|
denis-z12 (OP)
|
 |
February 19, 2018, 11:00:35 PM |
|
 Be very careful where you enter your login data! HTTPS means nothing anymore. Do you notice the small dots(.) below the letters nIf you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated. Stay Safe |
|
|
|
|
|
|
|
Make sure you back up your wallet regularly! Unlike a bank account, nobody can help you if you lose access to your BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
Oneandonlydl
Newbie
 Offline
Activity: 24
Merit: 0
|
|
February 20, 2018, 12:24:35 AM |
|
That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.
|
|
|
|
|
Family2930
Jr. Member
Offline
Activity: 224
Merit: 1
|
|
February 20, 2018, 12:43:06 AM |
|
Thank you very much for the alert. But I think that is not fake website, i have never seen a fake website with Https:// (Secure) Written. Maybe that dot (.) on your computer/Laptop 's home screen. I am not sure though. Btw thanks again.
|
╔═██| investaco.in |██═════ Pre ICO : May 1st, 2018 ═╗
╚ JOIN THE NEW BREED WHO WILL INHERIT THE DIGITAL EARTH! ╝ |
|
|
cryptozoomed
Newbie
Offline
Activity: 3
Merit: 0
|
|
February 20, 2018, 01:18:58 AM |
|
Great warning! A reminder to all of us to always triple check whenever we log in to an exchange!
|
|
|
|
|
|
bitperson
|
|
February 20, 2018, 01:25:40 AM |
|
This is a good example of script spoofing as described at https://en.wikipedia.org/wiki/IDN_homograph_attack. Internationalised domain names should never have been implemented in the first place. Users and administrators should disable it wherever it is encountered. |
|
|
|
|
jseverson
|
|
February 20, 2018, 01:58:46 AM |
|
That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.
Well there's no way you can accidentally type that out, so it's most likely from an ad or a deliberate phishing attempt. Some people may be too lazy in typing out the full address, so they search for the exchange in Google and go for the first result, which could be a sponsored ad. Deliberate phishing attempts come from emails or messages that look like they legitimately come from the site, asking you to click a seemingly legit link to drop your guard. The best way to not get duped into these is to type the addresses out yourself, and maybe bookmark them if you're absolutely sure your computer is clean. |
|
|
|
EcuaMobi
Legendary
Offline
Activity: 1862
Merit: 1468
https://Ecua.Mobi
|
If using Firefox, I strongly advice everyone to enable the option to show IDN domains using the long codification. Open the address "about:config", find "punycode" and enable it:  And, more importantly, always type addresses yourselves. Never open them using received links. Thank you very much for the alert. But I think that is not fake website, i have never seen a fake website with Https:// (Secure) Written. Maybe that dot (.) on your computer/Laptop 's home screen. I am not sure though. Btw thanks again.
You must learn more about HTTPS! It just means the information between you and the website is encrypted and, most of the times (unless the certificate is self-signed or provided by a fake authority), that the site owns the domain (any domain) you're browsing. If you're browsing a fake site then it means the website owns that fake domain, not the real one. It's trivial and free to get HTTPS for any domain you own, real or fake. Read this: https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/ |
|
|
|
|
Thirdspace
|
|
February 20, 2018, 02:28:08 AM |
|
Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.
most likely he used google search or clicked link from shady website that's why it's a good idea to create bookmarks for your most visited/used sites and only open from bookmarks If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.
yes it's a good idea to activate 2FA, at least it will somewhat prevent them to steal your coins and most exchanges already put security measure on withdrawal process requiring confirmation link sent to your email |
|
|
|
Cita1
Newbie
Offline
Activity: 153
Merit: 0
|
|
February 20, 2018, 03:49:11 AM |
|
Thanks for reminding us here. Very helpful post. Merit deserving?
|
|
|
|
|
krisssssy01
Newbie
Offline
Activity: 13
Merit: 0
|
|
February 20, 2018, 03:54:05 AM |
|
https://i.imgur.com/Qf3nKiI.jpgBe very careful where you enter your login data! HTTPS means nothing anymore. Do you notice the small dots(.) below the letters nIf you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated. Stay Safe thanks for the info sir..simple tips but it matters a lot...godbless☺ |
|
|
|
|
O$IRIS
Newbie
Offline
Activity: 136
Merit: 0
|
|
February 20, 2018, 04:42:25 AM |
|
Could any one please clarify what those '...' under Ns mean? How does that represent a risk?
|
|
|
|
|
fraufreiheit
Jr. Member
Offline
Activity: 252
Merit: 6
The Premier Digital Asset Management Ecosystem
|
|
February 20, 2018, 04:50:36 AM |
|
Could any one please clarify what those '...' under Ns mean? How does that represent a risk?
This site is fake, pretending to be a real exchange. When you go to it, you don't pay attention to these dots and think that it is an actual binance platform. Then you enter your e-mail and password and they go to hackers who now can do anything with your account on an exchange. Just google "phishing" for more examples, if it is still not clear. |
|| ICONIQ HOLDING ||
The Premier Digital Asset Management Ecosystem, Powered by the ICNQ Token |
|
|
pooya87
Legendary
Offline
Activity: 3276
Merit: 9930
Premium Bitcoin Mixer
|
|
February 20, 2018, 05:23:35 AM |
|
And always have 2 factor authentication activated.
