www.phishfort.com/
had a peek into their blogs and seems like they know what they're up to Title: Re: What to do to avoid phising sites Post by: hd49728 on August 16, 2019, 05:03:24 AM What I do is I bookmark the important sites that involves transactions like myetherwallet and some crypto exchanges. Some accounts that have 2fa will be difficult to hack even if you clicked a phishing sites. Popular browser like google chrome and mozilla firefox automatically detects malicious websites so it's best to use for everyone. It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.Remember site address is the best. Title: Re: What to do to avoid phising sites Post by: bob123 on August 16, 2019, 08:37:25 AM It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark. Remember site address is the best. To tamper with the bookmarks you made, someone needs access to your device or browser. And with access to one of them, you are in more trouble than just having your bookmarks changed. Remember the sites and typing them each time can lead to misspelling them. So that's not a perfect solution either. A better solution would be to remember the IP address of the web server, and each time before visiting it you do a DNS lookup to check whether the hostname resolves to that given IP address. Then visit the webserver via the IP address. But if they are using cloudflare, that's not possible. This was obviously overexaggerated. But visiting the site properly is not such a trivial task. Each method has its ups and downs. There is no 'best' solution. There are countless attacks on each way of visiting a website. Some are trivial to detect while others are not. The most important thing is to use your common sense and be careful. Regardless of which method you are using. Title: Re: What to do to avoid phising sites Post by: hd49728 on August 24, 2019, 04:53:31 AM This thread will help you with another tool to fight against phising sites by using host-files
Host-file to deal with phising sites (https://bitcointalk.org/index.php?topic=5178198.0) However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them. Title: Re: What to do to avoid phising sites Post by: rearwheels on September 07, 2019, 11:11:52 AM Hi all. Recently I have found this thread about Phishing Quizzes which will help you to become more experienced in detecting Phishing sites.
https://bitcointalk.org/index.php?topic=5178375.new#new There is a list of quizzes which you can start. Title: Re: What to do to avoid phising sites Post by: hd49728 on September 07, 2019, 11:46:42 AM https://bitcointalk.org/index.php?topic=5178375.new#new Thank you, but that topic was added in OP days ago.Read more: - [LEARN] Phishing Quizzes - Beginners & Experts (https://bitcointalk.org/index.php?topic=5178375.0) Title: Re: What to do to avoid phising sites Post by: nakamura12 on September 08, 2019, 05:44:39 PM This thread will help you with another tool to fight against phising sites by using host-files It's also effective to add the phishing website in the host file just like the link. It is also better to know lots of phishing sites so you can add. It all depends on the person if he/she will do what we should do when it comes to phishing sites. Anyway, it's not only phishing sites that we need to avoid.Host-file to deal with phising sites (https://bitcointalk.org/index.php?topic=5178198.0) However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them. Title: Re: What to do to avoid phising sites Post by: bL4nkcode on September 08, 2019, 06:19:25 PM I must say, there are lots of tutorials and procedures on how to avoid being phished on the internet for a while now, even before cryptocurrency existed, but there are still lots of internet users got fooled and become victims of these. And I say being knowledgable and being careful of what to click and what to input/type will be the key to prevent this.
