BitMaxz (OP)
Legendary
Offline
Activity: 3248
Merit: 2965
Block halving is coming.
|
|
June 10, 2019, 09:29:32 PM Last edit: June 12, 2019, 04:30:25 PM by BitMaxz Merited by bones261 (2), ABCbits (1) |
|
I recently searching on google with keyword "trezor" and I found a fake website. Here's what it looks like Then I tried to check the website and I found that it looks the same as the original trezor wallet page I tried to click any pages but none of the buttons works except for wiki but the result is page not found and two wallet button. The weird thing that I found after copying the URL and pasting it to report page on google the website URL shows different so my guess it is a Punycode website. Look at URL below. https://xn--wllet-trezor-y9a.com/# So obvious that this website is fake and they are targeting trezor user. The website just created a few days ago according to whois. Domain:wàllet-trezor.com Registrar:Tucows Domains Inc. Registered On:2019-06-01 Expires On:2020-06-01 Updated On:2019-06-10 Status:clientTransferProhibited clientUpdateProhibited Name Servers:1-you.njalla.no 2-can.njalla.in 3-get.njalla.fo
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2758
Merit: 7135
|
|
June 11, 2019, 08:49:49 AM |
|
The google ad seems to have been removed. I just tried googling 'trezor' and the add is no longer there, at least for me. Pay attention to the way they spelled tresor incorrectly!
Good find and thanks for letting us know.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
June 11, 2019, 09:47:33 AM |
|
For anyone who is have adblock in browser such sites will not be visible at all, so use adblock and block such ads. I just turn off my adblock to see if that site is still show on top of search results, but I find another fake site for Trezor. It seems that first one is disabled by Google, but someone is just activate new ad campaign in Google AdWords. This site is redirecting to :
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18510
|
|
June 11, 2019, 10:55:11 AM |
|
Yeah, this is what I would call a "Swiss cheese model" - there a lot of things that you are doing wrong here to be subjected to this kind of attack.
First of all, Google is a terrible search engine in terms of privacy and security. I would recommend switching to something like DuckDuckGo, which doesn't display ads like this. Second of all, you aren't blocking these malicious ads. As Lucius says, download an ad blocker such as uBlock Origin. Third of all, you shouldn't be using search engines to find the websites for exchanges, wallets, etc., as you run the risk of landing on a fake page such as this one. It is much better to type in the link manually. Lastly, you can force your browser to display Punycode so you will always notice this kind of attack. On Firefox or Tor, open a new tab, type in about:config, search for network.IDN_show_punycode, and set to "true".
|
|
|
|
BitMaxz (OP)
Legendary
Offline
Activity: 3248
Merit: 2965
Block halving is coming.
|
|
June 11, 2019, 12:59:19 PM |
|
There is a new advert pop up on google when searching "trezor" wallet. It seems they keep creating new fake website but when I tried to click the website with my local IP this is what it looks like They redirect me to watches shop but when I'm using a unique IP with VPN now the ads redirect me to a different domain. Beware on this website: They are now upgraded and blocked my local IP and use a Cloaking technique where my IP detected as a google bot spider that is why the site redirects me to different content if your IP is not unique it will happen to you as well. I'm sure this hacker have lots of SEO technique and I'm sure this is the same guy who created the Punycode website that I posted earlier. If you saw a different website please report them to google so that we can prevent them from hacking trezor users wallet.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
June 11, 2019, 02:10:23 PM |
|
As I already wrote, it looks like the one person exploiting all the possibilities which are permitted by Google AdWords and just creating new campaigns, or trying to mask them as much as possible. I also see that new site now, and it is redirecting to link I posted in post 3, which is same BitMaxz post in his last post. If it's just about one person behind this, then Google need to ban this account and stop him to do this. I report this link to Google Safe Browsing, and if more users do that it will attract attention of Google who will then block this site in browser as deceptive site , so even users who not use adblock will be safe.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
BitMaxz (OP)
Legendary
Offline
Activity: 3248
Merit: 2965
Block halving is coming.
|
|
June 11, 2019, 02:44:48 PM |
|
As I already wrote, it looks like the one person exploiting all the possibilities which are permitted by Google AdWords and just creating new campaigns, or trying to mask them as much as possible. I also see that new site now, and it is redirecting to link I posted in post 3, which is same BitMaxz post in his last post. If it's just about one person behind this, then Google need to ban this account and stop him to do this. I report this link to Google Safe Browsing, and if more users do that it will attract attention of Google who will then block this site in browser as deceptive site , so even users who not use adblock will be safe. The problem even they ban the google account they can still create a new campaign with fresh account because there are many IM selling google ads account on marketing forum like on BHW. I have experienced about this and I'm currently joined on the skype group where many IM users buying google and bing ads account. So even google keep banning accounts they can still make another campaign with a fresh account. Google should ban "trezor" keyword to display on google so that no one will see these ads again.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
June 12, 2019, 09:29:54 AM |
|
I just check that fake site and it is not working today, and there is no new bad ads if I search Google by keyword "trezor". It seems that Google responded very quickly and banned this account, and owner is just shut down that site.
Google should build in adblock in Chrome, but that makes no sense for them since they sell ads and they want users to see them, regardless whether they are good or bad. They should check every ad before getting permission to show such ad, but we all know that this is something that currently is not an option.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
|
BitMaxz (OP)
Legendary
Offline
Activity: 3248
Merit: 2965
Block halving is coming.
|
|
June 12, 2019, 04:28:08 PM |
|
I just check that fake site and it is not working today, and there is no new bad ads if I search Google by keyword "trezor". It seems that Google responded very quickly and banned this account, and owner is just shut down that site.
Google should build in adblock in Chrome, but that makes no sense for them since they sell ads and they want users to see them, regardless whether they are good or bad. They should check every ad before getting permission to show such ad, but we all know that this is something that currently is not an option.
They did remove the site from the ads but there is a new site pop up again on google with the same keyword. And redirects me to the same website It seems he have lots of google ads account. If you guys see another site just keep reporting them to google so that we can reduce trezor users to accidentally click the fake website.
|
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
June 13, 2019, 06:50:26 AM |
|
How can i now those Trezor are fake or not?, can i updated latest firmware will removed all virus and malware?
You would need to inspect the hardware. Updating the firmware would remove a malicious firmware, but would not help if it has been tampered with on a hardware basis. You either need to know which components exactly are required, open the case and check everything.. or you buy it directly from Trezor / their official resellers.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2758
Merit: 7135
|
|
June 13, 2019, 08:49:17 AM |
|
They did remove the site from the ads but there is a new site pop up again on google with the same keyword.
If you guys see another site just keep reporting them to google so that we can reduce trezor users to accidentally click the fake website. I don't get the result you got but I see the following site ad on my end: www.oystert.tk/Hardware/WalletI didn't click on the link for safety reasons, I advice others don't click on it either! @Krislaw Inspecting the hardware is not an easy task if you don't know what you are doing. Why risk it? Just purchase it from the official site like bob123 suggested.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
|