Author

Topic: How to avoid geting phished (Read 197 times)

hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
December 22, 2024, 06:34:06 PM
#23
In cryptocurrency, to avoid phishing sites, the very first important step is don't use Google for searching. This search engine can display phishing sites on top of search results and it's terrible if you rely on it.
Why not? Just use ad blockers and be knowledgeable enough to identify an ad or not, they are too different.

First thing to avoid getting phished is being suspicious, and ask why you received such email, sms or any message from strangers. Is that email were used before to received such kind of message? If so then assume most message comes from scammers/hackers so always do double check. Check url through hovering it, or copy them first then paste to check, it's easy to identify a fake url.
Remember email address can be easily spoofed so always double check the source, and the message if its about announcement, check google, their social media accounts if it has the same posts coz probably they will announce it on their socmed handles too.
sr. member
Activity: 560
Merit: 265
December 22, 2024, 04:42:20 PM
#22
3.3 LINKS

Always hover your mouse over the link/button contained in e-mail and check where it leads to.
You need to carefully analyze whole URL to be sure if the link is malicious or not.
Train yourself to doublecheck links to review if they're safe.
Another way I do this is that whenever I receive a message saying there is an issue with any of my accounts, I open a new tab and go to the actual site. I never use direct links in emails either by copy and pasting or pushing the buttons, unless I have just requested the link, such as password issues or verification I am currently working on.

Quote
3.3.1. URL shorteners

Be extra careful if e-mail contains shortened URL-s. URL shortener is service that shortenes web addresses and makes them more compact. It can also be used to hide malicious links because you can not see which website it leads to.
Legitimate service (exchange, casino, government agency...) would never use URL shortener in their e-mail.
Some examples of URL shorteners are web addresses that have domain these domains:
  • t.co
  • goo.gl
  • bit.ly
  • tinyurl.com
Whenever there is a shortened URL in the content of the message, I don't get spoked because I used that a lot and they are just for legitimate purpose. The two favourite tools I use are Google's Safe Browsing tool. I also use the CheckShortURL.com site for shortened bit.ly link. I do this because it helps me check where that link is going.

Quote
5. Some phishing scenarios

  • E-mail states that due to suspicious activity your account was suspended and you have to verify your account by clicking link and fill in in information to regain access
I have gotten this one a lot. I don't think those scammers would ever stop using this trick. Having known this knowledge, we should teach people around us.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
December 22, 2024, 03:54:49 PM
#21
Clicking links is a risky practice and if you receive links from strangers with promise about something is free, and too good to be true, you must assume it is scam. Clicking on these links will put your accounts, devices into big risk of infected and you will lose access to your accounts, devices and money can be stolen too.
Scammers and hackers are making it more real in a way that they can use other means to disguise like they are good people. Since last year and this year, you should have heard about scammers offering people job online and let the people think they will be paying them. They can even create a website and make the person create account and be funding it with fake balance which can let the victims to believe like it is real. They will offer their victims jobs and tell the victim to click on the link provided which is a phishing link. That is the reason we need to stay updated about lastest scam also. If we look at it closely, the scammers are still strangers which are no known. This become common in United States to the extent that the FBI warned people about it
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
December 22, 2024, 01:26:44 PM
#20

Clicking links is a risky practice and if you receive links from strangers with promise about something is free, and too good to be true, you must assume it is scam. Clicking on these links will put your accounts, devices into big risk of infected and you will lose access to your accounts, devices and money can be stolen too.

Most common scams and tips to avoid them including phishing through email.
It happen because they are able to infect the device of their victims and start stealing all their cryptocurreny funds. Some people like that use clipboard malware which made someone lost their funds after sending thought it was sent to the right address but the truth is isn't sent to the correct address because the device is infected with clipboard malware. Scammers and hackers find different ways to scam and infect malwares to different people that's why there are different tips like the one you provided and op.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
December 22, 2024, 12:03:22 PM
#19
you receive any email... you can just avoid to click in any link.
it is really easy. never (even if the sender doesn't look suspicious) click on any link or complete a login.
Just go on that service and login or verify by yourself if you received trusted information.
of course use good judgement with many emails for various services and EVERYTIME a new password.
Clicking links is a risky practice and if you receive links from strangers with promise about something is free, and too good to be true, you must assume it is scam. Clicking on these links will put your accounts, devices into big risk of infected and you will lose access to your accounts, devices and money can be stolen too.