2FA is very important. additionally what i do is that i always bookmark these important websites and i open them through my bookmarks instead of clicking any links. also a quick way to notice a fake site for me has always been based on their "zoom"! usually browsers remember the zoom level that you used on the websites. for example (if you haven't already) zoom in while seeing this topic then visit one of bitcointalk mirror/fake websites such as this one: fake link: https://bitcointalk.org/index.php?topic=2981675.0now you can clearly see it is a different website you are visiting based on its zoom alone. |
|
|
|
cryptocurrencybazaar
Newbie
Offline
Activity: 24
Merit: 1
|
|
February 20, 2018, 05:26:35 AM |
|
Woah! This is something new. Thanks for the heads up and spreading awareness.
Using 2FA is kind of must if you are holding coins on any exchanges. It can secure your funds otherwise anyone can fall prey to such novel scams.
|
|
|
|
|
bitmover
Legendary
Offline
Activity: 2128
Merit: 5201
bitcoindata.science
|
|
February 20, 2018, 05:45:55 AM |
|
Tip to avoid getting scamed:
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
|
|
|
|
mits001
Newbie
Offline
Activity: 30
Merit: 0
|
|
February 20, 2018, 05:57:21 AM |
|
Tip to avoid getting scamed:
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Though it's a nice concept but saving passwords in browser is not safe either. Someone having access to your system can easily find the password or hackers can steal it too. Better to use 2FA for added security. |
|
|
|
|
pooya87
Legendary
Offline
Activity: 3276
Merit: 9930
Premium Bitcoin Mixer
|
|
February 20, 2018, 06:05:52 AM |
|
Tip to avoid getting scamed:
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Though it's a nice concept but saving passwords in browser is not safe either. Someone having access to your system can easily find the password or hackers can steal it too. Better to use 2FA for added security. that is true. it is best not to save passwords in your browser however it is not that simple to access stored passwords in browsers like Google Chrome and Firefox. they can also be password protected. for example if you have a password for your system log in when you visit chrome://settings/passwords in your Chrome browser it will require you to input that password before it shows you sensitive information. in Firefox you have to set a Master Password yourself from about:preferences#privacy |
|
|
|
|
denis-z12 (OP)
|
|
February 20, 2018, 09:46:33 AM |
|
Here are some links with special characters that can be used to trick users in giving them their login details by creating an exact copy of the website with just a little . or , somewhere that we might not even notice if we are in a hurry. https://tools.oratory.com/altcodes.htmlhttp://www.doc.ic.ac.uk/~svb/chars.htmlhttps://en.wikipedia.org/wiki/List_of_Unicode_charactersNotice all the possibilities with the letter A Now think of your paypal account for example if you are using paypal. Imagine someone sends you a link or you find a link - https:/www.paypȧl.com, you might think its dirt on your screen, dead pixel or something. I changed only one letter, look - https:/www.paypȧl.comLike some users said, dont click on links suggested on google or something you received via email, social media. Typing the address yourself is a good tip. Bookmark, also a good tip. Unfortunately saving the password in your browser is a bad idea. Password Stealers are designed to find this data as it is stored in different locations on your PC. Password managers are also being targeted so any software offering to keep your passwords for you can be subject to an attack. |
|
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2156
Merit: 3127
₿uy / $ell
|
|
February 20, 2018, 10:05:41 AM |
|
What I'm afraid of is that the domain name can be also written in Cyrillic. If you mix both Latin and Cyrillic you get something like this : www.google.comand www.google.com (save to click, leading to non-existing page) Do you see any difference??No! You see no difference but the second is written with two Cyrillic o's There you have no need to change the n to different name, it can really be www.binance.comand two different variations www.binance.com one Cyrillic "a" (save to click, leading to non-existing page) www.binance.com one Cyrillic "e" (save to click, leading to non-existing page) I haven't tried it myself but I could't find any restrictions in mixing different alphabets. Note. Almost all vocals can be switched in between and many other letters. |
|
|
|
|
denis-z12 (OP)
|
|
February 20, 2018, 11:01:23 AM |
|
What I'm afraid of is that the domain name can be also written in Cyrillic. If you mix both Latin and Cyrillic you get something like this : www.google.comand www.google.com (save to click, leading to non-existing page) Do you see any difference??No! You see no difference but the second is written with two Cyrillic o's There you have no need to change the n to different name, it can really be www.binance.comand two different variations www.binance.com one Cyrillic "a" (save to click, leading to non-existing page) www.binance.com one Cyrillic "e" (save to click, leading to non-existing page) I haven't tried it myself but I could't find any restrictions in mixing different alphabets. Note. Almost all vocals can be switched in between and many other letters. Thats a new threat level that I havent though of yet. Is that possible? Can you really combine different alphabets in the address bar? I have never seen a Cyrillic address or any other alphabet except latin letters. Maybe some other users can give us some more info |
|
|
|
|
|
