|
yazher
|
|
October 11, 2019, 10:42:43 AM |
|
This is some scary phishing technique, another worth thread to post on my daily news today. I'll make them aware of this kind of phishing. A few months ago I entered a fake Bitcointalk site but instead of .org the fake one is .to I'm close to getting hack by that site because I am already in the login window. I was about to sign in when I see something strange with the domain name and read it again, Damn, it was not the original site rather it's the fake one.
Base on your examples they are only interested in hacking Big exchanges account, If they make something like a Bitcointalk site, many users will fall and become victims with this kind of phishing. That's why I need them to be aware of this kind of stuff.
|
|
|
|
magneto
|
|
October 11, 2019, 11:43:41 AM |
|
Extremely comprehensive guide. I did know of these phishing websites before but didn't know the exact method that scammers seem to do this by.
I think that browsers should definitely show these codes by default, or at least have better algorithms that detect when the user is visiting a fraudulent site. Of course it is impossible to keep up with these phishers 100% all the time, but it should at least get periodically updated (this sort of scam has been around for a while now).
The majority of these phishing sites come from google ads as far as I know. You should never click on any of them. Even top search results can sometimes contain these sites if the site is relatively new. As others would have probably suggested, even though bookmarks may seem like a hassle, they are definitely worth it.
|
|
|
|
Lafu
Legendary
Offline
Activity: 3136
Merit: 3213
|
|
October 11, 2019, 12:19:51 PM |
|
Great post and thread , sadly i have just seen it now lol ! Nice information and explain about the whole thing , respect ! This deserved 3 Merits from me to you , so you Hit now the Legendary Rank with it ! Congrats for the Legendary and welcome in the Club ! Regards Lafu
|
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
October 11, 2019, 01:19:46 PM |
|
Great post and thread , sadly i have just seen it now lol ! Nice information and explain about the whole thing , respect ! This deserved 3 Merits from me to you , so you Hit now the Legendary Rank with it ! Congrats for the Legendary and welcome in the Club ! Regards Lafu Thank you very much Lafu!!! This is a real achievement for me, so I will remember this first post as a Legendary member and those 3 merits which made it possible for a very long time, probably forever . After so many years, I finally got to the most famous Legendary club, it's a little hard to believe, that it is right now and on the other hand it lasted for so long. Mission accomplished
|
|
|
|
crypto mania
|
|
October 12, 2019, 12:31:28 PM Last edit: October 12, 2019, 12:57:56 PM by crypto mania |
|
...Congrats for the Legendary and welcome in the Club ! .. CONGRATUALTIONS!!! You finally did it. Amazing achievement taking into consideration that this only took 2 years. As you see I am back after so long again because of you. I will to be more active because is a shame to left this account after so much work I already did. One more time thank you for everything you did for me on the forum and sorry for all the problems you had because of me. I see that your posting skills are indeed on a much higher level and hovering merits is now for you something common. This Punnycode thread is one of best I have read lately about security breaches on Bitcointalk forum, kudos for that.
|
EMONEYMAX.NET - BEST SHILL TEAMS AND CHATTERS!!! - FULL PROOF OF WORK IN REAL TIME - REAL PEOPLE/NO BOTS - WORK 24/7 - FULL VISIBILTY OF COMMENTS ACROSS ALL SOCIAL MEDIA - NO SHADOWBANNS, NO DELETIONS! - FULL REPORTS IN REAL TIME (LINKS AND SCREENS) - SIMPLY WE ARE THE BEST!
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
October 24, 2019, 09:32:14 AM |
|
...I think that browsers should definitely show these codes by default, or at least have better algorithms that detect when the user is visiting a fraudulent site. Of course it is impossible to keep up with these phishers 100% all the time, but it should at least get periodically updated (this sort of scam has been around for a while now)...
Exactly, I was wondering about the exact same thing which is why the hell browsers just don't implement something which will show the real URL, message in a popup or something else which will be really helpful and easy to use and understand. Despite everything as for now, there is no solution provided from browsers creators and all I found was a couple of addons and already written about this a couple of posts above. ...The majority of these phishing sites come from google ads as far as I know. You should never click on any of them. Even top search results can sometimes contain these sites if the site is relatively new...
This is, of course, true what you have written but outside Google Ads are also plenty of them. I have Ad blockers installed (uBlock Origin) and still already was a couple of times on such phishing websites that use Punycode and Homograph Phishing attacks to steal your passwords and only thanks to my password manager I haven't shared it. I think we have to prepare for even the worst situation in the future because phishing websites count is growing with insane speeds. Today I have read a great post about this subject in this thread: Re: Half of all Phishing Sites Now Have the Padlock Sign
|
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
November 25, 2019, 09:23:30 AM Last edit: November 25, 2019, 12:27:34 PM by wwzsocki Merited by OcTradism (2), DdmrDdmr (1) |
|
I found a great service called Gluee with multiple tools for webmasters and developers but the most important thing for us is that there are a couple of tools to protect against Punycode vulnerability. https://www.gluee.com/tools/As you can see the first one called Punycoder is a tool that converts text with special characters (UNICODE) to the Punycode encoding (just ASCII) and vice versa. This is a great tool to check all suspicious Phishing Punycode URLs. Just copy and paste the needed link. https://www.punycoder.com/Punycoder - Punycode converter or an IDN converter, a tool for Punycode to Text/Unicode and vice-versa conversion. I advise checking the other tools from this website because they can help to stay safer online if we use them.
|
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
September 12, 2020, 08:07:49 PM Last edit: September 12, 2020, 08:18:22 PM by wwzsocki |
|
Wandera - the world's largest provider of cloud security for remote workers, just published its Cloud Security Report for September 2020. In which they refocus on phishing, looking at the length of phishing URLs compared to safe URLs, but nor only. Researches from Wandera found that the length of a URL can be a telltale sign of a phishing attack. legitimate URLs typically sit between 20 and 44 characters, anything beyond that is most likely a phishing link. On average, requests made to unsafe domains were 1.8x the length of requests made to safe domains. Wandera researches warn that spotting suspicious links could be very problematic on smartphones and tablets because modern browsers truncate URLs for a sleeker design. Users need to apply a greater level of scrutiny when using browsers on mobile devices, particularly given the rise in use of punycode in phishing URLs. I encourage everyone to read about Punycode and Phishing attacks, in this report are many interesting pieces of information, like the days of the week in which people visit phishing sites the most. ... largely stable during the week aside from Monday... Interestingly, Saturday was the day with the highest number of requests made to phishing domains. Here link to the full report: https://www.wandera.com/cloud-security-report-september-2020/
|
|
|
|
adamvp
|
|
November 05, 2020, 05:56:35 PM |
|
Very valuable work wwzoscki! I was aware of phising threats, but I have never heard about such thing as punnycode. And it is one of most dangerous one, sometimes it needs to enter dangerous side to harm your computer. Many thanks, good job!
|
I am looking for signature campaign pm me
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
November 07, 2020, 05:54:21 PM Last edit: November 07, 2020, 06:08:33 PM by wwzsocki |
|
Very valuable work wwzoscki! I was aware of phising threats, but I have never heard about such thing as punnycode...
Thank you @Adamvp for your kind words. I created this thread because I was almost hacked using Punycode attack, thanks to Metamsk and password manager I was able to spot this on time but to be honest, I already started to write a password manually (few first ciphers) when I stopped because something filled wrong about this login. I was logged in earlier and normally my password and username are automatically filled when I am on the correct website and here it wasn't, despite I was logged in a few minutes earlier and only closed the tab. Additionally on the correct website, when I start to type email or password the login details came up automatically thanks to the password manager, and here it wasn't. Second-time Metamask warned me that I am on a phishing website and didn't let me proceed further. So, I started to dig this Punycode topic and found that we are almost defenseless because these pishing URLs are exactly the same or almost identical to the original. I think, I am quite paranoid about privacy and malicious threats and if I was so easily almost hacked I can imagine that many people are vulnerable every day even without knowing it. So if this thread helps somebody to defend himself or at least to be aware of the danger, then I am ok with that and think that the job is done .
|
|
|
|
OcTradism
|
|
November 08, 2020, 10:14:24 AM |
|
I created this thread because I was almost hacked using Punycode attack, thanks to Metamsk and password manager I was able to spot this on time but to be honest, I already started to write a password manually (few first ciphers) when I stopped because something filled wrong about this login.
I was logged in earlier and normally my password and username are automatically filled when I am on the correct website and here it wasn't, despite I was logged in a few minutes earlier and only closed the tab. Additionally on the correct website, when I start to type email or password the login details came up automatically thanks to the password manager, and here it wasn't. Second-time Metamask warned me that I am on a phishing website and didn't let me proceed further.
Your story sounds like you chose "Remember my password on this site (something like that)" on the browser you used to log in. I don't think it is good way to do despite of its simplicity and convenience. I never choose this option on any browser and everytime I log in, I manually type passwords. Some sites have their security methods to automatic log out your accounts (on browser, on mobile) each month. And what you said is not always true that the site you are logging in your account is a phishing site.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
November 09, 2020, 11:33:15 PM |
|
Your story sounds like you chose "Remember my password on this site (something like that)...
No, not exactly, I had it saved in my password manager, and every time I start to type he show the right option right away and here it was empty. Still, I didn't realize and started to manually provide the password, luckily I don't know it and I wasn't able to figure it out, luckily I recognized something is wrong and haven't provided any valuable info to the hackers. It's really tricky and to be honest, we should check all URLs we are not fully sure of.
|
|
|
|
adamvp
|
|
November 24, 2020, 11:46:31 PM |
|
I created this thread because I was almost hacked using Punycode attack, thanks to Metamsk and password manager I was able to spot this on time but to be honest, I already started to write a password manually (few first ciphers) when I stopped because something filled wrong about this login.
I was logged in earlier and normally my password and username are automatically filled when I am on the correct website and here it wasn't, despite I was logged in a few minutes earlier and only closed the tab. Additionally on the correct website, when I start to type email or password the login details came up automatically thanks to the password manager, and here it wasn't. Second-time Metamask warned me that I am on a phishing website and didn't let me proceed further.
Your story sounds like you chose "Remember my password on this site (something like that)" on the browser you used to log in. I don't think it is good way to do despite of its simplicity and convenience. I never choose this option on any browser and everytime I log in, I manually type passwords. Some sites have their security methods to automatic log out your accounts (on browser, on mobile) each month. And what you said is not always true that the site you are logging in your account is a phishing site. Manualy typing is very dangerous .. it needs only your computer is infected by keylogger and hacker will know your password immediatelly! Only good password manager (with good encryption,) is reliable solution!!
|
I am looking for signature campaign pm me
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
November 26, 2020, 03:54:23 PM |
|
Manualy typing is very dangerous... Only good password manager (with good encryption,) is reliable solution!!
I agree but despite everything and that I had one, still, I started to manually log in when there was no response from the password manager. As I said, I was lucky to recognize something is wrong but can assume that many people can't and login every day on phishing sites. Thanks to this event, this thread came to existence, I hope that at least a few members more are aware of this threat thanks to my writings.
|
|
|
|
adamvp
|
|
December 08, 2020, 07:17:57 PM |
|
Yes, I was made aware of this danger thanks to your thread, I think this thread should be pinned! Or maybe this is a thread about biggest threats and it could be linked there?
|
I am looking for signature campaign pm me
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
January 24, 2021, 08:21:42 PM |
|
Or maybe this is a thread about biggest threats and it could be linked there?
Don't know to be honest but I fully agree with you that Punycode is the biggest threat for normal internet user today when it comes to browsing the web and using URLs. Despite many tools I have found and even reviewed in this thread, still I haven't found even one which will be easy to use and widely distributed like an extension or something. This is for my very surprising that nobody created something like this because taking in consideration the scale of danger, even paid version could be easily a big success And now shout out to the community, if anybody have seen or uses any tool that helps with Punycode and Homographs, please share!
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
January 24, 2021, 10:13:36 PM Last edit: January 24, 2021, 10:26:49 PM by o_e_l_e_o |
|
Despite many tools I have found and even reviewed in this thread, still I haven't found even one which will be easy to use and widely distributed like an extension or something.
You don't really want to install an extension for something so simple to solve. Every extension you install is a security risk, and unless you sit down and review all the code yourself (which few users have the knowledge and skill set to do, and even fewer actually do it), then you are introducing more and more unknown and potentially malicious code in to your browser with every extension you install. With any browser, you should be aiming to keep the number of extensions you use to the bare minimum, and they should only be ones which are open source and independently reviewed unless you are reviewing the code yourself. Malicious extensions can do everything from change bitcoin addresses in your clipboards through to stealing your passwords and your coins. In Tor or Firefox, simply open a new tab, enter about:config, accept the warning, and change the preference "network.IDN_show_punycode" from false to true. Chromium based browsers now show punycode as default, provided they are up to date.
|
|
|
|
wwzsocki (OP)
Legendary
Offline
Activity: 2898
Merit: 1731
First 100% Liquid Stablecoin Backed by Gold
|
|
January 25, 2021, 04:21:53 PM Last edit: January 25, 2021, 04:34:11 PM by wwzsocki |
|
...In Tor or Firefox, simply open a new tab, enter about:config, accept the warning, and change the preference "network.IDN_show_punycode" from false to true. Chromium based browsers now show punycode as default, provided they are up to date.
Thank you very much for your input @Oeleo. It would be great if you can show how it's look like by default in Google browser? Is there any message shown that this is Punycode, don't understand quite correctly because don't use it from quite some time, Still, I use Brave which is also build on Chromium and haven't noticed anything to be honest. I will soon make an tutorial with screens how to set up this on Firefox for less experienced members but would be great to show also some Google examples. Please explain more exactly how it works on Google now? Does it mean they don't show URLs translated to ASCII only original once?
|
|
|
|
|
|