Bitcoin Forum
April 10, 2020, 03:47:21 AM *
News: Latest Bitcoin Core release: 0.19.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: New way of phishing?  (Read 391 times)
Wnlz16
Newbie
*
Offline Offline

Activity: 87
Merit: 0


View Profile
March 13, 2018, 05:32:35 AM
 #1

My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?
1586490442
Hero Member
*
Offline Offline

Posts: 1586490442

View Profile Personal Message (Offline)

Ignore
1586490442
Reply with quote  #2

1586490442
Report to moderator
1586490442
Hero Member
*
Offline Offline

Posts: 1586490442

View Profile Personal Message (Offline)

Ignore
1586490442
Reply with quote  #2

1586490442
Report to moderator
1586490442
Hero Member
*
Offline Offline

Posts: 1586490442

View Profile Personal Message (Offline)

Ignore
1586490442
Reply with quote  #2

1586490442
Report to moderator
Bitcoin Poker 3.0
The Largest Bitcoin Poker Site
Bad Beat Jackpot Available
No Limit Texas Hold'em Cash Games And Tournaments
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1586490442
Hero Member
*
Offline Offline

Posts: 1586490442

View Profile Personal Message (Offline)

Ignore
1586490442
Reply with quote  #2

1586490442
Report to moderator
1586490442
Hero Member
*
Offline Offline

Posts: 1586490442

View Profile Personal Message (Offline)

Ignore
1586490442
Reply with quote  #2

1586490442
Report to moderator
1586490442
Hero Member
*
Offline Offline

Posts: 1586490442

View Profile Personal Message (Offline)

Ignore
1586490442
Reply with quote  #2

1586490442
Report to moderator
BigBoy89
Legendary
*
Offline Offline

Activity: 1400
Merit: 1011


View Profile
March 13, 2018, 08:08:19 AM
 #2

There are plenty of MEW-like phishing sites and this is the most common way to steal your private key. If you open the Service Discussion section you will see that every second topic is about this.

If you don't check the URL every time you are using MEW, hitting on phishing MEW-copy is the most likely reason for your loss.

Start using Metamask and be more careful.
timikulit
Full Member
***
Offline Offline

Activity: 196
Merit: 103



View Profile
March 13, 2018, 08:33:31 AM
 #3

My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?

Can you provide us the screenshot of the MEW website you logged in? like what BigBoy89 said there are many MEW phishing sites. If the URL is the same with MEW's address then there's something wrong https://www.myetherwallet.com/

Bookmarking the MEW website and using metamask adds security you better use that and stops typing the site manually.

trademindxofficial
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile WWW
March 13, 2018, 08:38:13 AM
 #4

You can run a local offline MEW, instructions are here:

https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html

That's probably the safest way to go... doesn't help now obviously but may help someone avoid this in future.
Cnut237
Hero Member
*****
Offline Offline

Activity: 980
Merit: 515


First 100% Liquid Stablecoin Backed by Gold


View Profile
March 13, 2018, 08:41:50 AM
 #5

One piece of advice I have to help avoid phishing is beware of unicode domain names. This is where they make use of special characters that look almost identical to real characters, eg an e might be replaced by a special character that is an e with a tiny dot under it.
This seems to be getting more and more common in crypto, and it is very hard to distinguish between these fake URLs and the real ones.

Trofo
Hero Member
*****
Offline Offline

Activity: 994
Merit: 526


Translating to Croatian


View Profile
March 13, 2018, 09:09:04 AM
 #6

A good rule of thumb against all phishing attacks is to bookmark your page (myetherwallet) and always access it only trough your bookmark. I have read and written that statement at least 50 times in last few months. Using metamask or similar also helps Smiley 

Don't know about the OP situation and I am sorry that he lost his money. On the other hand I can't even feel sorry for the people who receive an Email with the link to the myetherwallet and click on it. Then immediately enter their private keys. This falls under natural selection. There will always be predators around to thin the herd of weak specimens. Sorry if that comes out a bit harsh but we all have to do our part to at least make it hard for hackers to get to our funds. One of the biggest points of crypto currencies is that everyone is responsible for his own money, and that entitles responsibility for some security precautions as well.

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
atliens99
Member
**
Offline Offline

Activity: 401
Merit: 13


View Profile
March 13, 2018, 09:10:11 AM
 #7

Same thing happened to my friend, he used a fake myetherwallet website.  ALWAYS check the domain.  Its safer to do offline transactions if you are capable of doing that.  MEW should still be fine if your on the official site.  Hope you didn't lose too much
fia_naila
Sr. Member
****
Offline Offline

Activity: 574
Merit: 251


Skynet


View Profile
March 13, 2018, 09:31:16 AM
 #8

maybe you ever got phis but you did not feel it. maybe when you in a rush you log in to mew phising site and did not do double check the url. install metacert on your browser you will always warned when you want to surf at some site like mywtherwallet or other. and dont ever put your private keys at the place people can easily take it. as long as i know that even the scamer have your private key they still need password to unlock your wallet. if private key and password can be opened by others its mean you got ever visit phising site


███
███
███
███
███
███
███
███
███
███
███
■    PRIVATE SALE is LIVE    ■
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Whitepaper   ■   Bounty   ■   Bitcointalk

███
███
███
███
███
███
███
███
███
███
███
                        ███
                     ▄▄ ▀▀▀ ███
                     ██▀ ▄▄ ▀▀▀
                   ▄▄    █▀▀ ▄▄ ██
                   ▀▀ ▄█  ▄▄ ▀
                  ██  ▀ ▄ ▀
                  ▄▄ █▄ ▀▀
                  ▀▀  ▄ ▀
   ▄▄              ██ ▀ ▀
   ██▀               ▄ ▀
  ▄  ▄█         ▄ ▄   ▀
 ███  ▀ █▄ ▄▀ ▀▄  ▀  ▄ ██ ██
  ▀▀ █▄ ▄  ▄█ ▀ █▀  ▀ ▄ ▄▄  ▄█▄
███     ▀▀   ▄█▄       ▄ ▀ ▄ ▀ ▄
▀▀▀ ██ ██ ██  ▀         ▄▄ ▀▀ ▀██
                         ▀ ▄█  ▄▄
                        ▄█ ▀▀ ▀██
                        ▄ ▄█▄
                       ▀▀ ▀▀
                      ██
Skynet
███
███
███
███
███
███
███
███
███
███
███
Telegram   ■   Facebook   ■   Twitter   ■   Medium   ■   Reddit   ■   LinkedIn
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
CREATING THE INTELLIGENT MACHINE ECONOMY

███
███
███
███
███
███
███
███
███
███
███
Ashleybarnes2
Newbie
*
Offline Offline

Activity: 65
Merit: 0


View Profile
March 13, 2018, 09:32:27 AM
 #9

I think the websites they use are getting extremely sophisticated. They can make urls look identical and they can change saved  bookmarks to a similar phishing website address. But to tell you the truth I wouldn't be surprised if there was a new technique unknown
Kulllianll
Member
**
Offline Offline

Activity: 280
Merit: 10


View Profile
March 13, 2018, 09:35:40 AM
 #10

I created another MEW where I sent the most valuable coins. And I use the old MEW in airdrops and bounty without fear.
realcrypto
Member
**
Offline Offline

Activity: 406
Merit: 11

Mining. Hosting. Cloud Mining.


View Profile
March 13, 2018, 09:38:05 AM
 #11

If you know that you are very careful with your private key. Make sure you do not trust any body, be it physical friends or friends you meet online. make your private key secret.