Most common scams and tips to avoid them including phishing through email.
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
December 22, 2024, 11:32:58 AM
#18
you receive any email... you can just avoid to click in any link.
it is really easy. never (even if the sender doesn't look suspicious) click on any link or complete a login.
Just go on that service and login or verify by yourself if you received trusted information.
of course use good judgement with many emails for various services and EVERYTIME a new password.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
December 22, 2024, 11:26:00 AM
#17
This is a very good guide/tutorial and i hope those who are most vulnerable to phishing attacks will read this and refresh their memory about it and how to avoid it. It is easier for more experienced users to avoid phishing scams but newbies usually have their wallet drained due to the mistake of falling for the scammers tricks.

That being said, the most important advice is to make sure one has their assets kept offline, your online device should not have any crypto in it, or just very small that you want to spend.
legendary
Activity: 1554
Merit: 1139
December 22, 2024, 09:49:30 AM
#16
Where should you start to avoid phishing?

1st of all, with separating your work and entertainment areas. That is, all your financial data should be in a separate work environment. In the form of a separate work PC or laptop, or a virtual environment (virtual OS) that will be used only for work purposes.

Also, don't forget to separate your work email address(es) and not share this data everywhere (in the public domain) on the Internet to avoid this address getting into phishing attack lists. No phishing address - no phishing.
It’s good to get these messages out as one can’t be too careful enough. Every now and then, you just might find yourself being sort out by what you aren’t looking for or too interested in. In this age where you’ve got several pop up ads out there as adverts and bulk mails, sms been sent on a daily, any device with the ability to go online or you just feel to upgrade at certain times could really expose you to some phishing attempt. You might not be the target these days but, you definitely could be the victim.
Key: don’t be interested in what you ain’t looking for and care less about the display or look of your device and limit your activities to only that which you are about.
full member
Activity: 294
Merit: 178
If you know, you know!
December 22, 2024, 07:13:57 AM
#15
3.3 LINKS

Always hover your mouse over the link/button contained in e-mail and check where it leads to.
You need to carefully analyze whole URL to be sure if the link is malicious or not.
I wanna share something regarding to this. A few weeks ago, I felt like playing a game on my PC suddenly cause I had nothing better to do, so I asked my friend for a website where I could download a pirated game for free (anyway, I'm not a Gamer, like regularly play games). I asked him because I know that he always downloads pirated games. He suggested me a website, which is steamunlocked.net, and then voila I downloaded the game and installed it, the next day Voila!, suddenly my email got hacked, Fortunately I could secure my DeFi account immediately.  One thing that should be noticed, the website doesn't require you to login by using your email.

Beware of piracy website, specifically a website where you could download application such as games.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
December 22, 2024, 04:34:03 AM
#14
Where should you start to avoid phishing?

1st of all, with separating your work and entertainment areas. That is, all your financial data should be in a separate work environment. In the form of a separate work PC or laptop, or a virtual environment (virtual OS) that will be used only for work purposes.
Separating different things on different devices and emails is very good practice for reduction of attack risks including phishing attacks. I agree with you that separating non-financial and financial stuffs on different devices is good preventive methods.

Like two years ago, a senior Bitcoin developer Lukedashj, was hacked and massive bitcoin were stolen from his compromised computer. Main cause is Luke installed an appoication on his computer.
Bitcoin Core dev says his bitcoin is basically all gone after hack.

Quote
Also, don't forget to separate your work email address(es) and not share this data everywhere (in the public domain) on the Internet to avoid this address getting into phishing attack lists. No phishing address - no phishing.
Emails need to be separated similarly, for finance and non finance. Because with money related, if it is stolen, it is assuredly gone. Especially with Bitcoin, transactions are irreversible.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
December 22, 2024, 01:39:54 AM
#13
Where should you start to avoid phishing?

