How to avoid geting phished | Bitcointalksearch.org

examplens

legendary

Activity: 3542

Merit: 3625

Crypto Swap Exchange

Quote from: ovcijisir on January 07, 2025, 08:41:03 AM

I'd like to add a thought how new AI technologies like ChatGPT, Microsoft Copilot, Grok and other AI assistants make attackers job easier. By using AI assistants in combination with victims publicly available information (such as social network posts, government public records, etc.) attackers can create vast number of personalized phishing e-mails targeting large number of victims. Personalized phishing mail can greatly enlarge chances that victim will get phished. With new technologies available it will be harder and harder to differentiate legitimate e-mail from phishing e-mail.

Also with those tools, the grammatical errors, that were telltale sign of most phishing e-mails is minimazed, and that makes those mails even harder to tell apart from legit e-mails.

As technology advances we must become more and more vigilant to minimise the risks of falling victim to various scams like this one.

AI tools have made it easier for scammers to compose a more believable phishing email, but even such can be easily recognized because most AI tools have a similar writing system. Usually, a neutral introduction, then followed by a list of possibilities and at the end the mandatory conclusion.
They can also be used as a tool to recognize AI-generated emails.

ovcijisir

sr. member

Activity: 1491

Merit: 320

🐪

I'd like to add a thought how new AI technologies like ChatGPT, Microsoft Copilot, Grok and other AI assistants make attackers job easier. By using AI assistants in combination with victims publicly available information (such as social network posts, government public records, etc.) attackers can create vast number of personalized phishing e-mails targeting large number of victims. Personalized phishing mail can greatly enlarge chances that victim will get phished. With new technologies available it will be harder and harder to differentiate legitimate e-mail from phishing e-mail.

Also with those tools, the grammatical errors, that were telltale sign of most phishing e-mails is minimazed, and that makes those mails even harder to tell apart from legit e-mails.

As technology advances we must become more and more vigilant to minimise the risks of falling victim to various scams like this one.

ndutndut

full member

Activity: 644

Merit: 202

Quote from: bitbollo on December 22, 2024, 11:32:58 AM

you receive any email... you can just avoid to click in any link.
it is really easy. never (even if the sender doesn't look suspicious) click on any link or complete a login.
Just go on that service and login or verify by yourself if you received trusted information.
of course use good judgement with many emails for various services and EVERYTIME a new password.

From the past to the present, cases of hacking, phishing, and fraud have indeed become increasingly rampant. Various modes are used to make potential victims believe, which generally use various baits to deceive. This method of fraud by luring victims is known as phishing. The bait used can be in the form of a prize offer via a website, social media, or even email as you said. So it is very true, before clicking on something, especially in an email, you should verify it first. In other words, recognize the phishing mode so that you are not easily a victim of fraud on the internet.

Talking about passwords or wanting to create a new password. Try not to use a password that uses birth date numbers, this Don't get used to using something that is easy to guess. because the point is that it makes us easy to hack. One more addition, it is better to use the device's default keyboard. Because the keyboard that comes from any source aims to collect any data that we have typed, be it our chat, our login data, and don't just give access if it is not needed.

albon

legendary

Activity: 1932

Merit: 1549

Quote from: ovcijisir on December 20, 2024, 06:58:48 PM

so the best way to know you are visiting legitimate website is to use bookmarks or writing address manually!

This is actually the best solution. Those who blindly rely on email messages and the links within them may come across phishing links and could be deceived by a message they receive, rushing to view its content, which might be written in a way that mimics other officiall messages.

Even if someone has good experience, they will be able to recognize that they are dealing with a phishing link rather than the official domain link. Some browser extensions can easily detect these phishing links, so I don't think they can pose a threat in today's time with increasing awareness. Also, with verification, conducting research, and using cold storage, phishing attacks will not significantly impact.

CryptSafe

sr. member

Activity: 728

Merit: 421

Quote from: tbct_mt2 on December 30, 2024, 11:04:05 AM

Quote from: CryptSafe on December 30, 2024, 07:00:01 AM

You are correct here, those emails sent to people are mostly phishing emails used to steal details from people unknown to them. They send person a mail that they have won a prize and I wonder if the recipient do think before opening such mails of truly they took part in such events if not for their greed and this has been a major problem to why accounts are being hacked.

If they are greed, they will be more sensitive with free gifts and scam offers. If scammers don't send too good offers, they will not find victims successfully. People want free gifts, free lunches are most vulnerable victims of scammers. When they receive such scam offers, their brains freeze and no longer are able to differentiate between scam and solid offers.

If they are careful, not greed, they can easily identify scam offers, then ignore such offers. Hence, no chance for scammers to succeed.

You are right, I was thinking about this and it somehow looks funny. You receive an email for a contest you never participated claiming you won the contest, you could recall you never applied for any draw or contest of any kind yet you received a mail congratulating you for what you have no idea about, if not for greed, what else would stop one from immediately doing a research for finding more about the said ported win claims they got because the research alone would direct them to know if it is real or fake.

Scammers know this and are using it as bait to get at their victims who too are greedy in their own ways because sometimes it is mostly greedy people who fall for such scams and get hacked in most cases. Otherwise, what stops them from doing their personal research if they receive such congratulatory messages on wins they never applied for or took part in the contest?

Faisal2202

hero member

Activity: 1428

Merit: 513

Payment Gateway Allows Recurring Payments

Quote from: ovcijisir on December 20, 2024, 06:58:48 PM

1. INTRODUCTION

I noticed increase of phishing attacks in last few months, probably because of bull run, so I decided to write this short manual mostly for new unexperienced users so they learn:

what to expect,
how to recognize,
how to react to phishing e-mail.

Your post is really helpful and very simple too, although these steps are too easy to follow but still many newbies in the crypto space don't even know how to see the email sender details you really look into this matter as I also agree knowledge of this minor level was necassary. Overall I liked your post but I think we should not only check the first and the last four ot three words instead we must double check the whole address because there have been many attacks of address poisoning in which somehow spammers creates a wallet address with the same initials and the last words and victim thinks of the address as of their.

Another way to use the clipboard virus to replace your address with theirs and we can end up sending money to them so always double check the whole address. Maybe some other member have given you this advice already I did not checked so hope you won't mind me saying this. Keep it up

Mia Chloe

hero member

Activity: 448

Merit: 560

Mia's Creative

Quote from: NeuroticFish on December 21, 2024, 01:36:32 PM

While I do like your tutorial and you touch pretty good the most important points, I feel that it's missing something:
1. Don't keep in hot wallets and online accounts more money than you afford to lose.
2. Keep the coins that matter in such a way that even if a hacker gets into your computer or your online accounts, you'll still not lose much (i.e. keep as much as possible offline: cold storage, hardware wallet...)
That's because:
* mistakes do happen
* your computer or phone may not be as safe as you think

Yeah that's actually true. The internet is pretty much an anchor for almost 80% of the vulnerabilities that you would come across and that simply means that you need to be more conscious about it. However the fact is sometimes it's difficult to keep you funds off the internet especially if your job or business requires you to constantly spend from your coins.

Some people may say you can keep a huge percentage of the funds offline and gradually move it to your hot wallet but the thing is visiting your cold wallet too often also puts it at risk too and just like you said we can be careless sometimes and make costly mistakes that seemed normal at first. The basic idea is actually just to be more careful and knowledgeable and become less of a target by hackers and scammers.

tbct_mt2

hero member

Activity: 2366

Merit: 838

Quote from: CryptSafe on December 30, 2024, 07:00:01 AM

You are correct here, those emails sent to people are mostly phishing emails used to steal details from people unknown to them. They send person a mail that they have won a prize and I wonder if the recipient do think before opening such mails of truly they took part in such events if not for their greed and this has been a major problem to why accounts are being hacked.

If they are greed, they will be more sensitive with free gifts and scam offers. If scammers don't send too good offers, they will not find victims successfully. People want free gifts, free lunches are most vulnerable victims of scammers. When they receive such scam offers, their brains freeze and no longer are able to differentiate between scam and solid offers.

If they are careful, not greed, they can easily identify scam offers, then ignore such offers. Hence, no chance for scammers to succeed.

CryptSafe

sr. member

Activity: 728

Merit: 421

Quote from: Woodie on December 27, 2024, 01:15:16 PM

I think things we might overlook is phishing emails claiming you won something when in the first place you haven't signed up for any competitions, games etc, thats automatically a red flag for me!

Secondly, Language is another one...if you only speak English only for example and you receive emails in other languages that you haven't interacted with , I don't bother opening such email's as they hide these phishing links... fyi nothing happens by accident in today's digital world, most of this stuff is calculated.

You are correct here, those emails sent to people are mostly phishing emails used to steal details from people unknown to them. They send person a mail that they have won a prize and I wonder if the recipient do think before opening such mails of truly they took part in such events if not for their greed and this has been a major problem to why accounts are being hacked.

The challenge of language is another thing which I think people make mistake. They click such link without really knowing the meaning of what they are clicking and common sense should tell them to use a translator but their impatience would not allow them to do what they are supposed to do and they get hacked because of ignorance.

Hamza2424

legendary

Activity: 966

Merit: 1042

#SWGT CERTIK Audited

Hmm, Great compilation brother, think you've got a package for those who are new here to learn and avoid some stupid mistakes we regret after spending some time here or after getting scammed using these phishers.

From my side: Most of the time all you need to do is avoid pop-ups, while visiting some blogs or websites, for the emails just stay focused greed is a curse this should flow in your blood vessels, and never compromise for shortcuts like giveaways and anything which is free as you know there nothing free in this world you need to put effort.

Oxygen is free for everyone so make sure to support Plantation haha #crypto_enviorment_walfare.

Woodie

hero member

Activity: 1834

Merit: 879

Rollbit.com ⚔️Crypto Futures

I think things we might overlook is phishing emails claiming you won something when in the first place you haven't signed up for any competitions, games etc, thats automatically a red flag for me!

Secondly, Language is another one...if you only speak English only for example and you receive emails in other languages that you haven't interacted with , I don't bother opening such email's as they hide these phishing links... fyi nothing happens by accident in today's digital world, most of this stuff is calculated.

CryptSafe

sr. member

Activity: 728

Merit: 421

OP, you have done well by putting efforts in this research. I believe it will be very helpful to newbies and some members who have no much idea how this phishing of a thing works. I have experienced this before and I know what I am talking about. It can come in any form and if one is not attentive enough to see for themselves they could fall into the trap and get hacked.

Uptill now people still fall victim of phishing attacks and some directly to their emails which they have no knowledge about and this is where hackers mostly get people hacked through emails and adds. We just have to be careful with links we click and sites we visit.

tranthidung

legendary

Activity: 2520

Merit: 4355

Farewell o_e_l_e_o

Quote from: _act_ on December 22, 2024, 03:54:49 PM

Scammers and hackers are making it more real in a way that they can use other means to disguise like they are good people. Since last year and this year, you should have heard about scammers offering people job online and let the people think they will be paying them. They can even create a website and make the person create account and be funding it with fake balance which can let the victims to believe like it is real. They will offer their victims jobs and tell the victim to click on the link provided which is a phishing link. That is the reason we need to stay updated about lastest scam also. If we look at it closely, the scammers are still strangers which are no known. This become common in United States to the extent that the FBI warned people about it

They can change tools for scamming but if you look at scam roots, you will see same thing. If people are careful enough, they will see scams are very clear at first glance. Scammers target money, and if you are offered "too good to be true" offers, but at the end, you are requested to send your money first for claiming "too good to be true" money in either giveaway, salary, it's clearly scam!

Beware of "Pay original fine" - a scam method

You can see two images, from 2 scam websites, they used similar UI, but the scam messages are different a little bit and the method is the same.

examplens

legendary

Activity: 3542

Merit: 3625

Crypto Swap Exchange

Quote from: ovcijisir on December 26, 2024, 06:42:54 PM

Thank also for the input, I'll add suggestion to double check pasted links when accessing website in OP, in case that computer / cell phone is infected with clipper malware.

I saw that you got a lot of good advice (and on the local board as well) for working on this topic. I hope you will use it to make a solid-quality mega thread. I'm not sure how long this material fits you, and I believe that you will learn a lot yourself through further research. Wink

ovcijisir

sr. member

Activity: 1491

Merit: 320

🐪

Quote from: Alphakilo on December 22, 2024, 04:42:20 PM

Quote

3.3.1. URL shorteners

Be extra careful if e-mail contains shortened URL-s. URL shortener is service that shortenes web addresses and makes them more compact. It can also be used to hide malicious links because you can not see which website it leads to.
Legitimate service (exchange, casino, government agency...) would never use URL shortener in their e-mail.
Some examples of URL shorteners are web addresses that have domain these domains:

t.co
goo.gl
bit.ly
tinyurl.com

Whenever there is a shortened URL in the content of the message, I don't get spoked because I used that a lot and they are just for legitimate purpose. The two favourite tools I use are Google's Safe Browsing tool. I also use the CheckShortURL.com site for shortened bit.ly link. I do this because it helps me check where that link is going.

Thanks for your input, I'll add suggestion to check shortened links through CheckShortURL.com in my OP.

Quote from: examplens on December 21, 2024, 04:59:15 AM

Although such warnings seem minor, it seems that it is never superfluous to mention them again.

OP, maybe you could add clipboard malware as a potential source of phishing. In that case, even if you wrote an address by hand, you transfer something completely different using the copy/paste method.

Thank also for the input, I'll add suggestion to double check pasted links when accessing website in OP, in case that computer / cell phone is infected with clipper malware.

PX-Z

legendary

Activity: 1554

Merit: 880

Wallet transaction notifier @txnNotifierBot

Quote from: BlackBoss_ on December 20, 2024, 10:09:15 PM

In cryptocurrency, to avoid phishing sites, the very first important step is don't use Google for searching. This search engine can display phishing sites on top of search results and it's terrible if you rely on it.

Why not? Just use ad blockers and be knowledgeable enough to identify an ad or not, they are too different.

First thing to avoid getting phished is being suspicious, and ask why you received such email, sms or any message from strangers. Is that email were used before to received such kind of message? If so then assume most message comes from scammers/hackers so always do double check. Check url through hovering it, or copy them first then paste to check, it's easy to identify a fake url.
Remember email address can be easily spoofed so always double check the source, and the message if its about announcement, check google, their social media accounts if it has the same posts coz probably they will announce it on their socmed handles too.

Alphakilo

sr. member

Activity: 588

Merit: 273

Quote from: ovcijisir on December 20, 2024, 06:58:48 PM

3.3 LINKS

Always hover your mouse over the link/button contained in e-mail and check where it leads to.
You need to carefully analyze whole URL to be sure if the link is malicious or not.

Train yourself to doublecheck links to review if they're safe.
Another way I do this is that whenever I receive a message saying there is an issue with any of my accounts, I open a new tab and go to the actual site. I never use direct links in emails either by copy and pasting or pushing the buttons, unless I have just requested the link, such as password issues or verification I am currently working on.

Quote

3.3.1. URL shorteners

Be extra careful if e-mail contains shortened URL-s. URL shortener is service that shortenes web addresses and makes them more compact. It can also be used to hide malicious links because you can not see which website it leads to.
Legitimate service (exchange, casino, government agency...) would never use URL shortener in their e-mail.
Some examples of URL shorteners are web addresses that have domain these domains:

t.co
goo.gl
bit.ly
tinyurl.com

Whenever there is a shortened URL in the content of the message, I don't get spoked because I used that a lot and they are just for legitimate purpose. The two favourite tools I use are Google's Safe Browsing tool. I also use the CheckShortURL.com site for shortened bit.ly link. I do this because it helps me check where that link is going.

Quote

5. Some phishing scenarios

E-mail states that due to suspicious activity your account was suspended and you have to verify your account by clicking link and fill in in information to regain access

I have gotten this one a lot. I don't think those scammers would ever stop using this trick. Having known this knowledge, we should teach people around us.

_act_

legendary

Activity: 1106

Merit: 1337

Lightning network is good with small amount of BTC

Quote from: dzungmobile on December 22, 2024, 12:03:22 PM

Clicking links is a risky practice and if you receive links from strangers with promise about something is free, and too good to be true, you must assume it is scam. Clicking on these links will put your accounts, devices into big risk of infected and you will lose access to your accounts, devices and money can be stolen too.

Scammers and hackers are making it more real in a way that they can use other means to disguise like they are good people. Since last year and this year, you should have heard about scammers offering people job online and let the people think they will be paying them. They can even create a website and make the person create account and be funding it with fake balance which can let the victims to believe like it is real. They will offer their victims jobs and tell the victim to click on the link provided which is a phishing link. That is the reason we need to stay updated about lastest scam also. If we look at it closely, the scammers are still strangers which are no known. This become common in United States to the extent that the FBI warned people about it

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: dzungmobile on December 22, 2024, 12:03:22 PM

Clicking links is a risky practice and if you receive links from strangers with promise about something is free, and too good to be true, you must assume it is scam. Clicking on these links will put your accounts, devices into big risk of infected and you will lose access to your accounts, devices and money can be stolen too.

Most common scams and tips to avoid them including phishing through email.

It happen because they are able to infect the device of their victims and start stealing all their cryptocurreny funds. Some people like that use clipboard malware which made someone lost their funds after sending thought it was sent to the right address but the truth is isn't sent to the correct address because the device is infected with clipboard malware. Scammers and hackers find different ways to scam and infect malwares to different people that's why there are different tips like the one you provided and op.

dzungmobile

sr. member

Activity: 938

Merit: 460

Quote from: bitbollo on December 22, 2024, 11:32:58 AM

you receive any email... you can just avoid to click in any link.
it is really easy. never (even if the sender doesn't look suspicious) click on any link or complete a login.
Just go on that service and login or verify by yourself if you received trusted information.
of course use good judgement with many emails for various services and EVERYTIME a new password.

Clicking links is a risky practice and if you receive links from strangers with promise about something is free, and too good to be true, you must assume it is scam. Clicking on these links will put your accounts, devices into big risk of infected and you will lose access to your accounts, devices and money can be stolen too.

Most common scams and tips to avoid them including phishing through email.

Topic: How to avoid geting phished (Read 410 times)