Bitcoin Forum
December 16, 2019, 01:53:28 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated)  (Read 444 times)
socks435
Legendary
*
Offline Offline

Activity: 1442
Merit: 1024

- God Bless US -


View Profile
April 01, 2019, 11:04:51 AM
Last edit: June 19, 2019, 09:10:43 PM by socks435
Merited by DdmrDdmr (3), BitMaxz (2), Pmalek (1), mjglqw (1), Baofeng (1), o_e_l_e_o (1)
 #1

I just want people here to be aware on phishing fake Electrum websites that is why I created this thread to people who doesn't know if what are phishing site is.

Electrum announce that lower version of electrum is no longer connected to the servers because it's under attack with fake/phishing URL link if you click the pop up screen that asking to update the Electrum you will be redirect to a fake website that listed below.

Here is the sample of Electrum phishing site look like below.



If you found a fake electrum website please post it here or PM me I will add it here so that other forum members are aware on fake phishing site.

Here is my list of active fake electrum website that I found when scraping using scrapebox.

Code:
http://electrum.org.uk/
http://electrumclient.org/
http://downloadelectrum.org/
http://electrumsite.com/
http://electrumweb.net/
http://electrumupdate.com/
http://electrumproject.org
I put them into code so that they are not linked here on the forum.

To protect your self from these phishing sites you can edit your hosts and add this line below.

Code:
127.0.0.1       electrum.org.uk
127.0.0.1       electrumclient.org
127.0.0.1       downloadelectrum.org
127.0.0.1       electrumsite.com
127.0.0.1       electrumweb.net
127.0.0.1       electrumupdate.com
127.0.0.1       electrumproject.org

I'll put another list below for those who can help to hunt other active phishing sites including your username or I might be rewarded you with merit. Just make sure the site is active.

Updated 6/20/2019
Code:
electrumcircle.com Added by me
l-electrum.org Added by me

www[.]electrumbuild[.]org added by hugeblack
www[.]electrumupgrade[.]org added by hugeblack

electrum.bz added by Baofeng

electrumsecuredownload.com added by Lucius

elecfrum.org Added by HCP
electrum.mx Added by HCP

https://electrumus[dot]com/#home Added by Baofeng

Bitcoin will become stable soon and altcoin will keep increasing this coming months.
1576504408
Hero Member
*
Offline Offline

Posts: 1576504408

View Profile Personal Message (Offline)

Ignore
1576504408
Reply with quote  #2

1576504408
Report to moderator
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576504408
Hero Member
*
Offline Offline

Posts: 1576504408

View Profile Personal Message (Offline)

Ignore
1576504408
Reply with quote  #2

1576504408
Report to moderator
1576504408
Hero Member
*
Offline Offline

Posts: 1576504408

View Profile Personal Message (Offline)

Ignore
1576504408
Reply with quote  #2

1576504408
Report to moderator
whotookmycrypto
Full Member
***
Offline Offline

Activity: 168
Merit: 198


WhoTookMyCrypto.com


View Profile WWW
April 01, 2019, 11:20:08 AM
Last edit: April 01, 2019, 11:30:45 AM by whotookmycrypto
 #2

Great share.

Please add the following to the list
Code:
http://elecktrum.org

Source: https://bitcointalk.org/index.php?topic=5124988.msg50330965#msg50330965

Also, since such lists quickly get outdated if not maintained, users may want to check against this site too: https://etherscamdb.info

Stay safe.

Edit: updated for the comment below. Yes, typo was made.

socks435
Legendary
*
Offline Offline

Activity: 1442
Merit: 1024

- God Bless US -


View Profile
April 01, 2019, 11:25:36 AM
 #3

Great share.

Please add the following to the list
Code:
http://elektrum.org
Source: https://bitcointalk.org/index.php?topic=5124988.msg50330965#msg50330965

Thanks Smiley

Thanks for your help but the link you put is not the correct URL and the site seems a blog.

The correct one according to the linked thread is
Code:
elecktrum.org

It seems the site is no longer active. What I want is active Electrum phishing sites.

Bitcoin will become stable soon and altcoin will keep increasing this coming months.
Jating
Hero Member
*****
Offline Offline

Activity: 1316
Merit: 562


blackjack.fun- place your bet now


View Profile
April 01, 2019, 12:57:44 PM
 #4

Since everyone here uses different OS, I will quote this here:

Another one to be added to your hosts files then.

On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the hosts file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"


Then add the following line quoted by you below.

Code:
127.0.0.1       electrum.org.uk
127.0.0.1       electrumclient.org
127.0.0.1       downloadelectrum.org
127.0.0.1       electrumsite.com
127.0.0.1       electrumweb.net
127.0.0.1       electrumupdate.com
127.0.0.1       electrumproject.org

The original post can be found here: https://bitcointalk.org/index.php?topic=5126419.0

.

 ▀
   ▀
.

 ▀
   ▀

█▀▄
▄▄▄
█████
█████
█████
█████
█████
█████
█████
█████
█████
█████
██████████████
█▀▄██████████████
▄▄▄██████████████
████▄▄▄▄▄▄▄███████
████████████▄█████
████████▀█████████
█████▀██▀██▀██████
████████▄█████████
███▄▄▄███▌██████
███▄██████████████
██▄███████▌███████
██▀█████▀█████████
██████████████████
.blackjack.fun..

  ▀
   ▄
.

  ▀
   ▄
Kakmakr
Legendary
*
Offline Offline

Activity: 1862
Merit: 1385


View Profile
April 01, 2019, 01:06:17 PM
 #5

I also noticed something weird, when I accessed my wallet over the weekend. The option to automatically chose the server are being disabled by default. A possible fake server was selected by default and it did not want to connect to it. I enabled the "auto" selection again and it connected to the legit server.  Roll Eyes

I updated to the latest version of the software, but I think they found some workaround to manipulate the server selection. <This raised my red flags and I now check the server every time I connect.>  Wink

Signature space for rent - PM me.
hugeblack
Hero Member
*****
Online Online

Activity: 896
Merit: 951


For ReNt


View Profile
April 01, 2019, 01:36:42 PM
 #6

Good work, thanks for the warning but such lists will not be useful because scammers are ahead of you in a step "Create more phishing sites."
All official electrum wallet releases are signed by ThomasV so it is better to modify this subject to be how to check signatures to avoid phishing Electrum websites/links.
So before you download a wallet, check your wallet signature "import ThomasV.asc public key and verify other signatures".

Note that:

Windows builds are reproducible, and signed by several developers. See the list here

Add this to your list

Code:
www[.]electrumbuild[.]org
www[.]electrumupgrade[.]org

Harlot
Hero Member
*****
Offline Offline

Activity: 1274
Merit: 613



View Profile
April 01, 2019, 03:29:40 PM
 #7

People also need to be aware that older versions of Electrum's software has been hijacked by hackers now which will block your attempt to send BTC and fool you on trying to install a "newer" vesrion of Electrum which is also fake as its just a phishing software trying to steal your seeds and private keys. Electrum hacks are almost everywhere as its a popular desktop wallet and I think Electrum should keep up on their monitoring to avoid potential losses from their clients.

Lucius
Legendary
*
Online Online

Activity: 1624
Merit: 1419


Fortis Fortuna Adiuvat


View Profile WWW
April 02, 2019, 10:27:11 AM
Merited by DdmrDdmr (1)
 #8

I check all sites from the list, the result is the following : First and last site from the list are loaded quite normal (no blocking from adblock, av or other security software), and other sites are blocked by my browser (Firefox) as Deceptive site ahead with the following warning :

Quote
electrumclient.org has been reported as a deceptive site. You can report a detection problem or ignore the risk and go to this unsafe site. Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org.



Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to Google. In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected.

It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 770
Merit: 3057


Decent


View Profile
April 02, 2019, 02:42:54 PM
 #9

Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to Google. In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected.
On Firefox you can also access this link (with the URL pre-populated by the page you are visiting from) by click on Help -> Report deceptive site. I've tried to make the instructions to edit the hosts file as simple as possible - you literally just locate the file in the directories I have listed, open it with a text editor, paste the code at the bottom, and save it. Most users should be able to manage that.


It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software.
You shouldn't be using a search engine to find sites like electrum, myetherwallet, binanace, this forum, etc. It is much safer to manually type in the URL. Ad-blockers and antivirus are a must (in addition to extensions like HTTPS Everywhere and Privacy Badger), but you can't rely on these to protect you 100%.

Juggy777
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 521



View Profile
April 02, 2019, 05:38:05 PM
 #10

People also need to be aware that older versions of Electrum's software has been hijacked by hackers now which will block your attempt to send BTC and fool you on trying to install a "newer" vesrion of Electrum which is also fake as its just a phishing software trying to steal your seeds and private keys. Electrum hacks are almost everywhere as its a popular desktop wallet and I think Electrum should keep up on their monitoring to avoid potential losses from their clients.

Hey this reminds me of the hack which happened in Electrum wallet a while ago, where people were asked to update it from the wallet itself. I feel this thread contains valuable information as large number of people including me use Electrum wallet for storing and transacting bitcoins. Also I feel one should use Electrum app on mobile to be on a safe side, as all issues seem to be on the desktop version so far.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
Baofeng
Hero Member
*****
Offline Offline

Activity: 980
Merit: 674


View Profile
April 03, 2019, 05:55:58 AM
 #11

Will you consider this one?



Obviously, there is a Github repo link which I think is another way to phished specially noob's.

