Don't get your Bitcointalk account "phished" (Desktop/Laptop)

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Mpamaegbu on July 19, 2022, 05:24:48 AM

I believe detecting the phishing site thing with hovering of the mouse on a link will work on PCs and desktops, not on phones; at least not on android phones.

Click and hold the link, your phone should display a menu similar to when you right-click on a link on a PC. On the top you will see the link, and among the options, you can copy the address and then paste it in your address bar in a new tab. There, it's easy to check where it goes.

Quote from: nakamura12 on July 21, 2022, 02:30:07 PM

I think pm also support hyperlink so be careful with the links provided in pm.

Yes, you can customize and code a message via PM like any other post on Bitcointalk. Hyperlinks, images, and everything else works just fine.

Wakate

hero member

Activity: 1008

Merit: 525

fillippone - Winner contest Pizza 2022

Hackers now are taking extraordinary steps to get what's they want from their victim especially when they know that the account they are trying to hack is a reputable one with many merits in it. We ourselves need to take extraordinary measure to make sure that we don't fall victim to this kind of attack because they can be tricky most times and we all have to stay safe. Having a wallet address where we can be able to sign message could save us the stress if we eventually falls victim mistaken.

Alisha-k

member

Activity: 840

Merit: 23

If you try highlighting a link and it doesn't appear at the bottom of your browser this a red flag for a possible phishing attack. If it eventually appears do well to read the domain name carefully and observe the color of the link just as OP stated. Sometimes even trusted users can launch an attack on your account. Cross checking every link sent is another way to stay vigilant

Oceat

sr. member

Activity: 2506

Merit: 368

Quote from: Cantsay on July 22, 2022, 10:22:03 AM

The rate at which phishing methods are evolving is so scary, assuming OP wasn't observant who knows what would have been the outcome? There was a video I saw on YouTube on how some phiser changed some few characters on a web link which will result to you going to an entirely different website for example changing the "i" to "I" in bitcointalk to bItcointalk. It would be difficult to note the difference most expecially when you're not conscious of it.

Once you are observant enough I think it's enough to just take some time to check the letters of the site you are going to visit, it won't cost that much but double checking is just enough. Even if you are not computer savvy you still can check them just don't click all the way once you see a link, always be cautious to everything when it comes to internet especially when it's something personal like emails or messages. Always bookmark your top website that you usually visited to avoid any trouble such as finding the link in Google which is not a good idea if you are in a hurry since Google sometimes will give a wrong link.

KingsDen

legendary

Activity: 1092

Merit: 1024

Goodnight, o_e_l_e_o 🌹

Quote from: lovesmayfamilis on July 18, 2022, 02:06:05 PM

To all the suggestions the OP has described, I would suggest completely disabling private messages from newbies.
In addition, having received a PM from other people unknown to you, you can always wonder why he writes this. I like to immediately view the latest posts that were written by the sender. You can often tell a lot from them. Whether this user was recently active and what he is actually interested in on the forum.

I recieve bunch of messages from newbies but I hardly reply, I would instead look at the username if it's family and open the message. Otherwise I will read and likely not reply if it's not relevant. Meanwhile, I don't offer services for now, I don't think I could have an important message from a random user. I am not also here for hook up. Even in social media, I don't like chatting and I hate it when chat persist. It should be able to start and end within few minutes.

Cantsay

hero member

Activity: 700

Merit: 541

Bitcoin Casino Est. 2013

The rate at which phishing methods are evolving is so scary, assuming OP wasn't observant who knows what would have been the outcome? There was a video I saw on YouTube on how some phiser changed some few characters on a web link which will result to you going to an entirely different website for example changing the "i" to "I" in bitcointalk to bItcointalk. It would be difficult to note the difference most expecially when you're not conscious of it.

xSkylarx

hero member

Activity: 2352

Merit: 594

Quote from: PowerGlove on July 18, 2022, 06:30:32 AM

Anything else I should know?

Phishing attempts are not just in the form of url links. Some can be a form of email message saying that your account like for example bank account is being locked and needs you to verify your information to avoid it. Banks will never ask for your private information via email, if you think it's legit then it would be better to go to their physical branch near your place.

Enabling multiple layer of security like 2fa will also help your account to be more secure. If you accidently click on a phishing link, the hacker can't easily access your account as it needs a verification from your device or email first.

Smartvirus

legendary

Activity: 1414

Merit: 1108

This stresses the importance of staked addresses and signed message as, it makes your account recoverable no matter the circumstances. This would infact make all the efforts of the hacker useless in a successful hack attempt on an active user. It calls for you to be very active on theforum too as it would be followed by a quick response before the damage would be done, possibly getting loans of your reputable account.

Also something to note by those offering loan services:
* That users might have taken and repaid loans isn't a complete free pass as, its best you always reference bpip.org to see if there have been some recent changes on mail address and password.

Phisging don't come by unsolicited PM's alone. Some of us puts ourselves directly in the way by trying to work what is presented in someone else's phishibg attempt report and for others, trying to beautiful your keyboard by downloading just any keyboard online could put you on that part. When you've got no previous issue, don't be in a haste in responding to whatevrr comes your way, even from a reputable account and your device could be just good with the default keyboard.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

The lesson here is to be careful when clicking link. When you are browsing using desktop and hover the cursor to the link will show the link if it is a hyperlink. I think pm also support hyperlink so be careful with the links provided in pm. When using smartphones then you have to tap and hold the link until there is a pop up that will show the link that is hidden in a hyperlink if what that person send you is a hyperlink just like this one http://google.com which you can see it's Bitcointalk but when open the link is that it will redirect you to google.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Quote from: PowerGlove on July 21, 2022, 09:44:51 AM

Quote from: Findingnemo on July 21, 2022, 05:21:07 AM

I don't understand why you mentioned the desktop in the title

Read the thread and you'll see why I changed the title. I don't mess with mobile and so don't feel comfortable giving advice about it.

I read the OP and also the replies that is why I asked why we need the desktop is in place, anyway if you never use bitcointalk on mobile then I can't comment on it. But as a regular user I used to logged in my bitcointalk account on both my notebook and also smartphone, most of the time I use smartphone to read the threads all around the forum because where I feel more comfortable than looking at big screen for longer time.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: Mpamaegbu on July 19, 2022, 05:24:48 AM

Quote from: PowerGlove on July 18, 2022, 06:30:32 AM

For example, here is a real phishing attempt:

Notice how the link is blue when it should be green (because it's an internal link and I'm hovering over it). Also, notice the weird underlining that stops short of extending all the way to the left.

I believe detecting the phishing site thing with hovering of the mouse on a link will work on PCs and desktops, not on phones; at least not on android phones. I noticed the URL. The criminal went a step further by insuring there's an "s" to the URL now. Criminals are always trying to beat the noose tightening in on them.

Why it wouldn't work on smartphones? Which one are you using? It's an old version of Android and Chrome? You should try to upgrade it to a newer version or to change your mobile phone because if you press a link during one or two seconds within Chrome and a rather modern phone the link should change its color in green if it's an internal bitcointalk link like on computers.

PowerGlove

hero member

Activity: 510

Merit: 4005

Quote from: Findingnemo on July 21, 2022, 05:21:07 AM

I don't understand why you mentioned the desktop in the title

Read the thread and you'll see why I changed the title. I don't mess with mobile and so don't feel comfortable giving advice about it.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

I don't understand why you mentioned the desktop in the title because its same for mobile users as well but as mentioned above if the site ask you to enter username and password while you're already logged into the site on same browser then its s wakeup call. People who apply the same phishing/hacking methods to steal social media accounts are step ahead of this technique because they made us to beleive the tab is opening on default browser so we have to enter login credentials to see the content of the link.

Just report the person using report to admin button then surely the person who send the pm will be banned either temporarily or permanently.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: PowerGlove on July 18, 2022, 06:30:32 AM

Typically, it works by misleading you into clicking on a link that takes you to a login page that looks legitimate, but isn't. If you type your password into such a page

If all else fails, and you end up on a phishing site, it's going to ask you for your password. This is the last line of defense: don't enter it! Even better if you don't even know your password: I use a password manager, and need to look it up to login. But normally, I don't need to do that, because my browser takes care of it for me. If my browser doesn't pre-fill the password for me, that's a dead giveaway I'm on a different site.

Zilon

sr. member

Activity: 966

Merit: 421

Bitcoindata.science

More complex phishing attacks can be hard to detect. One can also look up any link sent to them either by newbies or unknown users using search engines to ensure the are legit because links turning green is only an indication it has contents. As time keep advancing Phishing attacks now look some how close to it's original links. So generally search engines either on the proposed site or using a completely different browser that has no information linked to you can also be another advantage...

Maus0728

legendary

Activity: 1904

Merit: 1563

Bitcoin Casino Est. 2013

Speaking of "Phishing", why don't you try these quizzes complied by @dkbit98
- https://bitcointalksearch.org/topic/learn-phishing-quizzes-beginners-experts-5178375

I'd bet you'll enjoy learning by answering those questions -- it's fun!

PowerGlove

hero member

Activity: 510

Merit: 4005

Quote from: BitMaxz on July 18, 2022, 07:57:56 PM

Also, avoid clicking websites there is a well-known phishing attack before the URL is actually the same as the real one like Punny code domains.
Read more about this here https://bitcointalksearch.org/topic/punycode-and-how-to-protect-yourself-from-spoofed-urls-and-fake-websites-5184169

@BitMaxz: Thanks for suggesting that topic, I've added a link to it in the OP.

PowerGlove

hero member

Activity: 510

Merit: 4005

Quote from: lovesmayfamilis on July 18, 2022, 02:06:05 PM

In addition, having received a PM from other people unknown to you, you can always wonder why he writes this. I like to immediately view the latest posts that were written by the sender. You can often tell a lot from them. Whether this user was recently active and what he is actually interested in on the forum.

@lovesmayfamilis: That's actually how I noticed something was off. The account that sent me the PM had been inactive for a long time. I've added something about that to the OP, thanks!

Quote from: Upgrade00 on July 18, 2022, 04:22:24 PM

You can go one further by avoiding all unsolicited links. This include links sent in emails, messages on social platforms or PM on the forum. There is a high chance that anyone sending you a link which was not requested for, is a scammer, or best case scenario a spammer; You lose nothing by ignoring.

@Upgrade00: That's very true, I've added something to that effect to the OP, thanks!

Quote from: Mpamaegbu on July 19, 2022, 05:24:48 AM

I believe detecting the phishing site thing with hovering of the mouse on a link will work on PCs and desktops, not on phones; at least not on android phones.

@Mpamaegbu: You're right, I've changed the title to reflect that, thanks!

Upgrade00

legendary

Activity: 2030

Merit: 2174

Professional Community manager

Quote from: Rruchi man on July 19, 2022, 09:19:13 AM

That's true. If you do not trust the message, as you should if an unsolicited links in involved, then request a signed message from an address posted previously on the forum.

Rruchi man

legendary

Activity: 1330

Merit: 1089

Bitcoin Casino Est. 2013

Quote from: Upgrade00 on July 18, 2022, 04:22:24 PM

Quote from: PowerGlove on July 18, 2022, 06:30:32 AM

What can I do about it?

Don't click on links before verifying that they're safe.

You can go one further by avoiding all unsolicited links. This include links sent in emails, messages on social platforms or PM on the forum. There is a high chance that anyone sending you a link which was not requested for, is a scammer, or best case scenario a spammer; You lose nothing by ignoring.

It is also noteworthy to add that even though these links may appear to be from the account of a trusted members of this forum they should also be ignored because you do not know and cannot confirm the state of their account which may at the time be compromised. Your safety is a personal responsibility you hold to yourself, don't take it for granted.

Topic: Don't get your Bitcointalk account "phished" (Desktop/Laptop) (Read 400 times)