Topic: !Be careful when logging in! (Read 1016 times)

Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

2FA is very important.
additionally what i do is that i always bookmark these important websites and i open them through my bookmarks instead of clicking any links.
also a quick way to notice a fake site for me has always been based on their "zoom"! usually browsers remember the zoom level that you used on the websites. for example (if you haven't already) zoom in while seeing this topic then visit one of bitcointalk mirror/fake websites such as this one:
fake link: https://bitcointalksearch.org/topic/be-careful-when-logging-in-2981675
now you can clearly see it is a different website you are visiting based on its zoom alone.

https://i.imgur.com/Qf3nKiI.jpg


Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

I've never seen something like that before!! Thanks for sharing.
Just one question: what is the link source? How do you get it? Where did you see that?
This is an extraordinary strong attempt os pishing, and this website should be reported immediately, so, if you can, copy here the address in order to other users can check out what's going on there.

Again, thanks for sharing this.

https://i.imgur.com/Qf3nKiI.jpg


Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

I've never seen something like that before!! Thanks for sharing.
Just one question: what is the link source? How do you get it? Where did you see that?
This is an extraordinary strong attempt os pishing, and this website should be reported immediately, so, if you can, copy here the address in order to other users can check out what's going on there.

Again, thanks for sharing this.

It is going to be difficult for you to become a member if you post that kind of questions in the wrong place. One advise: read, learn, be patient. And make your comments where they belong.

Wrong place to post.It's off topic here. Better check the Meta section.
Guidance:  
Read this: https://bitcointalksearch.org/topic/comprehensive-guide-to-bitcointalk-newbie-friendly-calculator-and-infographic-2534500
And this : https://bitcointalksearch.org/topic/merit-new-rank-requirements-2818350

Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

The whole btc ecosystem is vulnerable to be hacked by hackers what do you say about that?

https://i.imgur.com/Qf3nKiI.jpg


Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

When using the 2FA, as good authenticatior, send the code just before it expires, so no-one can intercept and abuse it in such short time.

2FA is very important indeed. Use it and you will be safe. As we already saw, this is not 100% safe, but it's much safer comparing with no 2FA. Good luck

The person that posted the picture with the 2 binance links... is the first one legit or not?  Because when you google binance, you see that one with the ad and of course below that, there is the real binance site.  The first link i was told if you click on it, it has binance site but it has a referral id etc.  So is the first one real or not?

Shouldn't the browsers change those extra Unicode symbols to ASCII ones? For example, like with russian domains they change to xn---yatta-yatta-yatta and you can see that?

How I can become a member??
I don't know how to recieve merit.

How I can become a member??
I don't know how to recieve merit.

https://i.imgur.com/Qf3nKiI.jpg


Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.

Thats a new threat level that I havent though of yet. Is that possible? Can you really combine different alphabets in the address bar?
I have never seen a Cyrillic address or any other alphabet except latin letters.
Maybe some other users can give us some more info

URL spoofing is a very, very serious problem. The fact that you can even use other non-latin alphabets such as Cyrillic in URLs, results in ultra-sophisticated scam scenarios that are almost impossible to detect. quote: "It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘apple.com’. It may not be obvious at first glance, but ‘apple.com’ uses the Cyrillic ‘a’ (U+0430) rather than the ASCII “a” (U+0041)". The technical term for this is Homographic attacks.

Although most major browsers have a way of warning users, it only works if the URL uses a mixture of alphabets.

FYI there is a way to shield yourself somewhat from these attacks.

Chrome: https://chrome.google.com/webstore/detail/punycode-alert/djghjigfghekidjibckjmhbhhjeomlda

Firefox: Go to about:config and search for punycode, set network.IDN_show_punycode to true

You can use for example this link to check if you are protected: http://www.umeå.se/

On Firefox the address bar will display the punycode, and on Chrome with the plugin it will show an alert on the bottom right corner.
These are what I use, if someone else uses another browser and know other tips, share them!

Difference can be seen clearly as day, assuming one knows where to look or uses safe methods for browsing.

Since very long time firefox shows such spoofed characters in the status bar.
Opera is displaying them by default with their real code on page, Chrome is also secured.
Basically old internet explorer browsers are vulnerable to Homograph attack.

Here is one Cyrillic domain for example >
http://дoмeйни.com/ Save to click, domain seller site.

I see the same think when hoovering over the address with my mouse. But the letters are the same when you look at the address the way it is written.

The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack). For example, a regular user of example.com may be lured to click a link where the Latin A is replaced with the Cyrillic A.

This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek O, Latin O, and Cyrillic O were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks.[1]

The registration of homographic domain names is akin to typosquatting, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator relies on natural human typos, while in homograph spoofing the perpetrator intentionally deceives the web surfer with visually indistinguishable names. Indeed, it would be a rare accident for a web user to type, e.g., a Cyrillic letter within an otherwise English word such as "citibank". There are cases in which a registration can be both typosquatting and homograph spoofing; the pairs of l/I, i/j, and 0/O are all both close together on keyboards and bear a certain amount of resemblance to each other.

weird... on my pc they are all easily noticeable
when I mouse over the google one, on the bottom left corner it shows http://www.xn--ggle-55da.com/
and for binance, http://www.xn--binnce-5nf.com/ and http://www.xn--binanc-8of.com/
when I click to open the link, the url as I mentioned above shown on the address bar...
so I won't be fooled by these because the address is so obviously different than the real one
is my defective browser saving me from these possible cyrillic fake url?

Thats a new threat level that I havent though of yet. Is that possible? Can you really combine different alphabets in the address bar?
I have never seen a Cyrillic address or any other alphabet except latin letters.
Maybe some other users can give us some more info

weird... on my pc they are all easily noticeable
when I mouse over the google one, on the bottom left corner it shows http://www.xn--ggle-55da.com/
and for binance, http://www.xn--binnce-5nf.com/ and http://www.xn--binanc-8of.com/
when I click to open the link, the url as I mentioned above shown on the address bar...
so I won't be fooled by these because the address is so obviously different than the real one
is my defective browser saving me from these possible cyrillic fake url?

www.google.com
and
www.google.com  (save to click, leading to non-existing page)

---snip---

www.binance.com

and
two different variations
www.binance.com   one Cyrillic "a" (save to click, leading to non-existing page)
www.binance.com   one Cyrillic "e"  (save to click, leading to non-existing page)

What I'm afraid of is that the domain name can be also written in Cyrillic.
If you mix both Latin and Cyrillic you get something like this :

www.google.com
and
www.google.com  (save to click, leading to non-existing page)

Do you see any difference??

No! You see no difference but the second is written with two Cyrillic o's

There you have no need to change the n to different name, it can really be

www.binance.com

and
two different variations
www.binance.com   one Cyrillic "a" (save to click, leading to non-existing page)
www.binance.com   one Cyrillic "e"  (save to click, leading to non-existing page)

I haven't tried it myself but I could't find any restrictions in mixing different alphabets.

Note. Almost all vocals can be switched in between and many other letters.

Though it's a nice concept but saving passwords in browser is not safe either. Someone having access to your system can easily find the password or hackers can steal it too.
Better to use 2FA for added security.

Tip to avoid getting scamed:

Use a password manager, or just save passwords in your browser.

This way you never type your password again. If you are requested for it, that's not the website you are looking for.

And always have 2 factor authentication activated.

Could any one please clarify what those '...' under Ns mean? How does that represent a risk?

https://i.imgur.com/Qf3nKiI.jpg


Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Stay Safe

Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n

That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.

If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.

Thank you very much for the alert. But I think that is not fake website, i have never seen a fake website with Https:// (Secure) Written. Maybe that dot (.) on your computer/Laptop 's home screen. I am not sure though. Btw thanks again.

That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.