Topic: Don't get your Bitcointalk account "phished" (Desktop/Laptop) - page 2. (Read 430 times)

I believe detecting the phishing site thing with hovering of the mouse on a link will work on PCs and desktops, not on phones; at least not on android phones. I noticed the URL. The criminal went a step further by insuring there's an "s" to the URL now. Criminals are always trying to beat the noose tightening in on them.

Those who've neglected doing this wallet address staking thing are really not doing themselves any good at all. Users should stake their address and make sure to keep the passphrase to that wallet secured even if they aren't still using that wallet or have deleted it for want of space. With the passphrase they can restore and sign from it.

Also, avoid clicking websites there is a well-known phishing attack before the URL is actually the same as the real one like Punny code domains.
Read more about this here https://bitcointalksearch.org/topic/punycode-and-how-to-protect-yourself-from-spoofed-urls-and-fake-websites-5184169

Spoofed URL is another technique that the URL or link looks the same but if you actually check the character one by one the one is different. Always check the URL and better always bookmark the legit one to avoid future phishing attacks.

You can go one further by avoiding all unsolicited links. This include links sent in emails, messages on social platforms or PM on the forum. There is a high chance that anyone sending you a link which was not requested for, is a scammer, or best case scenario a spammer; You lose nothing by ignoring.

To all the suggestions the OP has described, I would suggest completely disabling private messages from newbies.
In addition, having received a PM from other people unknown to you, you can always wonder why he writes this. I like to immediately view the latest posts that were written by the sender. You can often tell a lot from them. Whether this user was recently active and what he is actually interested in on the forum.

I can understand your effort about that to give a warning to Users about phishing links and that they always should check a Link few times before they click on it.
But i guess the most here in the Meta board already know that with the Links and phishing things and that there are a few Fake Bitcointalk Pishing Websites.
So if you want to get more attention and warning for this case you should be moving this topic to the beginners board as there are some Users maybe that dont know about it.
You can move the topic by yourself , in the bottom left corner you can click " Move Topic "

Since I recently received a phishing PM, I thought I'd condense what I learned from other members into a very simple guide.

What is phishing?

Phishing is any kind of attempt to trick you into doing something that you believe is safe, when in fact, it isn't. In the context of keeping your Bitcointalk account safe, phishing is when someone tries to trick you into revealing your password to them.

How does phishing work?

Typically, it works by misleading you into clicking on a link that takes you to a login page that looks legitimate, but isn't. If you type your password into such a page, expect your account to be "hacked". If you realize your mistake in time and act quickly you may be able to reset your password before any damage is done.

What can I do about it?

If you receive a PM from a new/unknown member, be extra careful. Check their posting history first to gauge what kind of user they are.

As a rule, you should never click on unsolicited links. Instead of trying to decide whether a link is safe or not you can avoid any risk by simply ignoring it.

If you can't ignore it, then make sure to examine it closely. Bitcointalk has a feature that makes internal links (to boards, posts, etc.) have a green hover color. If the color of the link changes to green when you hover over it, then it's probably safe. Try hovering on this link to see if it turns green.

The other type of link is an external one (pointing to elsewhere on the Internet, not Bitcointalk) which won't turn green when you hover over it. You can check if this type of link is safe by hovering over it and then looking at the lower-left corner of your browser to make sure that you know where the link will take you. Try hovering on this link to see if you can tell where you'll be taken.

Don't expect a proper phishing link to be easy to spot, however, because there are various techniques (involving BBCode and Unicode) that can make a bad link look like a more-or-less normal URL, so always make sure to carefully inspect the link before clicking it.

This topic, about so-called "homograph" phishing attacks, is well worth reading.

What does a real phishing attempt look like?

Like this:



Notice how the link is blue when it should be green (because it's an internal link and I'm hovering over it). Also, notice the weird underlining that stops short of extending all the way to the left.

Anything else I should know?

It's a good precaution to learn how to sign messages and then "stake" your bitcoin address here.

That way, if your account gets hacked, you'll be able to prove that you are the rightful owner and reset the credentials.