But this tutorial is still helpful, so newbies should work and follow this one. Title: Re: What to do to avoid phising sites Post by: hd49728 on September 09, 2019, 01:05:37 PM I must say, there are lots of tutorials and procedures on how to avoid being phished on the internet for a while now, even before cryptocurrency existed, but there are still lots of internet users got fooled and become victims of these. And I say being knowledgable and being careful of what to click and what to input/type will be the key to prevent this. What attackers use are not strange, and the main reasons why attackers still succeed with their phising strategies are people still don't change their stupid, and careless habits. It is nearly same thing that we see on market, losers always FOMO and buy at peaks, but they usually scare and hesitate to buy (even if they don't get stucked and still have free money to invest) at bottoms. They repeatedly do this, and blame all their losses on market.But this tutorial is still helpful, so newbies should work and follow this one. People give attackers access to their devices, identities, passwords, and more, by themselves, but they blame on attackers and their phising sites. Title: Re: What to do to avoid phising sites Post by: masulum on September 11, 2019, 12:42:02 PM I create simple infographic top 9 most commons phishing using email and newbie member can avoid all of this kind email
read full article from source: https://now.uiowa.edu/2019/09/avoid-these-10-common-phishing-emails you can find an example of each email phishing on there here is my infographics Title: Re: What to do to avoid phising sites Post by: whtchocla7e on September 11, 2019, 02:43:56 PM Thanks for your post, you helped me a lot. However, I would like to add a little bit about how I identify and prevent phishing sites, which are:
- Make a habit of looking at the web address regularly, with any click or access, I always control the address I visit - Save or mark important web pages, necessary and useful information to avoid visiting fake websites. - Install website detection tools containing malicious and fake code like Metamask, ... Title: Re: What to do to avoid phishing sites Post by: akirasendo17 on February 07, 2020, 12:17:19 AM this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on Title: Re: What to do to avoid phishing sites Post by: Magkirap on February 07, 2020, 04:31:13 AM this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on Title: Re: What to do to avoid phishing sites Post by: peter0425 on February 07, 2020, 06:29:35 AM this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on i am once a victim of phishing site lucky that i found earlier so my account did not compromised that is why from then?when newbie posted and share a link?never that i risk clicking it unless there are someone prove that it is legit. Title: Re: What to do to avoid phishing sites Post by: hd49728 on February 07, 2020, 01:49:58 PM this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites Everyone can be attacked and as a consequence of that, given links from people who well known about are risky too. There is no perfect guarentee that given links from your wife/ husband/ relatives are safe. Checking links is the must step to do. Of course, we need to be more careful with links from strangers.we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say. https sites are what you implied but phishing sites can be https ones, and they are not restricted to http sites.that is why we must Bookmarked each sites we often visiting,and prevent our self from Clicking random links shared to our front. Immediately click on given links is bad but bookmark is unable to completely safe us from attacks. Bookmark help us most of the time, but if there are Tampering attacks on our devices (caused by our bad internet surfing activities) bookmark will be changed and no longer to safe us.Title: Re: What to do to avoid phishing sites Post by: masulum on February 07, 2020, 02:32:42 PM https sites are what you implied but phishing sites can be https ones, and they are not restricted to http sites. That's so true, most internet users become a phishing website victims because they are believe if phishing sites will not using SSL. But, in current internet era, anyone can use SSL for free for their websites. Based on data few years ago, there are 15,270 (https://www.thesslstore.com/blog/lets-encrypt-phishing/) phishing website with SSL. How it happen? because they can get SSL for free, so if we don't re-check the site address, of course we will become a victim. The best way always double check domain address that you visit and recheck link inside email before clicking, it will make us save from phishing. Related thread: Half of all Phishing Sites Now Have the Padlock Sign (https://bitcointalk.org/index.php?topic=5078786.0) by @Pmalek (https://bitcointalk.org/index.php?action=profile;u=112493). In this thread i share about new data about phishing website with padlock sign increase about 400% (https://bitcointalk.org/index.php?topic=5078786.msg52857487#msg52857487) Title: Re: What to do to avoid phishing sites Post by: hd49728 on February 07, 2020, 02:48:06 PM That's so true, most internet users become a phishing website victims because they are believe if phishing sites will not using SSL. But, in current internet era, anyone can use SSL for free for their websites. Based on data few years ago, there are 15,270 (https://www.thesslstore.com/blog/lets-encrypt-phishing/) phishing website with SSL. How it happen? because they can get SSL for free, so if we don't re-check the site address, of course we will become a victim. The best way always double check domain address that you visit and recheck link inside email before clicking, it will make us save from phishing. Exactly. The figure you gave on 15270 phishing sites with SSL is an impressive detail for my topic. I appreciated it.It is a cool guide on SSL vs. TLS! (https://bitcointalk.org/index.php?topic=5223953.0) that I saw minutes recently. Title: Re: What to do to avoid phishing sites Post by: hd49728 on February 12, 2020, 05:34:35 AM bump
Title: Re: What to do to avoid phishing sites Post by: lovesmayfamilis on December 08, 2021, 11:55:21 AM Nice post, but I didn't see any information on how to prevent mobile phones from reaching phishing sites. Today we use mobile devices every day, and precautions must be learned by us as a multiplication table. We have dozens of applications installed in our mobile phones, which also contain data about the payment systems we use, data from social networks, and so on.
