What to do to avoid phishing sites

[hd49728]

What I do is I bookmark the important sites that involves transactions like myetherwallet and some crypto exchanges. Some accounts that have 2fa will be difficult to hack even if you clicked a phishing sites. Popular browser like google chrome and mozilla firefox automatically detects malicious websites so it's best to use for everyone.

It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.
Remember site address is the best.

[bob123]

It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.
Remember site address is the best.

To tamper with the bookmarks you made, someone needs access to your device or browser.
And with access to one of them, you are in more trouble than just having your bookmarks changed.

Remember the sites and typing them each time can lead to misspelling them. So that's not a perfect solution either.

A better solution would be to remember the IP address of the web server, and each time before visiting it you do a DNS lookup to check whether the hostname resolves to that given IP address.
Then visit the webserver via the IP address. But if they are using cloudflare, that's not possible.

This was obviously overexaggerated.
But visiting the site properly is not such a trivial task. Each method has its ups and downs.

There is no 'best' solution. There are countless attacks on each way of visiting a website. Some are trivial to detect while others are not.
The most important thing is to use your common sense and be careful. Regardless of which method you are using.

[hd49728]

This thread will help you with another tool to fight against phising sites by using host-files
Host-file to deal with phising sites
However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them.

[rearwheels]

Hi all. Recently I have found this thread about Phishing Quizzes which will help you to become more experienced in detecting Phishing sites.

https://bitcointalk.org/index.php?topic=5178375.new#new

There is a list of quizzes which you can start.

[hd49728]

https://bitcointalk.org/index.php?topic=5178375.new#new

Thank you, but that topic was added in OP days ago.

Read more:
- [LEARN] Phishing Quizzes - Beginners & Experts

[nakamura12]

This thread will help you with another tool to fight against phising sites by using host-files
Host-file to deal with phising sites
However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them.

It's also effective to add the phishing website in the host file just like the link. It is also better to know lots of phishing sites so you can add. It all depends on the person if he/she will do what we should do when it comes to phishing sites. Anyway, it's not only phishing sites that we need to avoid.

[bL4nkcode]

I must say, there are lots of tutorials and procedures on how to avoid being phished on the internet for a while now, even before cryptocurrency existed, but there are still lots of internet users got fooled and become victims of these. And I say being knowledgable and being careful of what to click and what to input/type will be the key to prevent this.

But this tutorial is still helpful, so newbies should work and follow this one.

[hd49728]

I must say, there are lots of tutorials and procedures on how to avoid being phished on the internet for a while now, even before cryptocurrency existed, but there are still lots of internet users got fooled and become victims of these. And I say being knowledgable and being careful of what to click and what to input/type will be the key to prevent this.

But this tutorial is still helpful, so newbies should work and follow this one.

What attackers use are not strange, and the main reasons why attackers still succeed with their phising strategies are people still don't change their stupid, and careless habits. It is nearly same thing that we see on market, losers always FOMO and buy at peaks, but they usually scare and hesitate to buy (even if they don't get stucked and still have free money to invest) at bottoms. They repeatedly do this, and blame all their losses on market.
People give attackers access to their devices, identities, passwords, and more, by themselves, but they blame on attackers and their phising sites.

[masulum]

I create simple infographic top 9 most commons phishing using email and newbie member can avoid all of this kind email
read full article from source: https://now.uiowa.edu/2019/09/avoid-these-10-common-phishing-emails
you can find an example of each email phishing on there

here is my infographics

[whtchocla7e]

Thanks for your post, you helped me a lot. However, I would like to add a little bit about how I identify and prevent phishing sites, which are:
- Make a habit of looking at the web address regularly, with any click or access, I always control the address I visit
- Save or mark important web pages, necessary and useful information to avoid visiting fake websites.
- Install website detection tools containing malicious and fake code like Metamask, ...

[akirasendo17]

this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on

[Magkirap]

this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on

Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.

[peter0425]

this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on

Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.

that is why we must Bookmarked each sites we often visiting,and prevent our self from Clicking random links shared to our front.

i am once a victim of phishing site lucky that i found earlier so my account did not compromised that is why from then?when newbie posted and share a  link?never that i risk clicking it unless there are someone prove that it is legit.

[hd49728]

this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on

Everyone can be attacked and as a consequence of that, given links from people who well known about are risky too. There is no perfect guarentee that given links from your wife/ husband/ relatives are safe. Checking links is the must step to do. Of course, we need to be more careful with links from strangers.

Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.

https sites are what you implied but phishing sites can be https ones, and they are not restricted to http sites.

that is why we must Bookmarked each sites we often visiting,and prevent our self from Clicking random links shared to our front.

Immediately click on given links is bad but bookmark is unable to completely safe us from attacks. Bookmark help us most of the time, but if there are Tampering attacks on our devices (caused by our bad internet surfing activities) bookmark will be changed and no longer to safe us.

[masulum]

https sites are what you implied but phishing sites can be https ones, and they are not restricted to http sites.

That's so true, most internet users become a phishing website victims because they are believe if phishing sites will not using SSL. But, in current internet era, anyone can use SSL for free for their websites. Based on data few years ago, there are 15,270 phishing website with SSL. How it happen? because they can get SSL for free, so if we don't re-check the site address, of course we will become a victim. The best way always double check domain address that you visit and recheck link inside email before clicking, it will make us save from phishing.

Related thread: Half of all Phishing Sites Now Have the Padlock Sign by @Pmalek. In this thread i share about new data about phishing website with padlock sign increase about 400%

[hd49728]

That's so true, most internet users become a phishing website victims because they are believe if phishing sites will not using SSL. But, in current internet era, anyone can use SSL for free for their websites. Based on data few years ago, there are 15,270 phishing website with SSL. How it happen? because they can get SSL for free, so if we don't re-check the site address, of course we will become a victim. The best way always double check domain address that you visit and recheck link inside email before clicking, it will make us save from phishing.

Exactly. The figure you gave on 15270 phishing sites with SSL is an impressive detail for my topic. I appreciated it.
It is a cool guide on SSL vs. TLS! that I saw minutes recently.

[hd49728]

bump

[lovesmayfamilis]

Nice post, but I didn't see any information on how to prevent mobile phones from reaching phishing sites. Today we use mobile devices every day, and precautions must be learned by us as a multiplication table. We have dozens of applications installed in our mobile phones, which also contain data about the payment systems we use, data from social networks, and so on.
Therefore, users also need to observe caution when they install applications, strictly adhere to the official stores. Do not trust the links they receive as SMS messages.
And of course, timely updating of systems and the use of licensed antivirus will help to stay safe and save data on the device without all sorts of hacker hacks.

[JayTrain]

I had a case with MEW when I didn't check the site address and decided to go to the first link through Google search...and I realized that I was phishing, the private key was immediately compromised and it was a lesson for me, now I check the link several times where I go and do not use the search engine to search for such sites.

[BernyJB]

For FF users, there is one trick in the book that can help you see the punycode.

[1] Type "about:config" in the address bar


[2] Then type "punycode" in the search bar


[3] Then double click on "network.IDN_show_puny_code" and enable it to true.

Thank you, I just did the punycode thing. 
Using adblock plus and forcing https is always a good idea. It's also important to pay attention to the address you're clicking on. Most people don't even look at that.
If a link pops up in your wallet (or your email, or anywhere) and tells you to "update it", DON'T FOLLOW IT, go to your wallet's page and look for the update.  Bookmark sites like Github, so there's no chance of you inadvertently going into the wrong address. But, most importantly BE CAREFUL when you click on a link, always.