Pages:
Author

Topic: Host-file to deal with phishing sites - page 2. (Read 661 times)

legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
August 23, 2019, 11:55:18 AM
#7
The most tricky phising website i've heard was this one. Looks like Binance.com but there are no "n". This is strange n with dot at the bottom.


source

How to deal with such a phishing adress? Those dots are almost unnoticable.

Very good that you shared this.

I had to look for quite some time on the URL to spot the difference and to be honest I wasn't able to.

I saw these two dots after I read about them. I am so happy that I have Binance platform installed
legendary
Activity: 2212
Merit: 7064
August 23, 2019, 08:38:26 AM
#6
It is also a good thing to have Metamask and Malwarebytes extensions installed in your browser to protect from some phishing websites,
but scammers always create new websites and there is no 100% protection against this.

Few more websites to report phishing websites:

https://submit.symantec.com/antifraud/phish.cgi
https://www.comodo.com/home/internet-security/submit.php?url=http://sebiltv.com.tr/index/index.php?topic=5088858.0&&submissionType=1&source=1
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
August 23, 2019, 05:31:55 AM
#5
- Never create accounts on newborn, strange sites/ forums if you do not make your own research about those sites.

And do not use the same or similar email and password when opening different accounts on different websites even after making your research, sites could be hacked and you would not want your entire online activity compromised. If possible have records of all your log in details on different accounts, especially if you're into cryptocurrency and could be using different exchanges at the same time.

Also, Have you most frequently visited sites bookmarked.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
August 23, 2019, 05:21:58 AM
#4
Allow me to quote myself, this is what started it:
I totally fell for the cloned site, until I realized I couldn't see your trust ratings.
I have added this line to /etc/hosts
Code:
127.0.0.1       bitcointalk.to
Now my computer can't access that phishing site anymore.

And this is my addition to this topic:
Someone who has time should maintain a list of these phishing sites, and we can encourage all new users to update their hosts file.
Someone already did that: https://github.com/StevenBlack/hosts (scroll down a bit to see many different categories hosts files). The one mentioned above isn't on it though, so I've added it by myself.



For historical purposes:
^ ^  Another post I wish I could simply +1 or "Like"

Please Theymos.....    Grin
Just 3 days later, theymos introduced the Merit system Cheesy
legendary
Activity: 2758
Merit: 6830
August 23, 2019, 05:11:39 AM
#3
How to deal with such a phishing adress? Looks like Binance.com but there are no "n". This is strange n with dot at the bottom.

https://talkimg.com/images/2023/05/14/blob144861912955fd76.png
source
Enable the punycode “detection” on your browser.

https://winaero.com/blog/enable-idn-punycode-firefox-address-bar/

It will go from this:



To this:

legendary
Activity: 2156
Merit: 1622
August 23, 2019, 05:08:53 AM
#2
The most tricky phising website i've heard was this one. Looks like Binance.com but there are no "n". This is strange n with dot at the bottom.


source

How to deal with such a phishing adress? Those dots are almost unnoticable.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 23, 2019, 05:01:00 AM
#1
Phishing sites are one of the worst things, the you never want to be trapped, because you will lose your identities and money too in case you use same emails and same passwords over different platforms, includes phishing sites.

Rules to fight against phishing sites:
- Never click on links in emails or any groups sent by strangers.
- Never create accounts on newborn, strange sites/ forums if you do not make your own research about those sites.
- For already known phishing sites, there are steps to add them into host-files to avoid probability that your browsers will open those sites, by you, your wife/husband, children, whoever.
BTW, I appreciated the post of o_e_l_e_o.
Another one to be added to your hosts files then.

On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the host file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"

Add the following two lines to the bottom of the hosts file:
Code:
0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com

Your browser will now be unable to open those two phishing sites.

Read more: https://support.rackspace.com/how-to/modify-your-hosts-file/


So, what is new in this thread?
Steps to add phishing sites, and turn them off are above, what we need is list of phishing site.

So, if you know any phishing sites, please leave them here, I will add them to the list. I hope that we all will make a long list of phishing sites.

