Pages:
Author

Topic: !Be careful when logging in! - page 3. (Read 983 times)

full member
Activity: 1750
Merit: 186
February 20, 2018, 11:40:49 PM
#38
The person that posted the picture with the 2 binance links... is the first one legit or not?  Because when you google binance, you see that one with the ad and of course below that, there is the real binance site.  The first link i was told if you click on it, it has binance site but it has a referral id etc.  So is the first one real or not?
legendary
Activity: 2758
Merit: 6830
February 20, 2018, 09:29:34 PM
#37
Thats a new threat level that I havent though of yet. Is that possible? Can you really combine different alphabets in the address bar?
I have never seen a Cyrillic address or any other alphabet except latin letters.
Maybe some other users can give us some more info
You may want to check this reddit post: https://www.reddit.com/r/CryptoCurrency/comments/7ykzar/be_careful_of_spoof_exchanges_would_you_have/

A quick comment about the issue:

Quote
URL spoofing is a very, very serious problem. The fact that you can even use other non-latin alphabets such as Cyrillic in URLs, results in ultra-sophisticated scam scenarios that are almost impossible to detect. quote: "It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘apple.com’. It may not be obvious at first glance, but ‘apple.com’ uses the Cyrillic ‘a’ (U+0430) rather than the ASCII “a” (U+0041)". The technical term for this is Homographic attacks.

Although most major browsers have a way of warning users, it only works if the URL uses a mixture of alphabets.
source

How to protect yourself:

Quote
FYI there is a way to shield yourself somewhat from these attacks.

Chrome: https://chrome.google.com/webstore/detail/punycode-alert/djghjigfghekidjibckjmhbhhjeomlda

Firefox: Go to about:config and search for punycode, set network.IDN_show_punycode to true

You can use for example this link to check if you are protected: http://www.umeå.se/

On Firefox the address bar will display the punycode, and on Chrome with the plugin it will show an alert on the bottom right corner.
These are what I use, if someone else uses another browser and know other tips, share them!
source
newbie
Activity: 72
Merit: 0
February 20, 2018, 09:14:40 PM
#36
Great warning! thanks for your info!
newbie
Activity: 196
Merit: 0
February 20, 2018, 08:39:57 PM
#35
Newbie here. I am new in this bitcoin forum so I haven't binance account number yet. Anyway, thank you for sharing the fake website, it would be of great help to us newbies in our future exchange or trading. It reminds us all to be vigilant all the time.
newbie
Activity: 98
Merit: 0
February 20, 2018, 02:06:41 PM
#34
Both of those sites are down as of now. I hope not many people got scammed while they lasted.

This type of thing is one of the reasons we need a way to leave comments on any site, to warn people about this stuff.
hero member
Activity: 1190
Merit: 534
February 20, 2018, 01:59:15 PM
#33
Thanks for updating but it is something that is going on since last 2 years and it is sad that advance platforms like Google are misused for such attacks and even Google approves it without verifying the same. However, in such situation, I think it is our responsibility not only to protect ourselves but also to build awareness about it to help others to stay safe.

* PunyCode Domain Detection : I haven't used this extension before but I think this will definitely help us to detect Punycode domains used while phishing attacks.
newbie
Activity: 224
Merit: 0
February 20, 2018, 01:42:12 PM
#32
Thanks for the information if it works in english it works for others languages so it is necessary to be careful
hero member
Activity: 536
Merit: 513
February 20, 2018, 01:26:13 PM
#31
The dangerous thing is that phishing sites sometimes appear on top of search results as advertisement.
The following image is an example from https://www.reddit.com/r/CryptoCurrency/comments/7oxqcn/phishing_alert_watch_out_for_a_binancecom/

https://i.redd.it/2f5hkalrnt801.png


The second one is the fake one as its URL has alpha instead of a.

