Bitcoin Forum
December 12, 2019, 04:11:01 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: how can I find that its a phishing site
suggest - 0 (0%)
find out - 2 (100%)
Total Voters: 2

Pages: [1] 2 »  All
  Print  
Author Topic: how to recognise a phishing site  (Read 231 times)
siwsag
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
April 24, 2019, 12:51:14 PM
 #1

hiii everyone.....
   i'm new to this world and i'm a Crypto currency enthusiastic also...my question is how can find that its a phishing site without touching it? ..i need some suggestion
1576167061
Hero Member
*
Offline Offline

Posts: 1576167061

View Profile Personal Message (Offline)

Ignore
1576167061
Reply with quote  #2

1576167061
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576167061
Hero Member
*
Offline Offline

Posts: 1576167061

View Profile Personal Message (Offline)

Ignore
1576167061
Reply with quote  #2

1576167061
Report to moderator
1576167061
Hero Member
*
Offline Offline

Posts: 1576167061

View Profile Personal Message (Offline)

Ignore
1576167061
Reply with quote  #2

1576167061
Report to moderator
Royse777
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1081


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
April 24, 2019, 12:59:27 PM
 #2

hiii everyone.....
   i'm new to this world and i'm a Crypto currency enthusiastic also...my question is how can find that its a phishing site without touching it? ..i need some suggestion
You need to know the real domain name with the TDL.
Example
Real domain name: bitcoinTalk
TLD: .org

One misconceptions that people think may not be a phishing site:
# Having https instead of http. https always do not mean that it's secure. Anyone can buy cheap SSL and add it with any domain.

Side note: Sometimes people use domain masking. This allows to hide the original domain name in the address bar but basically you are using the original url which is not visible. Anyone can end up thinking that it's phishing link but in reality the main domain was just masked and it can be unmasked anytime by the way.

.Have Your Ad Here!.
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
  
bob123
Legendary
*
Offline Offline

Activity: 1106
Merit: 1580



View Profile WWW
April 24, 2019, 01:19:14 PM
 #3

# Having https instead of http. https always do not mean that it's secure. Anyone can buy cheap SSL get a TLS certificate for free and add it with any domain.

I fixed that for you, LetsEncrypt offers free TLS certificates.


Scammer don't even need to pay for it. HTTPS only ensures that the traffic between the client and the server is encrypted.
This does not imply that you are communicating with the server you want to communicate with.

Unfortunately a lot of people think that the green lock besides the address bar means it is the legit site they wanted to visit  Sad

Bitcoin_Arena
Copper Member
Full Member
***
Offline Offline

Activity: 420
Merit: 185


First 100% Liquid Stablecoin Backed by Gold


View Profile
April 24, 2019, 01:26:54 PM
Merited by OgNasty (1)
 #4

1.  Visual inspection:
One of the commonest ways is looking at the domain itself, letter after letter to be sure that you are visiting the right domain. In this instance, you must know the official domain of the website you want to visit letter to letter

2. Check for domain age:
In most cases, phishing domains are usually newer compared to the Official domains except a few that are quite old. You can use different tools to such as
- https://www.netcraft.com/
- https://domainbigdata.com/
- https://www.whois.com/

3. Use Trusted anti phishing browser extensions
They may not be so perfect but together they can help you at times when you are the not so alert. they will warn you if you are about to visit a phishing website. Such extensions include
- Netcraft
- Cryptonite (metacert protocal)
- Ether Address Lookup (EAL)
- Metamask

sheenshane
Hero Member
*****
Offline Offline

Activity: 812
Merit: 672


🔰 Provably fair 🔰


View Profile WWW
April 24, 2019, 02:37:52 PM
Merited by GreatArkansas (1)
 #5

A phishing site is very easy to recognize. However, you still have to be aware of the matter that they are actually everywhere. In the email, phishing site will always ask you for personal information or data especially connected with finance and social media accounts. In suspicious ads, once you have clicked the add and asked for your credit card information then that's a phishing site.

In Fake login page, you just have to check the website's link and you can easily recognize that it is a phishing site if it doesn't have a (www.) and (.com). Always check the URL/link before you load the site.

A very interesting topic here regarding [GUIDE] Use this for identifying Scam/Phishing/ Websites & Exchanges in Crypto by @GreatArkansas

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███

████▀█▄▀█████▌  ▀██▀▄█ ████

█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████

███████████████████████████
|▄█████████████████████████▄
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄▀▀██░░░██▀▀▄▀██████
█████░██▄░░▄▄▄▄▄░░▄██░█████
████░█▀▀░▄██▄▄▄██▄░▀░█░████
████░█▄▄░█░█░░░█░█░▄▄█░████
████░██▀░▀██▀▀▀██▀░▀▀█░████
█████░█░▄▄░▀▀▀▀▀░▄▄░█░█████
██████▄▀██░░▄██░░██▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████▀█▀░█▀▄█
████████████████████░░░░░▀▄
████▄▄▄▀██████████▄▄░░░░░░▀
███████▀▄░▀▄░░▀▀███▄█░░░░░█
██████▀▄▄▄▀░░░░░░░▀█▄█░█▄█▄
█████▀░░░░░▀▀▀░░░▀▄▀███████
█████░░░░█░███░█░░█░███████
█████▄░░░▀░▀▀▀░▀░▄▀▄███████
██████▄░░░░▀▀▀░▄▄▀▄████████
████████▄▄░░░░▀▄▄██████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
█████████████▐░░░░█████████
█████████████▐▄▄▄▄█████████
██████▀█▀███▀▀▀███▀█▀██████
███████▄▀▄▀▀░█░▀▀▄▀▄███████
█████████▀▀█▀▀▀█▀▀█████████
████████░█▀▀▀█▀▀▀█░████████
███████░█▀▀█▀▀▀█▀▀█░███████
██████░█▀▀▀█░░░█▀▀▀█░██████
█████░█▀▀█▀▀▀█▀▀▀█▀▀█░█████
████░█▀█▀▀▀█▀▀▀█▀▀▀█▀█░████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████████████████████
█████████▀▀▀███████████████
█████▀▀░░▄▄░░░▄████████████
█████▀▄░▀░▄▄▀▀░░▀▄░▄▀██████
█████░░▀█▀░░▀▀░▄░█▄▄▄▄█████
█████▌▀▄▐▌░█░▀░▀░█░░░░█████
██████▄░░█░░░▀▀░▄▀░▀░██████
████████▄▐▌░▄▄█████████████
███████████████████████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
████████████████████▀▀▀░███
████████████████▄░░░░░░░███
█████████████████▀░░░░░▐███
███████████████▀░░░░▄▄░████
█████████████▀░░░░▄████████
██████████▀▀░░░▄███████████
███████▀░░░▄▄██████████████
███▀▀▄▄▄███████▀▀▀▀▀███████
███████▀▀▀▀▀█░░░░░░░░▀█████
██▀▀▀▀░░░░░▄░░░░░░░░░▄░░▀▀█
░░▄░░░░▀▄░░█▄░░░▄▀░▄█░░░░░░
▀▄░▀█▄▄███▄███▄██▄███▄▄▀░▄▀
|ROULETTE
MINES
TOWERS
DICE
CRASH
──── ─── ─
DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 700
Merit: 2964


There are lies, damned lies and statistics. MTwain


View Profile WWW
April 24, 2019, 02:40:38 PM
Last edit: April 24, 2019, 02:53:01 PM by DdmrDdmr
 #6

This thread is pretty useful: [GUIDE] Use this for identifying Scam/Phishing/ Websites & Exchanges in Crypto. Also see this thread: Steps to check potential phising links.

Aside from whatever software protection elements you decide to use, knowing which is the proper url you want to access, and checking it on sites where you enter sensitive information is a must. In addition, common sense goes a long way (i.e. don’t click on links originated from unknown email senders, displayed in a random telegram chat, and so on).

Edit : @sheenshane beat me to referencing one of the best threads around on the topic.

Edit2: The poll options don't make any sense.

harizen
Legendary
*
Offline Offline

Activity: 1736
Merit: 1236


View Profile
April 24, 2019, 04:02:58 PM
 #7


OP take note of all the responses here. They are big help.

I just want to add that always used an updated browser. They have some sort of tools which detects automatically whether you will lead into a sh*t site e.g Firefox and Chrome.

And last thing, "common sense". You should be vigilant on the links you encountered especially on emails you will found on spam folders. If you are an internet guy for a long time now, dealing with those might not be difficult to you.

kingpin4321
Member
**
Offline Offline

Activity: 280
Merit: 14


View Profile
April 25, 2019, 02:13:48 AM
 #8

Firstly I would suggest you protect yourself with double layer security 2fa authenticator would be a very good app for your device so even if you get attacked by phishing link you have some protection.
Velkro
Legendary
*
Offline Offline

Activity: 2002
Merit: 1011


<3 Vanity Addresses :)


View Profile
April 25, 2019, 02:51:29 AM
 #9

hiii everyone.....
   i'm new to this world and i'm a Crypto currency enthusiastic also...my question is how can find that its a phishing site without touching it? ..i need some suggestion
Welcome.
I would suggest google as verification. Write website title/address to google and see what address will come on first place. Its the original website. Phishing site will not be there or even if, on further places.

Lakai01
Hero Member
*****
Online Online

Activity: 686
Merit: 504



View Profile
April 25, 2019, 03:36:38 AM
 #10

A phishing site is very easy to recognize.
No, they are not easy to recognize when faked in a professional way. Our company host a site with about 5000k hits per day. Every now and then phishing sites pop up which look EXACTLY like our page, they simply copy our CSS styles. The only way to recognize that it is a phishing site is via the URL, you cant rely on "oh I am sure I would recognize a phishing site when I see one".

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
bob123
Legendary
*
Offline Offline

Activity: 1106
Merit: 1580



View Profile WWW
April 25, 2019, 06:51:54 AM
Merited by DdmrDdmr (1)
 #11

It might be also worth to note that phishing can not only happen through fake sites.

If a website (e.g. an exchange) is vulnerable to XSRF (Cross-Site request forgery), one might be able to access / change your login credentials or do anything else in your name.

For example:
Lets look at the exchange: www.exchange.com
This (theoretical) exchange is vulnerable to XSRF and handles most actions with GET-Requests.

If you are logged in into www.exchange.com, i can send you a link in this format (given that that's how the webserver / PHP script works):
www.exchange.com/settings.php?newpassword=MySecretNewPassword

This will change your password to MySecretNewPassword, and the attacker can instantly log in (given that no 2FA etc. is activated).


This is a simple (and easily recognizable) example. But URLs can be quite long where it is not that easy to see anymore.
Furthermore an attacker might be able to encode the parameter, depending on the implementation of the webserver. So instead of ?newpassword=MySecretNewPassword, you would see some random-looking long string of characters.

Just checking the domain name and the TLD is not enough here.

jseverson
Hero Member
*****
Offline Offline

Activity: 1176
Merit: 698


View Profile
April 25, 2019, 07:28:57 AM
Merited by john2231 (1)
 #12

Welcome.
I would suggest google as verification. Write website title/address to google and see what address will come on first place. Its the original website. Phishing site will not be there or even if, on further places.

This is a very dangerous suggestion as Google tends to show ads as top results. It's far safer to type out websites on your own.

john2231
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1001



View Profile
April 25, 2019, 08:09:30 AM
 #13

Its not easy to know if the site is phishing or not there are some ways to register a domain which is look a like with the original website.
Remember about the "punnycode" where they can registered a domain then the browser shows the same as original domain.

So my suggestion if you want to know if the website is phishing site make a thread here on the forum and copy and paste the url here it sometimes shows the punnycode domain but if not much better to ask it here so that other forum members test the website or maybe someone knows about the website.
madrogue
Member
**
Offline Offline

Activity: 98
Merit: 15


View Profile
April 25, 2019, 03:56:07 PM
 #14

I have small tips to check if that website is phising.
- First if you search in Google, check that domain website.
Most of phising site always using google ads to make in top google search.
- Always check Padlock in url
- Add some Anti Virus to protect your device to access website
- Always check shorten url with http://checkshorturl.com/
Siren
Sr. Member
****
Offline Offline

Activity: 826
Merit: 265



View Profile
April 25, 2019, 04:06:02 PM
 #15

hiii everyone.....
   i'm new to this world and i'm a Crypto currency enthusiastic also...my question is how can find that its a phishing site without touching it? ..i need some suggestion
Welcome to the crypto world,there are topics already starts here regarding your questionnd what you only need is to read them like this

https://bitcointalk.org/index.php?topic=5134800.msg50746463#msg50746463

https://bitcointalk.org/index.php?topic=4264404.0

https://bitcointalk.org/index.php?topic=4456502.0

Hope the answers and topic inside those threads will help you to prevent from being victim
chenille
Full Member
***
Offline Offline

Activity: 280
Merit: 160

chenille!


View Profile WWW
April 25, 2019, 04:28:16 PM
 #16

I have small tips to check if that website is phising.
- First if you search in Google, check that domain website.
Most of phising site always using google ads to make in top google search.
- Always check Padlock in url
- Add some Anti Virus to protect your device to access website
- Always check shorten url with http://checkshorturl.com/
Padlock sign can be a good idea to check but actually it's no guarantee that a website is no phishing site. Phishing site scammers are improving their scam attempts and the number of phishing sites being in possession of a green padlock sign are getting higher:

Half of all Phishing Sites Now Have the Padlock Sign

Safest was is to check always the url by yourself if it's legit.

~chenille~
Erickan
Member
**
Offline Offline

Activity: 266
Merit: 17


View Profile
April 26, 2019, 03:35:48 AM
Merited by DdmrDdmr (2)
 #17


3. Use Trusted anti phishing browser extensions
They may not be so perfect but together they can help you at times when you are the not so alert. they will warn you if you are about to visit a phishing website. Such extensions include
- Cryptonite (metacert protocal)

This is the tool I use to check whether the website I visit is secure, at least it can alert me to insecure sites. This helps us be more alert and cautious with strange websites. If you use antivirus software, it will also warn you about sites that can be trusted and unsafe. Anyway, the tool is only to help you filter out unreliable websites, you have to determine whether they are fraudulent or not.

                                                                                   


There are many ways to identify phishing sites, it is also quite recognizable if you are a cautious person. It is best not to go around the web by searching on google, it is important that you save the addresses of the websites you often visit. In addition, you can also use https://www.scamadviser.com/ to find the information about the website you suspect, phishing sites that have in common are often established in a short time.

                                                                                   

For example:
If you often use bitfinex.com and don't save it in your favorites,some beautiful day, you'll have to regret it when you log into the hacker site without knowing it. Hackers who created bitfienex are similar to bitfinex, if you don't notice it, you will be fooled immediately.  Another case is that Binance is also fake a lot, so if you intend to participate in crypto, remember to protect your money as a top priority.

                                                                                     

                                                                                     

Image source: https://bitcoin-news.vn/san-binance-bi-gia-mao/






Thirdspace
Hero Member
*****
Offline Offline

Activity: 1190
Merit: 719


Mixing reinvented for your privacy | chipmixer.com


View Profile
April 27, 2019, 12:05:06 PM
 #18

Welcome.
I would suggest google as verification. Write website title/address to google and see what address will come on first place. Its the original website. Phishing site will not be there or even if, on further places.

This is a very dangerous suggestion as Google tends to show ads as top results. It's far safer to type out websites on your own.

true. as a matter of fact many people got phished by accidentally going thru the google ads link
for eg. I just did a search on chipmixer... and google shows an ads of fake chipmixer site on the very top  
fortunately this phishing site use very obvious different domain chipmixer.site, so it's easily spotted Tongue

r1a2y3m4
Full Member
***
Offline Offline

Activity: 504
Merit: 123


Match365> be a part of 150BTC inviting bonus


View Profile
April 27, 2019, 03:38:09 PM
 #19

I hope that this reply of mine could help you avoid phishing sites. I really don't understand the meaning of your poll.

I just want to add an information to check if the link is a phishing link. One way to avoid that is to hover. When we say hover it is when you put your mouse over a file or a link and you can see the link to that file. Here's an example to it.


You can see the blue arrow, I hovered at bitcoin forum. And the link was showed at the lower left part(where the red arrow is pointing).

Please don't click what's below this, I only used this as an example.

Hover to this -> twitter.com. As you can see, the in human's eye is twitter.com but if you click it it will redirect you to another page(facebook.com). So, you need to hover on every file that you are suspecting.


socks435
Legendary
*
Offline Offline

Activity: 1442
Merit: 1024

- God Bless US -


View Profile
April 27, 2019, 03:56:20 PM
 #20

I hope that this reply of mine could help you avoid phishing sites. I really don't understand the meaning of your poll.

~snip~

You can't do that in google because if you put your mouse into the site listed on the google result it will shows a google link not a direct link. You can do that if someone posted a link here with hyperlink you can check below left of the browser.


I want to suggest OP to check my thread here https://bitcointalk.org/index.php?topic=512688 some list of phishing Electrum website and still looking for them to add on my list so that other forum members are aware about phishing Electrum websites.

Bitcoin will become stable soon and altcoin will keep increasing this coming months.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!