{Beware}: Crypto Currency give-away spoof puny-code domains

[Baofeng]

https://twitter.com/kyleehmke/status/1175128078655401998

Code:

- xn--mdium-n51b[.]com
- xn--mediu-jl1b[.]com
- xn--stllr-6wa7j[.]org

Again, this is just a friendly and gentle remainder to everyone.

[bitmover]

Code:

- xn--mdium-n51b[.]com
- xn--mediu-jl1b[.]com
- xn--stllr-6wa7j[.]org

Those are too obvious domains scam. Who would click on such URL?
This is basic common sense...

For a promisse of a giveaway, a few cents of a token which has no value....

[whtchocla7e]

Code:

- xn--mdium-n51b[.]com
- xn--mediu-jl1b[.]com
- xn--stllr-6wa7j[.]org

Those are too obvious domains scam. Who would click on such URL?
This is basic common sense...

For a promisse of a giveaway, a few cents of a token which has no value....

A lot of new people haven't noticed the site link. The crooks have coded the links, turned them into shortened links or coded it into images and text. This article is really useful for newbies, we should be more careful when paying attention to website addresses.

[o_e_l_e_o]

Those are too obvious domains scam. Who would click on such URL?

Those are the punycode versions, not the ASCII versions. The subdomain of those URLs listed above would display in your browser's address bar as follows:

Code:

mẹdium
mediuṃ
stėlląr

As you might imagine, people fall for these kind of attacks all the time if their browser is set to not display punycode.

To protect yourself from this kind of attack, in Firefox open a new tab, type about:config, accept the warning, search for "punycode", and change the value of network.IDN_show_punycode to true. This will change the URL in your browser from the examples I've given in this post to instead display as the examples Baofeng has given in his (so from mẹdium to xn--mdium-n51b, for example).

[masulum]

For members who don't understand, what's wrong about medium, medium and stellar in o_e_l_e_o post above, try to copy text to word/notepad etc, and change font size. And you will see the result like image below.

[hugeblack]

To @OP, I think this topic^[1] has covered all the information about Punycode so it is better to quote it or add the link in the topic.

Also, "SSL certificate is valid" Doesn't mean you are safe, check out^[2]
Secondly, we're in 2019, don't expect anyone to give you money for free, especially Crypto Currency give-away. Old school scam


[1] What is Punycode and how to protect yourself from Homograph Phishing attacks?
[2] https://bitcointalk.org/index.php?topic=5184169.msg52506958#msg52506958