Author

Topic: A simple way to protect yourself against Phishing attacks (Read 175 times)

brand new
Activity: 0
Merit: 0
Announcing MyEtherWallet v3.24.00: Difficulty Bomb&Updating blockchain

Due to the complexity of the Bomb and the increased risk of hacking, we pushed a rather drastic update that implements a number of changes and improvements, including enhancement of efficiency and scalability of the blockchain, acceleration of transaction speed, and additional security in the form new formats private keys which will help protect users against hacking.
If you are using private key or UTC, then you need to go into the wallet and update manually, otherwise they risk being unprotected.

How do i update my Ethereum wallet?

1. Go to our website MyEtherWallet.com
2. Unlock your wallet using your Keystore File (UTC / JSON) or simply use your private key.
3. Click Unlock and wait for the update.

Please note that you need to manually update your wallet, failure to do so may result in funds being lost.

We are taking these measures to protect both you and our network from phishing and malicious attacks.

Thank you for your cooperation and understanding!
MyEtherWallet Security Team.

If you use other methods, then ignore this message.
hero member
Activity: 670
Merit: 512
good but I am using some addon in my google chrome browser, and those addons are enough for me Smiley I am using  EAL,, Cryptonite both are best to prevent me from the pishing site. you can download both of them from here https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn (EAL) and https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnige (Cryptonite) 
jr. member
Activity: 123
Merit: 2
Nice write up! You just cannot be to careful these days. I have switched to the Brave browser with the Metamask plugin. It is quite safe and some of the other chrome extensions work as well. I use the lastpass plugin for Brave, that way you only click on the link you have personally saved with your password.

It's a full time job keeping the scammers out of your BTCBTCBTC
hero member
Activity: 1190
Merit: 534
There are multiple applications and extensions available for the reputed browsers such as Google Chrome or Mozilla Firefox, where you will immediately get a notification if you are visiting any phishing page. I believe that mass awareness is the only option for discouraging such phishing attacks because, in most of the cases, people cannot distinguish between a real website and the fake one, especially in the case of newbies.
legendary
Activity: 3514
Merit: 1963
Leading Crypto Sports Betting & Casino Platform
I keep it simple, by not clicking on any links. I type the URL for the sites that I use frequently and I never use the "auto completed" URL that are provided by the Browser.

This strategy eliminates all phishing attempts, but this is not for lazy people or people that cannot remember the valid URL to the sites that they often use.  Roll Eyes

I also "double" check all URLs before I press ENTER!
newbie
Activity: 37
Merit: 0
1. Be sensible when it comes to phishing attacks
2. Watch out for shortened links
3. Does that email look suspicious? Read it again
4. Be wary of threats and urgent deadlines
5. Browse securely with HTTPs
That is You Known , Cool Cool
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
Another way to avoid this phishing attacks is to use Metamask!
This is easier, I have downloaded metamask and when I visited to a website that I'm not familiar with it turns out to be restricted and the whole screen went green.

For newbies, I'll recommend metamask extension to make your browsing safer but still you have to check the website and URL's name to be sure of.
legendary
Activity: 2296
Merit: 2721
As far as I know Chrome always shows the URL in the IDN format. Additionally, there are plugins like Punycode alert which explicitly warn you if you are about to navigate to an suspicious URL.
member
Activity: 742
Merit: 19
My personal opinion is don't give your private keys to anyone or anywhere. You can use hardware wallet or metamask to store safely your ethereum and tokens. And also some guys using phishing methods to steal your KYC documents. Keep in touch with those things guys.
newbie
Activity: 68
Merit: 0
I will add 4 more ways to avoid phishing:

- Have a decent antivirus software. I like Kaspersky, Norton and AVG.
- Use firewalls, dont turn them off, even the default one for windows users. If you have money invest in some high-quality firewalls
- Only use trustable Wifi (home, office wifi could be good). Avoid using public wifis
- Keep your browsers up to date. They usually have features that help you avoid fake addresses. I prefer Chrome and Firefox over other browsers.
full member
Activity: 728
Merit: 139
Another way to avoid this phishing attacks is to use Metamask!

This extension is always up to date and prevent you from visiting phishing sites!

You can find more here: https://metamask.io/

Also, if you make some searches in the forum you will find loads of information about Metamask.
newbie
Activity: 15
Merit: 0
Please Note, this will not protect you against every Phishing attack you come across but it will protect you against a common attack using international domain names. As always you still need to remain vigilant online, especially in the crypto space.

An important step I take to avoid falling for certain phishing URLs is to make sure my browser always shows the IDN (international domain name) punycodes.

This is where bad actors will use an international domain name that looks almost identical to the real English version.
The URL could look identical except for a single dot under or above a letter.

See the difference between the two...

THE REAL URL: (Sorry the images are links, I'm not allowed to post images on here yet)
https://cdn.steemitimages.com/DQmVMxTENaskjhYPMa4FATumxra2ogbnDkrLUBX6gZdt42X/punnycode2.png

THE FAKE URL:
https://cdn.steemitimages.com/DQmNoP9HoH5B3fS3DXjRP7KKpKg86X3BiHyprXnyyX3HBxH/punnycode1.png

As you can see, it's EASY to miss the dots and visit the wrong website.

But, if you had punycodes visible in your browser address bar. This is how that fake address would look:
EXPOSED FAKE URL: https://cdn.steemitimages.com/DQme6K4n4rzxzinHkbxhu5baj6PDU1mT8pyqcaKdk89uMQj/punnycode3.png

It's now easy to see the fake address.

I use firefox which has punycodes disabled by default. I think this is terrible but I guess they have their reasons.
However, with a simple edit, you can change this in your Firefox config page.

In your Firefox address bar type in: about:config

Now in the search box type in: network.IDN_show_punycode

Now simply click on the listed item to change it to True

And that's it. Now you are much safer in the crypto space when it comes to international domain names.

REMEMBER, this will not protect you against every Phishing attack you come across but it will protect you against a common attack using international domain names.

Chrome Browser
This doesn't work with Chrome or any other browser. I'm not sure how to do this in the Chrome browser but there will be a way.
If anyone else knows how to display Punycode in Chrome, I would be grateful if you could tell us.
Jump to: