Must have web browser addons to keep you a step safer from phishing

[logfiles]

When I had just gotten to know about cryptocurrencies and joined this forum. My Online security consciousness was close Zero, I did almost all mistakes every newbie could do

- I would use the same email and password for every website sign up
- All my accounts had no 2FA implemented on them
- I would never bookmark important websites for easy lookup
- I would click on any link from google search and would never double check the web address when logging in etcetera

My rude awakening came when my Bitcoin forum account that had then attained a full member status got hacked, the password and email address were instantly changed, and I was completely locked out. That's when I realized that online security is a very serious matter. I could have easily lost all my funds if the hacker had followed up on the exchanges I used because all the login details were the same with no 2FA.

I Later figured out that my Login detail could have most like been phished by the (Bitcointalk[dot]to) site since I even never bookmarked Bitcointalk.org
Even today I still end up with links from the phishing site especially when I am searching specific results from Google that has been posted on Bitcointalk.org

What have always been my guardian angels these web browser add-ons I am going to talk about. These add-ons are a must have for anyone who takes online security very seriously.
I am going to use an example of the Latest Etherdelta like phishing site.



As you can see the address in the red box is not the usual legit http://etherdelta.com/ link, There is not padlock sign to show that the website is secure or the certificate is valid as the popup window warns. This should definitely be a red flag. However, if you don't look at the address, you won't know that have loaded a phishing website... That's why these web browser add-ons come in handy. To help you out when you are less attentive.

WEB BROWSER ADD-ONS/EXTENSIONS

1. METAMASK

Besides providing an easy and safe way of making transactions on the Ethereum network with the different Decentralized apps, this web browser add-on comes in handy in that it will warn and block you from accessing any phishing site in case you click on the phishing link by mistake.
MetaMask is available in chrome, Firefox, Opera and Brave browsers



Website: https://metamask.io/

2. CRYPTONITE

This one is run by a team behind The Metacert Protocol. They certify legit crypto related domains and Twitter profiles of legit accounts to avoid impersonation scams.
When you load a profile or crypto website that has been verified and is legit, the Shield turns green. However, if the website is a phishing type or unverified, the shield remains black.

It doesn't stop at that, if the website has been reported for phishing attempts, it will also block you from loading the web page.
Unfortunately, this extension that started as a free plugin is now a paid service.



Website: https://metacertprotocol.com

3. NETCRAFT

Clicking on it after you have loaded a web page will show you the website details and it's risk ratings.
Usually, phishing sites are shown as recently created/new or there is not much information about the site yet (this should be a red flag). The risk ratings a usually high too, in most cases it's 9 for a phishing site and 0 for a legit site.
This Add-on also provides a user with much more details about the domain name, when it was registered and when it could expire.

Website: https://www.netcraft.com/


4. PHISHFORT PROTECT

This is a new kid on the block but really promising. This add-on is also a very important tool that will protect one from phishing attacks and scams targeting crypto users. PhishFort Protect is free and have an open-sourced the code base.
The add-on is available for chrome and chromium bases browsers like Brave. Unfortunately it's currently not available on Firefox

When you have installed the plugin,
- If the website is genuine and has already been categorized, a blue badge will be shown on the add-on.
- If the website is has not been categorized or is unknown, the badge will remain Grey.
- If the website is a phishing/scamming version of an already categorized website like Binance, a red badge will be displayed with an immediate warning message on the screen



Website: https://www.phishfort.com/protect


Using a combination of these web browser add-ons can be of very much help



UPDATE
➖ PhishFort Protect add-on included thanks to ePesoInitiative

Work in progress to include more anti phishing add-ons. If you know of any good anti-phishing add-ons, please comment them in the thread and I will update the list with credits to you.
Thank you.

[LeGaulois]

Another one to use but a little different from other: NoJs. It's an efficient add-on for your web browser activity
https://addons.mozilla.org/fr/firefox/addon/noscript/

Much paranoid, you can use a sandbox or edit your host file to allow access to only some websites. 5you can do it with some browser add-ons as well). You could also set up a virtual machine

[bitmover]

Using Adblock also helps you stay away from paid ads in Google, which may be phishing sites.

Ublock is probably the best one, and it is a must for everyone who uses a browser. You can download it for Firefox Android and desktop versions.

https://addons.mozilla.org/pt-BR/firefox/addon/ublock/

[o_e_l_e_o]

I had not heard of Netcraft before - I'll be looking in to it, thanks for that. And a definite +1 from me for NoScript. For security, I'd also recommend using HTTPS everywhere:

Site - https://www.eff.org/https-everywhere
GitHub - https://github.com/EFForg/https-everywhere
Firefox - https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
Chrome - https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp

Good to see you are also using uBlock and minerBlock from your screenshots. Other great add-ons from a privacy rather than a phishing point of view are:

Privacy Badger:
Site - https://www.eff.org/privacybadger
GitHub - https://github.com/EFForg/privacybadger
Firefox - https://addons.mozilla.org/en-GB/firefox/addon/privacy-badger17/
Chrome - https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp

Cookie AutoDelete:
GitHub - https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
Firefox - https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/
Chrome - https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh?hl=en

Decentraleyes:
Site - https://decentraleyes.org/
GitLab - https://git.synz.io/Synzvato/decentraleyes
Firefox - https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
Chrome - https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj

[IlVeroNico]

No mention for the Brave browser in a crypto board is quite strange, I started to use it in both PC and smartphone, it's pretty good!

[o_e_l_e_o]

No mention for the Brave browser in a crypto board is quite strange, I started to use it in both PC and smartphone, it's pretty good!

If you are looking for a browser you can just download and run with, with minimal set up or configuration, then I agree Brave is probably the best "out of the box". However, Firefox supports much more advanced add-ons, just a few of which I have linked to above, and also allows a lot of customization and tweaks through about:config and "user.js" configurations. I haven't used Brave for several months, but last time I did it was absolutely horrible for browser fingerprinting. I'd be keen to know if that has changed?

If you don't want to configure Firefox, then Brave is a better choice, but a properly configured and customized Firefox browser is better than Brave in terms of privacy and security.

[Theb]

Using Adblock also helps you stay away from paid ads in Google, which may be phishing sites.

Ublock is probably the best one, and it is a must for everyone who uses a browser. You can download it for Firefox Android and desktop versions.

I have a bad experience in using ad blockers in that way especially if you are visiting websites that won't even allow you to use their website if they detected you are using an ad blocker software just like when I visited business insider they will block their article with a window until you turned off your ad blocker. Also if you yourself are always being redirected to unwanted ad websites or your browser is showing a lot of pop up ads chances are your computer is infected by a malware and cleaning it up with a malware cleaner like malwarebytes could do the trick.

[o_e_l_e_o]

I visited business insider they will block their article with a window until you turned off your ad blocker.

In either Firefox or Chrome you can do the following:

Either press F12 to bring up Developer Tools, and click the small pointer in a box at the top left of the toolbar to select Inspector -OR- press Ctrl + Shift + C
Select the pop-up box/window/overlay that is getting your way
Press delete
Press F12 again to close the Developer Tools toolbar

[bitmover]

I visited business insider they will block their article with a window until you turned off your ad blocker.

In either Firefox or Chrome you can do the following:

Either press F12 to bring up Developer Tools, and click the small pointer in a box at the top left of the toolbar to select Inspector -OR- press Ctrl + Shift + C
Select the pop-up box/window/overlay that is getting your way
Press delete
Press F12 again to close the Developer Tools toolbar

There is one more elegant solution, which is to use ublock extra.
Ublock extra let's ublock ignore anti-adblock mechanisms.

Unfortunately, it only works in Google chrome..

[Theb]

~snip~

In either Firefox or Chrome you can do the following:

Either press F12 to bring up Developer Tools, and click the small pointer in a box at the top left of the toolbar to select Inspector -OR- press Ctrl + Shift + C
Select the pop-up box/window/overlay that is getting your way
Press delete
Press F12 again to close the Developer Tools toolbar

I know this procedure already but unfortunately some websites are tricky even if you have deleted the elements of the overlay you will be left with an unscrollable website that is still dimmed by some overlay. Just like what I have tried doing in some articles of businessinsider you will still be left something like this, I suspect that there are still codes still left to be deleted which is not part of the main overlay code which they purposely have done in order not to avoid turning off your ad blocker.

[logfiles]

Another one to use but a little different from other: NoJs. It's an efficient add-on for your web browser activity
https://addons.mozilla.org/fr/firefox/addon/noscript/

Much paranoid, you can use a sandbox or edit your host file to allow access to only some websites. 5you can do it with some browser add-ons as well). You could also set up a virtual machine

I didn't know about this one, Thanks for bringing it out here. This will be part of my guardian angels from today

Using Adblock also helps you stay away from paid ads in Google, which may be phishing sites.