Code:
http://docs.electrum.org/en/latest/



Off-topic. Glad to see someone who uses scrapebox.  Grin. I'm been using it way back 2010-2011 when I was doing a lot of social media marketing back then. And I was amaze that it has a lot of updates, totally lose my mind seeing lots of options now.  Grin

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Lucius
Legendary
*
Online Online

Activity: 1624
Merit: 1419


Fortis Fortuna Adiuvat


View Profile WWW
April 03, 2019, 09:03:02 AM
 #12

~snip~
In fact, it is not difficult to edit host file, but some users will certainly have problems with such things. This only solves the problem of the existing phishing sites, and the much bigger problem are new or undetected sites which appear every day.

Internet users use search engines, this is an indisputable fact - and so will be in the future. It's important when we make sure that the address of a site is correct, to add that site to our browser bookmarks and use that link to access site every time. Antivirus and adblockers are not 100% safe way of protecting, but in my personal experience in most cases they do their job well.

Yesterday I report first and last phishing site from the list to Google Safe Browsing, today both sites are blocked by Malwarebytes as phishing sites. It seems the majority of security software and browsers using Google data for phishing sites, so it is important to report such sites as soon as possible, and they will be blocked in one way or another.

socks435
Legendary
*
Offline Offline

Activity: 1442
Merit: 1024

- God Bless US -


View Profile
April 06, 2019, 05:48:56 PM
Last edit: April 06, 2019, 06:35:25 PM by socks435
 #13

Update:

I added these 2 alive phishing Electrum websites.

Code:
electrumcircle.com
l-electrum.org

I'll add more once I found new Electrum  phishing websites.

Anyone can help me find fake Electrum sites just make sure it is alive website.

Bitcoin will become stable soon and altcoin will keep increasing this coming months.
Baofeng
Hero Member
*****
Offline Offline

Activity: 980
Merit: 674


View Profile
April 18, 2019, 07:29:40 AM
 #14

Code:
http://electrum.bz

Someone got phished based on this reddit post: https://www.reddit.com/r/Electrum/comments/bcrgyq/major_issue_with_electrum/

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Lucius
Legendary
*
Online Online

Activity: 1624
Merit: 1419


Fortis Fortuna Adiuvat


View Profile WWW
April 18, 2019, 09:41:27 AM
 #15

Baofeng, that site is already reported in Electrum board, and it is blocked in some browsers (Firefox, Brave), and Malwarebytes is also block access to that site.

Code:
http://electrumsecuredownload.com
 
This one is still available in some browsers, but I hope that it will be blocked soon. Just use link to report such sites to Google (link in my previous post), and they will remove them from search results.

TryNinja
Legendary
*
Offline Offline

Activity: 1218
Merit: 1696



View Profile
April 18, 2019, 10:05:53 AM
 #16

Make sure to always report them with these links:

We can report them here: https://support.google.com/google-ads/troubleshooter/4578507
And here: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

This will remove them from showing up on Google ads.

They will be blocked on Chrome and Firefox.

HCP
Legendary
*
Offline Offline

Activity: 1176
Merit: 1994

<insert witty quote here>


View Profile
May 15, 2019, 03:43:33 AM
 #17

A couple of others to add to your list...
Code:
elecfrum.org
electrum.mx

The first was being shilled on the boards yesterday... the later is an old fake website that seems to have resurfaced.

Kakmakr
Legendary
*
Offline Offline

Activity: 1862
Merit: 1385


View Profile
May 15, 2019, 07:31:25 AM
 #18

I see they added a link to the latest Electrum update at the bottom of the wallet, when you open it. People should not simply click on that link, without double checking the URL that it is pointing too. We saw how "default" servers with exploits have been added in the client in previous versions, so it is not unlikely that hackers might edit that Url and replace it with a phishing site.  Angry

I download all "updates" from the official site or Github repository, so I ignore prompts like that.  Wink

Signature space for rent - PM me.
Pmalek
Legendary
*
Offline Offline

Activity: 1148
Merit: 1188



View Profile
May 15, 2019, 08:51:58 AM
 #19

To expend on what HCP said in his post earlier. There were a few threads opened yesterday on the forum, probably from hacked accounts, that were shilling a fake message that Electrum was updated to version 3.3.6. There is no version 3.3.6 so be careful if you see such threads. It leads to a fake wallet hosted on the address that HCP posted in his post.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
HCP
Legendary
*
Offline Offline

Activity: 1176
Merit: 1994

<insert witty quote here>


View Profile
May 15, 2019, 10:01:01 PM
 #20

So... some positive news... I received this email overnight Smiley

Domain Registrars usually take abuse claims relatively seriously... especially in the case of malware and phishing. It's worth reporting!

Quote
Namecheap Legal & Abuse Team <abuse@namecheap.com>
15 May 2019, 22:46
to me

Hello,

This is to inform you that the electrum[ . ]mx domain was suspended. It has been placed on the clientHold status and locked to prevent modifications in our system.

Thank you for letting us know about the issue.
-----------------------
Regards,
Nikita O.
Legal & Abuse Department
Namecheap.com

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!