Do not login from the advertisement of search results, always use bookmark.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
February 20, 2018, 08:26:39 AM
#30
Most surfers don't seem to understand the concept of direct navigation. I've done a lot to try to educate them, as of course it helps to preserve domainname values, but I've not had a lot of success. Google has done a lot of harm by creating the omni-box, and I suspect this is to allow it to fly paid advertising to surfers trying to go directly to a site. It also gives a scammer the chance to harvest the unwary. As long as they can get to a top listing on Google, then they can expect to pick up these surfers.

One good move is to report the site to Google. If enough people do this, then they will de-list it, or popup a warning.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
February 20, 2018, 08:15:18 AM
#29
Difference can be seen clearly as day, assuming one knows where to look or uses safe methods for browsing.

Since very long time firefox shows such spoofed characters in the status bar.
Opera is displaying them by default with their real code on page, Chrome is also secured.
Basically old internet explorer browsers are vulnerable to Homograph attack.

I have done the same with already registered Cyrillic domain, see here, you can try it yourself.


Here is one Cyrillic domain for example >
http://дoмeйни.com/ Save to click, domain seller site.



It gives some room to such attacks due to the fact that you have some similar letters in both Latin and Cyrillic.
newbie
Activity: 11
Merit: 0
February 20, 2018, 08:06:35 AM
#28
i almost didn't notice that is a phishing site.
better not click any links from received emails.
hero member
Activity: 1638
Merit: 756
Bobby Fischer was right
February 20, 2018, 07:53:49 AM
#27
I see the same think when hoovering over the address with my mouse. But the letters are the same when you look at the address the way it is written.
Difference can be seen clearly as day, assuming one knows where to look or uses safe methods for browsing.

Since very long time firefox shows such spoofed characters in the status bar.
Opera is displaying them by default with their real code on page, Chrome is also secured.
Basically old internet explorer browsers are vulnerable to Homograph attack.
jr. member
Activity: 309
Merit: 5
February 20, 2018, 07:53:44 AM
#26
that's why it's good if you tick remember me and never delete history the browser will automatically fill you to the most common site you visit. also to remember to bookmark it
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
February 20, 2018, 07:42:39 AM
#25
After digging a little I found what I was looking for >  IDN homograph attack (link to wikipedia)

Just a short quote from Wikipedia.
Quote
The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack). For example, a regular user of example.com may be lured to click a link where the Latin A is replaced with the Cyrillic A.

This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek O, Latin O, and Cyrillic O were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks.[1]

The registration of homographic domain names is akin to typosquatting, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator relies on natural human typos, while in homograph spoofing the perpetrator intentionally deceives the web surfer with visually indistinguishable names. Indeed, it would be a rare accident for a web user to type, e.g., a Cyrillic letter within an otherwise English word such as "citibank". There are cases in which a registration can be both typosquatting and homograph spoofing; the pairs of l/I, i/j, and 0/O are all both close together on keyboards and bear a certain amount of resemblance to each other.

I learned something new today.
full member
Activity: 294
Merit: 103
February 20, 2018, 07:24:34 AM
#24
www.google.com
and
www.google.com  (save to click, leading to non-existing page)

---snip---

www.binance.com

and
two different variations
www.binance.com   one Cyrillic "a" (save to click, leading to non-existing page)
www.binance.com   one Cyrillic "e"  (save to click, leading to non-existing page)

weird... on my pc they are all easily noticeable
when I mouse over the google one, on the bottom left corner it shows http://www.xn--ggle-55da.com/
and for binance, http://www.xn--binnce-5nf.com/ and http://www.xn--binanc-8of.com/
when I click to open the link, the url as I mentioned above shown on the address bar...
so I won't be fooled by these because the address is so obviously different than the real one
is my defective browser saving me from these possible cyrillic fake url? Cheesy
I see the same think when hoovering over the address with my mouse. But the letters are the same when you look at the address the way it is written.
member
Activity: 210
Merit: 29
February 20, 2018, 07:24:02 AM
#23
Guys another tip around this is to always check who the certificate is made out to. It is quite easy to get a "green lock". Make sure you always click on the "secure" button by the URL and make sure it shows the correct owner before you login anywhere.

I think though as a community we need to push binance  to register  all these fake domains themselves.. literally every possible fake iteration. If they have the domains registered then someone else can use them.

I will kick it off by sending them a ticket, I think its a good idea for us to all do this. It breaks my heart to see people get scammed out of 1000s of dollars or full bitcoins. Newbies getting scammed is not something we need in this space.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
February 20, 2018, 07:21:55 AM
#22
Thats a new threat level that I havent though of yet. Is that possible? Can you really combine different alphabets in the address bar?
I have never seen a Cyrillic address or any other alphabet except latin letters.
Maybe some other users can give us some more info

Here is one Cyrillic domain for example >
http://дoмeйни.com/ Save to click, domain seller site.


weird... on my pc they are all easily noticeable
when I mouse over the google one, on the bottom left corner it shows http://www.xn--ggle-55da.com/
and for binance, http://www.xn--binnce-5nf.com/ and http://www.xn--binanc-8of.com/
when I click to open the link, the url as I mentioned above shown on the address bar...
so I won't be fooled by these because the address is so obviously different than the real one
is my defective browser saving me from these possible cyrillic fake url? Cheesy

Yea I also notice it, but I also tested it with the one I have mentioned above, which is registered already and it shows it correctly. I guess there is something  to do with the DNS and the resolving of the host. I put it in my threat list.

I'll try to find a mixed one domain, I think I've seen one before but not 100% sure. If this is possible it is a quite dangerous.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
February 20, 2018, 07:16:44 AM
#21
www.google.com
and
www.google.com  (save to click, leading to non-existing page)

---snip---

www.binance.com

and
two different variations
www.binance.com   one Cyrillic "a" (save to click, leading to non-existing page)
www.binance.com   one Cyrillic "e"  (save to click, leading to non-existing page)

weird... on my pc they are all easily noticeable
when I mouse over the google one, on the bottom left corner it shows http://www.xn--ggle-55da.com/
and for binance, http://www.xn--binnce-5nf.com/ and http://www.xn--binanc-8of.com/
when I click to open the link, the url as I mentioned above shown on the address bar...
so I won't be fooled by these because the address is so obviously different than the real one
is my defective browser saving me from these possible cyrillic fake url? Cheesy
full member
Activity: 294
Merit: 103
February 20, 2018, 07:01:23 AM
#20
What I'm afraid of is that the domain name can be also written in Cyrillic.
If you mix both Latin and Cyrillic you get something like this :

www.google.com
and
www.google.com  (save to click, leading to non-existing page)

Do you see any difference??

No! You see no difference but the second is written with two Cyrillic o's

There you have no need to change the n to different name, it can really be

www.binance.com

and
two different variations
www.binance.com   one Cyrillic "a" (save to click, leading to non-existing page)
www.binance.com   one Cyrillic "e"  (save to click, leading to non-existing page)

I haven't tried it myself but I could't find any restrictions in mixing different alphabets.

Note. Almost all vocals can be switched in between and many other letters.


Thats a new threat level that I havent though of yet. Is that possible? Can you really combine different alphabets in the address bar?
I have never seen a Cyrillic address or any other alphabet except latin letters.
Maybe some other users can give us some more info
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
February 20, 2018, 06:05:41 AM
#19
What I'm afraid of is that the domain name can be also written in Cyrillic.
If you mix both Latin and Cyrillic you get something like this :

www.google.com
and
www.google.com  (save to click, leading to non-existing page)

Do you see any difference??

No! You see no difference but the second is written with two Cyrillic o's

There you have no need to change the n to different name, it can really be

www.binance.com

and
two different variations
www.binance.com   one Cyrillic "a" (save to click, leading to non-existing page)
www.binance.com   one Cyrillic "e"  (save to click, leading to non-existing page)

I haven't tried it myself but I could't find any restrictions in mixing different alphabets.

Note. Almost all vocals can be switched in between and many other letters.
Pages:
Jump to: