Bitcoin Forum
May 22, 2019, 12:05:35 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Must have web browser addons to keep you a step safer from phishing  (Read 511 times)
jseverson
Hero Member
*****
Offline Offline

Activity: 966
Merit: 677


View Profile
December 20, 2018, 01:58:32 AM
 #21

I use uBlock Origin, and couldn't recommend it more. It works perfectly, requires minimal user set-up or maintenance, and I have never had any problems bypassing all those "Disable your ad blocker or you can't access this site" pop-ups and overlays we were just discussing. Having said that, I do also generally block Javascript by running NoScript, so I can't say for sure whether it is uBlock or NoScript that is responsible for blocking these pop-ups. I'm afraid I have no desire to turn either off for even a short time to ascertain the answer - I would recommend everyone uses both anyway.

Yeah, I also use both along with HTTPS Everywhere. I also never do anything remotely related to crypto on a Windows machine. These are probably all you really need if you're aware of basic safety practices. I've heard of password managers and whatnot, but I personally feel like having fewer extensions is generally better.

1558483535
Hero Member
*
Offline Offline

Posts: 1558483535

View Profile Personal Message (Offline)

Ignore
1558483535
Reply with quote  #2

1558483535
Report to moderator
1558483535
Hero Member
*
Offline Offline

Posts: 1558483535

View Profile Personal Message (Offline)

Ignore
1558483535
Reply with quote  #2

1558483535
Report to moderator
BITDEER BTC/BCH ETH LTC ZEC DASH START MINING BTC NOW
WITH NEW GENERATION S17 ANTMINER!
Highly Reduced Electricity Fee $0.067/T/DAY! GET STARTED
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558483535
Hero Member
*
Offline Offline

Posts: 1558483535

View Profile Personal Message (Offline)

Ignore
1558483535
Reply with quote  #2

1558483535
Report to moderator
Kakmakr
Legendary
*
Offline Offline

Activity: 1652
Merit: 1239

★ ChipMixer | Bitcoin mixing service ★


View Profile
December 20, 2018, 06:36:31 AM
Merited by DdmrDdmr (1)
 #22

I also want to add, if you can, disable "auto complete" or just ignore it and just type the whole URL, if you do not trust browser add-ons.

Bookmark the site you want is a good alternative also. It's safer and more comfortable for the user, as people are lazy to type (I am at least)

Nope, this is not a good idea. The bookmarks can be altered and hackers know people trust their bookmarks. This false sense of security is exactly what these hackers/criminals want. In some browsers you simply click on the favorite bookmark and edit the URL section <replace it with something else>

A hacker simply search for the keywords in the registry and replace that with the phishing site URL.  Roll Eyes 

CryptopreneurBrainboss
Sr. Member
****
Offline Offline

Activity: 434
Merit: 475


Succeeding is all about determination, work harder


View Profile WWW
February 12, 2019, 05:30:21 AM
Merited by logfiles (1)
 #23

You know OP you have to keep reminding new forum member about using this security tips by bumping thread lets say once in every two months or so. I was searching how to save guide my BTT account after I almost fell prey to scam attempt of recent. You're doing some great work towards enlightening forum member to take privacy as our priority. Thank you for that.

█▀▀█
██▄█
BESTMIXER.IO // BEST BITCOIN MIXER
█▀▀█
██▄█
logfiles
Copper Member
Full Member
***
Offline Offline

Activity: 252
Merit: 195


Citizen of The Bitcoin Republic


View Profile WWW
February 12, 2019, 09:14:38 PM
 #24

<...>
Thank you, I will keep that in mind. Phishing is something that looks easy to evade but sometimes one could just be caught off guard, probably when one is trying to browser during times of fatigue or having less attention to the websites s/he is browsing.

ePesoInitiative
Sr. Member
****
Offline Offline

Activity: 728
Merit: 256



View Profile
February 12, 2019, 09:21:44 PM
 #25

Work in progress to include more anti phishing add-ons. If you know of any good anti-phishing add-ons, please comment them in the thread and I will update the list with credits to you.

I just recently installed https://www.phishfort.com/ It's an anti-phishing browser extension. Works similar to CRYPTONITE, but free to use forever. Also it partnered with MyEtherwallet.

I learned about it from the news. https://bitcoinexchangeguide.com/myetherwallet-mew-partners-with-segasec-and-phishfort%E2%80%8A-cybersecurity-firms-to-prevent-attacks/

whitepaperDataBloc | website
The Airbnb of Data Services
Twitter | YouTube | Telegram | Facebook | LinkedIn | Reddit
wavug
Copper Member
Member
**
Offline Offline

Activity: 474
Merit: 12


View Profile
February 12, 2019, 09:46:27 PM
Last edit: February 12, 2019, 09:58:31 PM by wavug
 #26

Good topic. I'd also like to recommend you to use Malwarebytes Browser Extension.