[   eGOLD  M I N I N G   ]    Mining. Hosting. Cloud Mining.
                                INVEST NOW                               
❪❪ WP | How it Works ❫❫   ◾ telegram  ◾ facebook  ◾ twitter
AmiranAbdul
Full Member
***
Offline Offline

Activity: 174
Merit: 100


📶Decentralized free Wi-Fi📶


View Profile
March 13, 2018, 10:13:51 AM
 #12

My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?
Scammers are becoming more and more refined, but this is the easiest way to crack your secrets, and you yourself are on it. So you need to be more careful and take countermeasures in advance.

Rano
Newbie
*
Offline Offline

Activity: 224
Merit: 0


View Profile
March 13, 2018, 10:16:04 AM
 #13

There recently was a fake website from MEW with some dots in the domain. Many people were falling for that trick and lost all their tokens.
So be careful if you are really surfing on the real myetherwallet website. It's good to save the real adress as a bookmark for example and always double check.
droptableguy2
Member
**
Offline Offline

Activity: 434
Merit: 10


View Profile
March 13, 2018, 10:38:29 AM
 #14

First, I would like to share my condolences with you. But when you create your wallet, look carefully at the address of the Web site, scammers often create the same web page as the main page, they differ only by one character. If you do not pay attention you will not be able to recognize this and easily fall into the trap of them and lose all the money in your wallet. Please store the Private Key and Json File carefully.

akitha
Member
**
Offline Offline

Activity: 658
Merit: 10

🔰FERRUM NETWORK🔰


View Profile WWW
March 13, 2018, 11:25:28 AM
 #15

You should install Ether Address Lookup, this will keep you away from phishing site. use metamask also or much safer store your token in nano ledger.

Mi5h0
Sr. Member
****
Offline Offline

Activity: 560
Merit: 273



View Profile
March 13, 2018, 01:54:45 PM
 #16

There recently was a fake website from MEW with some dots in the domain. Many people were falling for that trick and lost all their tokens.
So be careful if you are really surfing on the real myetherwallet website. It's good to save the real adress as a bookmark for example and always double check.

Exactly! It amazes me how many people will fall for this phishing scams.
I have seen some unicode domain names like 'mỵetherwałlet' (notice the dot next to the letter y and crossed letter l) very recently. They even made fake 'ċoindesk(dot)com' site to lure more naive users into the trap. There are some extensions for google chrome that might help, like Netcraft Extension. But I don't believe that there is absolutely reliable protection from phisihing sites. Using some common sense is the best protection.
icalical
Full Member
***
Offline Offline

Activity: 770
Merit: 155


Never Cheap but Always Affordable


View Profile
March 13, 2018, 01:59:43 PM
 #17

If you are using private key, store it in offline device such as flash disk, memory card, or sd card, thats the (only) safest way to store private. But there are other option like key phrase or mnemonic phrase which are more secure than private key.

Mi5h0
Sr. Member
****
Offline Offline

Activity: 560
Merit: 273



View Profile
March 13, 2018, 02:32:49 PM
 #18

If you are using private key, store it in offline device such as flash disk, memory card, or sd card, thats the (only) safest way to store private. But there are other option like key phrase or mnemonic phrase which are more secure than private key.

There's nothing safer about using a mnemonic phrase if you landed on a phishing site. The only purpose of such sites is to steal your private key (or seed phrase) and use it to empty your wallets. The place where you keep your private key has nothing to do in this case.
topesis
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
March 13, 2018, 08:45:25 PM
 #19

You must have done something wrong, there is possibility of you assessing some of these airdrops links using their links to visit MEW, just install Metamask, it safe mew from one of these scam site recently claiming that EOS is doing airdrops that I need to apply through one of their links
trumper
Full Member
***
Offline Offline

Activity: 406
Merit: 102



View Profile WWW
March 13, 2018, 09:35:09 PM
 #20

Even if you use keystore file encrypted version of private key instead of private key, the website can steal your file and also the password you entered. You should get a hardware wallet  Sad

Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!