Therefore, users also need to observe caution when they install applications, strictly adhere to the official stores. Do not trust the links they receive as SMS messages. And of course, timely updating of systems and the use of licensed antivirus will help to stay safe and save data on the device without all sorts of hacker hacks. Title: Re: What to do to avoid phishing sites Post by: JayTrain on December 09, 2021, 10:58:18 AM I had a case with MEW when I didn't check the site address and decided to go to the first link through Google search...and I realized that I was phishing, the private key was immediately compromised and it was a lesson for me, now I check the link several times where I go and do not use the search engine to search for such sites.
Title: Re: What to do to avoid phising sites Post by: BernyJB on December 09, 2021, 05:45:36 PM For FF users, there is one trick in the book that can help you see the punycode. [1] Type "about:config" in the address bar https://i.ibb.co/vJHbNmz/Screen-Shot-2019-08-08-at-6-00-54-PM.png (https://imgbb.com/) [2] Then type "punycode" in the search bar https://i.ibb.co/hsnKhdw/Screen-Shot-2019-08-08-at-6-02-45-PM.png (https://imgbb.com/) [3] Then double click on "network.IDN_show_puny_code" and enable it to true. https://i.ibb.co/3mfDq5q/Screen-Shot-2019-08-08-at-6-04-33-PM.png (https://ibb.co/DfGxyPy) Thank you, I just did the punycode thing. 8) Using adblock plus and forcing https is always a good idea. It's also important to pay attention to the address you're clicking on. Most people don't even look at that. If a link pops up in your wallet (or your email, or anywhere) and tells you to "update it", DON'T FOLLOW IT, go to your wallet's page and look for the update. Bookmark sites like Github, so there's no chance of you inadvertently going into the wrong address. But, most importantly BE CAREFUL when you click on a link, always. Title: Re: What to do to avoid phishing sites Post by: Masplanc on December 10, 2021, 07:09:34 AM Thanks for the information, there are more phishing site like this that are not real, one need to be extremely carefully. People create all this fake site to scam people and the rate of this is increasing daily.
Title: Re: What to do to avoid phishing sites Post by: BernyJB on December 11, 2021, 03:37:11 PM One thing I forgot: DON'T USE GOOGLE!
Google is very convenient and full featured, but they collect your data and sell it. Use Duck Duck Go as a search engine. Not as pretty, but they don't touch your stuff. Title: Re: What to do to avoid phishing sites Post by: MrcMrc on December 14, 2021, 02:31:12 PM One thing I forgot: DON'T USE GOOGLE! I use Google a lot and I have not encountered any phishing attack simply because am very careful with the kind of links I click on and I often store my details such as password and credit cards on google.Google is very convenient and fully featured, but they collect your data and sell it. Use Duck Duck Go as a search engine. Not as pretty, but they don't touch your stuff. Title: Re: What to do to avoid phishing sites Post by: jerry0 on December 16, 2021, 01:42:07 AM Did visiting any of those sites without downloading the program cause issues though?
Title: Re: What to do to avoid phishing sites Post by: DdmrDdmr on December 16, 2021, 09:19:52 AM <…> Sites like the ones mentioned here don’t just aim for you to download something (normally malware on its own or bundled as part of the installer’s task), but they also may prompt you to provide information that ranges from personal and contact information, login credential, through to crypto mnemonics.Besides, in general terms, the person that lands on this sort of page may not have a clue that he’s actually on a phishing site, and that is the core danger to begin with. Even if you purposely visit it to take a sneak-peak knowingly, you need to be careful with your browser history and configuration thereafter, since your browser may autofill to the phishing site later on because you has previously visited it (when typing what you think is the proper url). |