Malwarebytes Browser Extension BETA delivers a safer and faster web browsing experience. It blocks malicious websites while filtering out unwanted content (resulting in up to 3x faster webpage load times). Blocks clickbait links, stops in-browser cryptojackers (unwanted cryptocurrency miners), and gives other malicious content the boot.

When the browser extensions block a site, they will show you a warning similar to this one:



More information: https://blog.malwarebytes.com/malwarebytes-news/betas/2018/07/introducing-malwarebytes-browser-extension/

You can find the add-ons for Google Chrome/Mozilla Firefox on the official website: https://www.malwarebytes.com/products/
OR
Chrome Web Store: https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee
Firefox Add-Ons: https://addons.mozilla.org/firefox/addon/malwarebytes/
Artemis3
Sr. Member
****
Online Online

Activity: 280
Merit: 467


★777Coin.com★ Fun BTC Casino!


View Profile WWW
February 13, 2019, 12:49:39 AM
 #27

No mention for the Brave browser in a crypto board is quite strange, I started to use it in both PC and smartphone, it's pretty good!

If you are looking for a browser you can just download and run with, with minimal set up or configuration, then I agree Brave is probably the best "out of the box". However, Firefox supports much more advanced add-ons, just a few of which I have linked to above, and also allows a lot of customization and tweaks through about:config and "user.js" configurations. I haven't used Brave for several months, but last time I did it was absolutely horrible for browser fingerprinting. I'd be keen to know if that has changed?

If you don't want to configure Firefox, then Brave is a better choice, but a properly configured and customized Firefox browser is better than Brave in terms of privacy and security.

Brave is a Chromium based browser and can use the same add-ons as Chrome.

My main browser is actually Waterfox, a Firefox based browser. Of course you can use Firefox add-ons (both old and new) with it.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 560
Merit: 1907



View Profile
February 13, 2019, 06:03:58 AM
 #28

My main issue with Waterfox is that they are quite slow in terms of security updates and patches compared to Firefox. Out-of-the-box Waterfox is definitely more private, as it has no telemetry features like Firefox. But if you know what you're doing, or you have a good guide to follow, you can configure Firefox to be just as good, if not better, than Waterfox.

mudyak99
Jr. Member
*
Offline Offline

Activity: 280
Merit: 4


View Profile WWW
February 15, 2019, 06:25:00 AM
 #29

better you bookmark the real website to keep safe from phising site. if you first time follow that website, very good if you can check their security,domain,website age and their ads. i always check it in scamadviser and see any preview in youtube video about that website.

https://www.INTEGRITY.one/
[    JOIN THE WHITELIST!    ]
The Blockchain Platform that Empowers Small Business & Entrepreneurs to WIN
logfiles
Copper Member
Full Member
***
Offline Offline

Activity: 252
Merit: 195


Citizen of The Bitcoin Republic


View Profile WWW
February 16, 2019, 05:34:42 AM
 #30

<...>
Thanks, OP has been updated. It's sad that the link to their Firefox add-on does not work.

<...>
Thanks but am currently looking at anti phishing add-ons. However, I  look forward to making a topic related to malwarebytes sometime soon.

better you bookmark the real website to keep safe from phising site. if you first time follow that website, very good if you can check their security,domain,website age and their ads. i always check it in scamadviser and see any preview in youtube video about that website.

Bookmarking is okay but also not 100% guaranteed safety.
I was online when an attack was made on Etherdelta in 2017... In fact, I was even in the process of making a transaction to Etherdelta and do you know what saved my Private key from getting Phished?

It obviously wasn't bookmarking(I had bookmarked Etherdelta and i still ended up loading a website whose DNS severs had been hijacked) but Netcraft gave me a warning(the ad-don was showing a risk rating of 9/10 at that time) and MetaMask displayed a warning. That's when I realized that Etherdelta was under attack and i stopped what i was doing immediately.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 560
Merit: 1907



View Profile
February 16, 2019, 06:33:04 AM
 #31

Thanks, OP has been updated.
Be careful about adding every suggestion to your OP.

Browser extensions are an easy way to distribute malicious code, since if your extension looks good/professional enough, many people will download it without really thinking about it. I've not even heard of some of these extensions, which is usually a warning sign for me given how much attention I pay to online security and privacy. I would certainly be considering checking the code out for yourself before recommending it to others.

Coyster
Member
**
Offline Offline

Activity: 196
Merit: 32

The future of security tokens


View Profile
February 16, 2019, 06:49:16 AM
 #32

I would certainly be considering checking the code out for yourself before recommending it to others.
When giving out tips based on security,its always very necessary to be a 100% sure of the website,product,service etc, thats not to say people shouldn't or wouldn't do their own research before taking in someone else's advice,recommendations,suggestions etc, but for the 1% that wouldn't,its good to be sure to a reasonable extent the advice being given out.
logfiles
Copper Member
Full Member
***
Offline Offline

Activity: 252
Merit: 195


Citizen of The Bitcoin Republic


View Profile WWW
February 16, 2019, 07:22:15 AM
Merited by o_e_l_e_o (1)
 #33

Thanks, OP has been updated.
Be careful about adding every suggestion to your OP.

Browser extensions are an easy way to distribute malicious code, since if your extension looks good/professional enough, many people will download it without really thinking about it. I've not even heard of some of these extensions, which is usually a warning sign for me given how much attention I pay to online security and privacy. I would certainly be considering checking the code out for yourself before recommending it to others.
I did check out the source code before updating the list especially for phish fort as it's relatively new in the game.
Wouldn't be fair recommending people an add-on i completely know nothing about  Cheesy

Pmalek
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1031



View Profile
February 16, 2019, 09:36:50 AM
 #34

I was online when an attack was made on Etherdelta in 2017... In fact, I was even in the process of making a transaction to Etherdelta and do you know what saved my Private key from getting Phished?
Those users who used a Ledger Hardware wallet even in the time of the attack were safe since hackers can't access funds without physical access to the device itself. Another win for Hardware Wallets.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
jakezyrus
Full Member
***
Offline Offline

Activity: 672
Merit: 100


Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile WWW
February 16, 2019, 10:07:31 AM
 #35

I was online when an attack was made on Etherdelta in 2017... In fact, I was even in the process of making a transaction to Etherdelta and do you know what saved my Private key from getting Phished?

Being phished means you visited a fake/cloned website . if nothing bad happens to you and you believe that you access the correct url of etherdelta then you dont need to question yourself on why you didnt got hacked .  


Those users who used a Ledger Hardware wallet even in the time of the attack were safe since hackers can't access funds without physical access to the device itself. Another win for Hardware Wallets.

Hardware wallets are also exposed to attacks as soon as you already connect your hardware wallet into your gadget and your gadget is connecting online . those who didnt got hacked might not  visited a fake website .

logfiles
Copper Member
Full Member
***
Offline Offline

Activity: 252
Merit: 195


Citizen of The Bitcoin Republic


View Profile WWW
February 16, 2019, 04:05:08 PM
 #36

Being phished means you visited a fake/cloned website . if nothing bad happens to you and you believe that you access the correct url of etherdelta then you dont need to question yourself on why you didnt got hacked .  
The attack happened on the exact Etherdelta website where there was temporary access to Etherdelta's DNS server by the hacker. It was the exact Etherdelta domain not like this usual phishing attempts you know of where there is a slight alternation of the domain name.

I was starting to do a token transfer at that time of the attack so yes, I was doing something on a correct url of a website whose DNS server had been hijacked. If it wasn't for Netcraft and MetaMask's alerts. My funds were gone.

This is not an ordinary phishing attempt we always see daily. We are talking about a DNS server getting hijacked.
To enlighten yourself and refresh some memories of that day there is more here Cryptocurrency exchange EtherDelta got replaced with a fake site that steals your money

whotookmycrypto
Member
**
Offline Offline

Activity: 112
Merit: 174

WhoTookMyCrypto.com


View Profile WWW
February 17, 2019, 02:16:11 PM
 #37

Great list of extensions.

Other extensions that are useful given the prevalence of cryptojacking eg.

No Coin (Chrome, Firefox, Opera)
minerBlock (Chrome, Firefox, Opera)

Also, to consider duckduckgo's extension.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 560
Merit: 1907



View Profile
February 17, 2019, 03:08:20 PM
 #38

No Coin (Chrome, Firefox, Opera)
minerBlock (Chrome, Firefox, Opera)

Also, to consider duckduckgo's extension.
+1 for No Coin.

DuckDuckGo Essentials is certainly a good add-on, but it isn't the best. The issue it has (and many anti-tracking add-ons have) is that it simply uses a list of known trackers, and blocks anything that appears on that list. Compare that to Privacy Badger, which I recommended on my reply on the first page of this thread. Privacy Badger actively monitors your browsing session for anything that is trying to track you and blocks it. It has the advantage of catching quite a lot of stuff that is yet to be updated on to the anti-tracking lists that other add-ons use. DDG Essentials does some other stuff too, such as forcing encrypted connections, but that can be easily replicated by using HTTPS Everywhere (again linked to in my previous post).

DDG Essentials is certainly a good add-on if you want something quick, easy and requiring no set-up, but if you are looking for the best privacy, security and anti-tracking, then Privacy Badger + others is the way to go.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!