PSA: New electrum.org phishing attempt

[Wind_FURY]

Be careful electrum users/newbies. Scammers, hackers, and thieves are becoming more active because of the new Bitcoin rally.

You are all targets, especially newbies.

https://twitter.com/electrumwallet/status/1144678604523147265?s=21

Do you see that little fleck of dust under the domain name in the left screenshot? Actually not dust. Enable show_punycode in Firefox in order to avoid phishing URLs.

[dnpotter]

Thanks for the heads up.

[hatshepsut93]

Nice catch, and nice tip about Firefox!

Also, people really shouldn't be googling or clicking on some links to websites after their first visit - important sites should always be bookmarked and accessed with bookmark. Same goes for typing - autocomplete can lead to a fake site, or you can make a typo and get to hacker's site. And before visiting the site for the first time, always google search what the official site is, and check people's discussions first - never simply click on one of the results.

[jossiel]

I remember that there's also same character of that letter 'L' that has been used as Binance phishing site before. Thanks for the warning.

I see that there's also a post like this on Beginners and Help.

Warning: Another Electrum phishing site

[jerry0]

How did you find that electrum site?  Was it through google or electrum?  Because if you type in manually yourself


www.electrum.org


You should be fine right?

[nc50lc]

How did you find that electrum site?  Was it through google or electrum?  Because if you type in manually yourself
www.electrum.org
You should be fine right?

Yes.

FYI, the "eļectrum.org" is the ASCII version of punycode: "xn--eectrum-9hb.org" <--- Warning: phishing site.
It will be displayed as the latter if you're using Firefox with show_punycode enabled.

Try to type the original url on the right box here: https://www.punycoder.com/ then press "<<Convert to text" and it will be displayed as eļectrum.org.

[Artemis3]

How did you find that electrum site?  Was it through google or electrum?  Because if you type in manually yourself

www.electrum.org

You should be fine right?

This is fine but its not the end of the story. There is another possible attack vector by malware messing your dns or hosts file, so it might resolve electrum.org to a rogue phishing site. So no, not even that is safe enough (and actually searching it might give you the real IP address instead).

I think the only way to be sure is doing the gpg signature check:

• How to check if your Electrum Wallet is legit before using. (For Linux)
• How to Verify Your Electrum Wallet on Windows

[joniboini]

There is another possible attack vector by malware messing your dns or hosts file, so it might resolve electrum.org to a rogue phishing site. So no, not even that is safe enough (and actually searching it might give you the real IP address instead).

Another way to solve this is to use a live OS to access the website, download the files and verify it.

Installing anti-phishing malware might also help to prevent you accidentally access a punycode website, but of course, that won't work if your DNS was hijacked.