Code:
0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com
0.0.0.0 thebitcointalk.net
0.0.0.0 fonstavka.com
0.0.0.0 lawcommonentrance.com
0.0.0.0 electrum.org.uk
0.0.0.0 electrumclient.org
0.0.0.0 downloadelectrum.org
0.0.0.0 electrumsite.com
0.0.0.0 electrumweb.net
0.0.0.0 electrumupdate.com
0.0.0.0 electrumproject.org
0.0.0.0 mercatox.org
0.0.0.0 bitplace.org
0.0.0.0 coinpalace.org
0.0.0.0 exmo.space
0.0.0.0 poficrypt.com
0.0.0.0 coinsweet.org
0.0.0.0 cryptexcurrency.com
0.0.0.0 crypton-bnb.com
0.0.0.0 cryptexplatform.com
0.0.0.0 crypto-trader24.com
0.0.0.0 24xfast.com
0.0.0.0 24xtransfer.com
0.0.0.0 24xtrade.com
0.0.0.0 24burntrade.com
0.0.0.0 bitusual.com
0.0.0.0 24fastcoin.com
0.0.0.0 social-info.ru
0.0.0.0 margo-event.com
0.0.0.0 www.social-analysis.ru
0.0.0.0 24spacetrade.com
0.0.0.0 24xholding.com
0.0.0.0 ancebit.com
0.0.0.0 24xcointrade.com
0.0.0.0 24bestchanger.com
0.0.0.0 24xhold.com
0.0.0.0 cryptextrade.com
0.0.0.0 tradexblue.com
0.0.0.0 bitmate24.com
0.0.0.0 poficrypt.com
0.0.0.0 evrostyle.net
0.0.0.0 24excoin.com
0.0.0.0 fastchange24.com
0.0.0.0 cryptonplatform.io
0.0.0.0 best-xtrades.com
0.0.0.0 tradexmate.com
0.0.0.0 fixtradecorp.com
0.0.0.0 bitbeaxy.com
0.0.0.0 24bitstamp.com
0.0.0.0 mercatox.org
0.0.0.0 crypto-change24.com
0.0.0.0 bitspace24.com
0.0.0.0 bitbns.org
0.0.0.0 24coindesk.com
0.0.0.0 coinsbank.store
0.0.0.0 xcryptoplatform.com
0.0.0.0 bitshumb.com
0.0.0.0 https://brave-browser.info
0.0.0.0 https://bitblender.eu/
0.0.0.0 https://bounty-brave.info/
0.0.0.0 https://litecoln.org/
0.0.0.0 https://biockcheln.info/
0.0.0.0 http://iocaibitcoins.com/
0.0.0.0 https://iocaibitcoins.com/
0.0.0.0 https://lolibitcoins.net/
0.0.0.0 http://privatemgrgg.pw/vcruntime140.dll
0.0.0.0 https://localbicolns.org/
0.0.0.0 http://localbicolns.org/
0.0.0.0 http://mgsocl.su/api/check.get
0.0.0.0 http://mgsocl.su/api/gate.get
0.0.0.0 http://dress-x.ru/freebl3.dll
0.0.0.0 https://brave-drop.info
0.0.0.0 https://electrum.cash/#home
0.0.0.0 smatmixer.io
Someone did it, but you still can contribute to my list.
SteveBlack's hosts
Report phishing site through the page

Disable punny coded phishing sites

Source: https://winaero.com/blog/enable-idn-punycode-firefox-address-bar/
What is punny code?
Punycode is a special encoding used to convert Unicode characters to ASCII, which is a smaller, more restricted character set than Unicode. Punycode is used to encode internationalized domain names (IDNs) as a defense against address spoofing. Firefox allows enabling IDN punycode instead of non-Latin letters and Unicode symbols. This can be very useful, as you can find out if the currently opened web page is a phishing site or just a non-official mirror of some web site which you would like to avoid.
Ex: A phishing site of Binance that use punny code


At first glance, the addresses look very similar. Some users may not pay attention to the small dots below the "n" letter, which are there because it is a unicode symbol 'n with a dot below it' (U+1E47). This way, phishing web sites may trick you and make you believe that you are visiting the official genuine site.

For advanced protection, you can enable IDN Punycode protection in Firefox. With the option enabled, the address becomes like this:

Obviously, it doesn't look like the right web address any more.

If you find this feature useful and would like to enable it, here is how.

To enable IDN Punycode in Firefox Address Bar, do the following.
Read more here


Punnycode attacks

1. Be cautious if the site presses you to do something quickly. This is a classic strategy by hackers to rush their potential victims so that they are less likely to notice anything suspicious. Often they will offer a ‘limited time only’ deal, and make it difficult to exit the page with ‘are you sure you want to exit’ pop ups: these are all tactics to make you stay on their site longer and give them your details.
2. If you are being offered a deal, go to the original company site and check if it’s available there as well, if not it’s mostly likely a scam doing it’s best to mimic the established brand and trick visitors into handing over their details.
3. If some of the letters in the address bar look weird, or the website design looks different, rewrite it or visit the original company URL in a new tab to compare. The letters in the address bar looking strange is a key indicator that punycode is being used to trick you into thinking you are visiting a well-established brand site when in fact you are being taken to a malicious site.
4. Use a password manager; this reduces the risk of pasting passwords into dodgy sites.
5. Force your browser to display Punycode names, this option is available in Firefox.
6. Click on the padlock to view and inspect the HTTPS certificate.

IDN homograph attack

Should-read threads:
What to do to avoid phishing sites
[LEARN] Phishing Quizzes - Beginners & Experts
Pages:
Jump to: