Bitcoin Forum
January 24, 2019, 05:38:30 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: A simple way to protect yourself against Phishing attacks  (Read 78 times)
rreeve
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile WWW
July 09, 2018, 08:08:13 PM
 #1

Please Note, this will not protect you against every Phishing attack you come across but it will protect you against a common attack using international domain names. As always you still need to remain vigilant online, especially in the crypto space.

An important step I take to avoid falling for certain phishing URLs is to make sure my browser always shows the IDN (international domain name) punycodes.

This is where bad actors will use an international domain name that looks almost identical to the real English version.
The URL could look identical except for a single dot under or above a letter.

See the difference between the two...

THE REAL URL: (Sorry the images are links, I'm not allowed to post images on here yet)
https://cdn.steemitimages.com/DQmVMxTENaskjhYPMa4FATumxra2ogbnDkrLUBX6gZdt42X/punnycode2.png

THE FAKE URL:
https://cdn.steemitimages.com/DQmNoP9HoH5B3fS3DXjRP7KKpKg86X3BiHyprXnyyX3HBxH/punnycode1.png

As you can see, it's EASY to miss the dots and visit the wrong website.

But, if you had punycodes visible in your browser address bar. This is how that fake address would look:
EXPOSED FAKE URL: https://cdn.steemitimages.com/DQme6K4n4rzxzinHkbxhu5baj6PDU1mT8pyqcaKdk89uMQj/punnycode3.png

It's now easy to see the fake address.

I use firefox which has punycodes disabled by default. I think this is terrible but I guess they have their reasons.
However, with a simple edit, you can change this in your Firefox config page.

In your Firefox address bar type in: about:config

Now in the search box type in: network.IDN_show_punycode

Now simply click on the listed item to change it to True

And that's it. Now you are much safer in the crypto space when it comes to international domain names.

REMEMBER, this will not protect you against every Phishing attack you come across but it will protect you against a common attack using international domain names.

Chrome Browser
This doesn't work with Chrome or any other browser. I'm not sure how to do this in the Chrome browser but there will be a way.
If anyone else knows how to display Punycode in Chrome, I would be grateful if you could tell us.
1548308310
Hero Member
*
Offline Offline

Posts: 1548308310

View Profile Personal Message (Offline)

Ignore
1548308310
Reply with quote  #2

1548308310
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1548308310
Hero Member
*
Offline Offline

Posts: 1548308310

View Profile Personal Message (Offline)

Ignore
1548308310
Reply with quote  #2

1548308310
Report to moderator
1548308310
Hero Member
*
Offline Offline

Posts: 1548308310

View Profile Personal Message (Offline)

Ignore
1548308310
Reply with quote  #2

1548308310
Report to moderator
CarlosCorreia
Full Member
***
Offline Offline

Activity: 462
Merit: 139


quarkchain.io


View Profile WWW
July 10, 2018, 01:37:09 AM
 #2

Another way to avoid this phishing attacks is to use Metamask!

This extension is always up to date and prevent you from visiting phishing sites!

You can find more here: https://metamask.io/

Also, if you make some searches in the forum you will find loads of information about Metamask.

Fishthatgirl3
Newbie
*
Offline Offline

Activity: 68
Merit: 0


View Profile
July 10, 2018, 01:42:08 AM
 #3

I will add 4 more ways to avoid phishing:

- Have a decent antivirus software. I like Kaspersky, Norton and AVG.
- Use firewalls, dont turn them off, even the default one for windows users. If you have money invest in some high-quality firewalls
- Only use trustable Wifi (home, office wifi could be good). Avoid using public wifis
- Keep your browsers up to date. They usually have features that help you avoid fake addresses. I prefer Chrome and Firefox over other browsers.
Alluro
Member
**
Offline Offline

Activity: 462
Merit: 19


View Profile
July 10, 2018, 02:28:47 AM
 #4

My personal opinion is don't give your private keys to anyone or anywhere. You can use hardware wallet or metamask to store safely your ethereum and tokens. And also some guys using phishing methods to steal your KYC documents. Keep in touch with those things guys.

▀▀▀▀▀▀     │      BRIDGEX NETWORK      │      LEND · BORROW · CONVERT · SEND     ▀▀▀▀▀▀
▄▄▄▄▄▄       Whitepaper     Telegram     Twitter     Medium     Facebook     LinkedIn       ▄▄▄▄▄▄
Lakai01
Full Member
***
Online Online

Activity: 364
Merit: 132


DISRUPTING THE $23.5 B SCIENCE PUBLISHING INDUSTRY


View Profile WWW
July 10, 2018, 04:11:06 AM
 #5

As far as I know Chrome always shows the URL in the IDN format. Additionally, there are plugins like Punycode alert which explicitly warn you if you are about to navigate to an suspicious URL.

boyptc
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 518


★777Coin.com★ Fun BTC Casino!


View Profile
July 10, 2018, 05:35:50 AM
 #6

Another way to avoid this phishing attacks is to use Metamask!
This is easier, I have downloaded metamask and when I visited to a website that I'm not familiar with it turns out to be restricted and the whole screen went green.

For newbies, I'll recommend metamask extension to make your browsing safer but still you have to check the website and URL's name to be sure of.

tranvanvan
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
July 10, 2018, 06:04:21 AM
 #7

1. Be sensible when it comes to phishing attacks
2. Watch out for shortened links
3. Does that email look suspicious? Read it again
4. Be wary of threats and urgent deadlines
5. Browse securely with HTTPs
That is You Known , Cool Cool
Kakmakr
Legendary
*
Online Online

Activity: 1540
Merit: 1180

★ ChipMixer | Bitcoin mixing service ★


View Profile
July 10, 2018, 06:30:07 AM
 #8

I keep it simple, by not clicking on any links. I type the URL for the sites that I use frequently and I never use the "auto completed" URL that are provided by the Browser. <Some Mallware even target that>

This strategy eliminates all phishing attempts, but this is not for lazy people or people that cannot remember the valid URL to the sites that they often use.  Roll Eyes

I also "double" check all URLs before I press ENTER!

Dudeperfect
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 532

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile WWW
July 10, 2018, 07:45:53 AM
 #9

There are multiple applications and extensions available for the reputed browsers such as Google Chrome or Mozilla Firefox, where you will immediately get a notification if you are visiting any phishing page. I believe that mass awareness is the only option for discouraging such phishing attacks because, in most of the cases, people cannot distinguish between a real website and the fake one, especially in the case of newbies.

Captain Crypto Pants
Jr. Member
*
Offline Offline

Activity: 122
Merit: 2


View Profile
July 10, 2018, 07:53:07 AM
 #10

Nice write up! You just cannot be to careful these days. I have switched to the Brave browser with the Metamask plugin. It is quite safe and some of the other chrome extensions work as well. I use the lastpass plugin for Brave, that way you only click on the link you have personally saved with your password.

It's a full time job keeping the scammers out of your BTCBTCBTC

★ PRiVCY ➢ Own Your Privacy! ➢ Best privacy crypto-market! ★
✈✈✈[PoW/PoS]✅[Tor]✅[Airdrop]✈✈✈ (https://privcy.io/)
Rrita
Hero Member
*****
Offline Offline

Activity: 502
Merit: 502


View Profile WWW
July 10, 2018, 09:42:36 AM
 #11

good but I am using some addon in my google chrome browser, and those addons are enough for me Smiley I am using  EAL,, Cryptonite both are best to prevent me from the pishing site. you can download both of them from here https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn (EAL) and https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnige (Cryptonite) 
Pages: [1]
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!