Ublock is probably the best one, and it is a must for everyone who uses a browser. You can download it for Firefox Android and desktop versions.

https://addons.mozilla.org/pt-BR/firefox/addon/ublock/

Agreed I use it too in my Firefox browser, You can also stop the blocks on other sites in an instant, That's why I like it compared to other adblockers... Am going to add it on OP, with credit from you.

<snip>

Thanks for the list. I will update the Original post so that members will be able to see all these addons. One thing I forgot was to include links to the addons i mentioned. Your formate is nice and easy, i will use it.

[o_e_l_e_o]

-snip-

OK. Other options you can try are using an ad blocker like uBlock which trys to prevent websites from doing this by blocking Javascript. Or simply disable Javascript altogether on the Business Insider website - the NoScript add-on which was linked in the 2nd post in this thread will do the trick. You can also do this natively in Chrome by clicking the padlock to the left of the URL, clicking "Site Settings", and disabling Javascript.

I will update the Original post so that members will be able to see all these addons.

Bear in my the add-ons I've linked will do nothing to protect you from phishing. They are good for online privacy, anonymity and to prevent websites from tracking you, but these things should be of interest to most crypto users.

[jseverson]

Using Adblock also helps you stay away from paid ads in Google, which may be phishing sites.

Ublock is probably the best one, and it is a must for everyone who uses a browser. You can download it for Firefox Android and desktop versions.

https://addons.mozilla.org/pt-BR/firefox/addon/ublock/

I've heard that uBlock Origin is better, and is from the original founders of uBlock. uBlock apparently has shady behavior, though I haven't bothered to check myself. Just a quick heads up. Try Googling the two before you settle on one.

If you just want a script blocker, nothing beats NoScript imo. It's only for Firefox though.

[o_e_l_e_o]

I've heard that uBlock Origin is better

I use uBlock Origin, and couldn't recommend it more. It works perfectly, requires minimal user set-up or maintenance, and I have never had any problems bypassing all those "Disable your ad blocker or you can't access this site" pop-ups and overlays we were just discussing. Having said that, I do also generally block Javascript by running NoScript, so I can't say for sure whether it is uBlock or NoScript that is responsible for blocking these pop-ups. I'm afraid I have no desire to turn either off for even a short time to ascertain the answer - I would recommend everyone uses both anyway.

[Kakmakr]

I also want to add, if you can, disable "auto complete" or just ignore it and just type the whole URL, if you do not trust browser add-ons. I have seen reports of people, where the hackers inject the phishing site into the "auto complete" feature of the browser, so when you simply press enter, then it accepts the phishing site and not the real URL to the site you wanted to navigate to. 

How difficult can it be to type 15 letters to protect a very valuable account? Who says the browser add-ons are 100% accurate and safe to use?

[Buttermellow]

This is better for awareness though I have seen that phishing site already and even received an email for that stating that the ethereum had given airdrop for 1000 eth and for that he made a google.doc to make you believe that you will be given an airdrop for 0.5 ETH. The problem is that the there is a link for a website that will let you disclose personal details which means importing your account details or the wallet details and they will going to access it and transfer to another wallet which will leave you stealing your crypto.

[bitmover]

I also want to add, if you can, disable "auto complete" or just ignore it and just type the whole URL, if you do not trust browser add-ons.

Bookmark the site you want is a good alternative also. It's safer and more comfortable for the user, as people are lazy to type (I am at least)

[Jet Cash]

No mention for the Brave browser in a crypto board is quite strange,

I've started to use the Brave browser. In fact it has advantages for a content producer, as well as just for browsing security.

You can support the Fit to Talk project by donating some of the free BAT ( Basic Attention Tokens ), and I will incorporate this into some of the other projects I have running. Also, it includes a Tor browsing window.

[IlVeroNico]

Brave had an update recently, IIRC it was to support more addons & more...

I haven't really tested it, but i hope someone more expert can see if any improvements were done

[Pmalek]

Since you mentioned that you search google for threads and posts from this forum it could be useful to mention that you should enter the following into the search field in order to limit the google search to only the legit BT site:

Code:

site:bitcointalk.org text here

In this way all the results will be from the original site and no other sites will be shown.