2 phishing websites shows on search engine when searching about Electum DDOS

[BitMaxz]

I would like other users to be aware of other new phishing Electrum websites that I found when I searching on bing and google.

Here's the 2 phishing sites.

Code:

http://electrum.bz
http://electrumsecuredownload.com

Keep your wallet safe and always use the original Electrum website which is electrum.org when downloading the latest version of Electrum.

Edit: It seems someone already victim again with electrum[.]bz in reddit from here
Please be careful guys don't give your Bitcoin to scammers.

[TryNinja]

We can report them here: https://support.google.com/google-ads/troubleshooter/4578507
And here: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

This will remove them from showing up on Google ads.

[joniboini]

Edit: It seems someone already victim again with electrum[.]bz in reddit from here

It still amazes me how some people could fall to an explicit fake site like this. Don't they know about the legit site or do their DNS/computer gets hijacked somehow? How come do they know about Electrum in the first place? Looks like we need to increase spreading awareness about Electrum legit site and about phishing attack in general.

[bob123]

Don't they know about the legit site or do their DNS/computer gets hijacked somehow? How come do they know about Electrum in the first place? Looks like we need to increase spreading awareness about Electrum legit site and about phishing attack in general.

I would say more than 90% of all fake-electrums downloaded are because of user being unaware.
I don't have anything to prove this number, it is just a feeling.


DNS spoofing and cache poisoning takes quite some effort.. It is easier to just host a fake website and pay for a high google ranking / google ads.
And unfortunately the majority of people in the cryptospace (not just here, internet overall) are extremely unaware.

IMO it would be more lucrative this way, than spending lots of time and effort into dns spoofing etc. (even tho this would be the 'better' way for a high-value target which is quite aware).

[Lucius]

Both sites from OP are blocked in Firefox, and first one is also blocked on Brave browser. Second site is still opening in Brave, so this means that some users are exposed to the risk. It is important to report such sites to Google (links posted by TryNinja), but also direct from browsers. Firefox is have that option in Help -> Report Deceptive Site.

What can save each user to become victim of phishing  is to use adblocker for any browser, such extension will block all pay ads from Google search results, and it will show only legitimate Electrum site.

[bob123]

What can save each user to become victim of phishing  is to use adblocker for any browser, such extension will block all pay ads from Google search results, and it will show only legitimate Electrum site.

While i agree that using an adblocker is extremely helpful in avoiding such scams, it is also possible that a fake electrum site has an increased google ranking through some SEO.
It definitely helps avoiding such sites, but by far doesn't protect you from them.

It might even be possible that some fake site will be placed above the real electrum site. Therefore it is always necessary to double check the URL and verify the signature of the downloaded files.
Verifying the signature is the only way to be sure that the downloaded file is the one uploaded by ThomasV (assuming that ThomasV knows how to protect his signing key, which he most probably does).

[hugeblack]

Verifying the signature is the only way to be sure that the downloaded file is the one uploaded by ThomasV (assuming that ThomasV knows how to protect his signing key, which he most probably does).

If the user does not check the site, he will not verify the signature. Verification of the signature is important in hacking the official site cases but will not be useful in such cases.

To solve the problem definitively there must be collaboration between browsers and search engines. There is an authentication badge next to each official account "just as it happens in social media" and therefore when a person visits any site similar to the official domain the warning appears.