1st of all, with separating your work and entertainment areas. That is, all your financial data should be in a separate work environment. In the form of a separate work PC or laptop, or a virtual environment (virtual OS) that will be used only for work purposes.

Also, don't forget to separate your work email address(es) and not share this data everywhere (in the public domain) on the Internet to avoid this address getting into phishing attack lists. No phishing address - no phishing.
legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
December 21, 2024, 06:46:54 PM
#12
3.3.2. MODIFIED URLs

Always check if there is misspell in URL or the URL is modified variation of legitimate service.
For example in case of binance.com legitimate URLs would be:
  • support.binance.com
  • binance.com/support
  • binance.com
This part will go well for those who already know the URLs. What about those trying to search it on their own without an idea on what domain the services they're seeking are? It's kind of hard.

In cryptocurrency, to avoid phishing sites, the very first important step is don't use Google for searching. This search engine can display phishing sites on top of search results and it's terrible if you rely on it.
Well, this isn't to disprove you but I need to put this out here. I got to this place through a simple search on Google, wanting to satisfy my curiosity after I heard of Bitcoin for the first time late 2016. The search on Google took me to Coinmarketcap and from there to its socials. A click on that took me to BTT as one of the places where I could get answers to whatever questions were puzzles to me. Then I new next to nothing about phishing sites or what to look out for.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
December 21, 2024, 06:36:20 PM
#11
Why is your post incomplete? I thought you would at least list some ways for newbies or people to avoid getting trapped by phishing emails.

Anyway, I will give my two cents about the subject because I have faced this in the past, and I know what an effective way of saving yourself from phishing emails is and not getting tricked easily.

Whenever you receive a promotional email or something, make sure that you always check the sender of the email. An email coming from an official source will have an email that you can find from the details of the email you have received. The place where the details can be found can differ based on the email provider you are using, but it's not that difficult to find it. In Gmail, it's under the name of the sender, besides the profile picture placeholder.

Once you look at the details, you will understand that the email is not from an official source but it is a trap.
I definitely leave the email alone if I am not expecting any email but if I do then it's what I would do which is to check the sender first before clicking any link. I also agree to examplens about adding clipboard malware as it kind of the same as phishing since it won't be the address you copied when pasted. Anyway, hovering your cursor to the link to see where it goes doesn't work on someone who is using a mobile device. What I do to know what website it could be is I tap the link and copy the url and paste it and see what it is (only need to paste it and not to enter it just to be safe).
legendary
Activity: 2268
Merit: 1655
To the Moon
December 21, 2024, 05:51:37 PM
#10
Always hover your mouse over the link/button contained in e-mail and check where it leads to.
You need to carefully analyze whole URL to be sure if the link is malicious or not.

The methods listed by OP to avoid phishing are good, but do not forget that attackers can change the DNS server data and thus you will find yourself on a phishing site by clicking on the link. The only way to avoid this is to timely read updates from the team on the official account.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 21, 2024, 01:36:32 PM
#9
GOOD PRACTICE

While I do like your tutorial and you touch pretty good the most important points, I feel that it's missing something:

1. Don't keep in hot wallets and online accounts more money than you afford to lose.
2. Keep the coins that matter in such a way that even if a hacker gets into your computer or your online accounts, you'll still not lose much (i.e. keep as much as possible offline: cold storage, hardware wallet...)

That's because:
* mistakes do happen
* your computer or phone may not be as safe as you think
legendary
Activity: 3416
Merit: 1225
Enjoy 500% bonus + 70 FS
December 21, 2024, 09:39:51 AM
#8

5. Some phishing scenarios

  • You get e-mail that your account on exchange was hacked, you need to click link in e-mail to update your information and provide username and password
  • You recieve e-mail that service you are using is having regular update and you need to update your informaton by clicking link provided
  • E-mail states that due to suspicious activity your account was suspended and you have to verify your account by clicking link and fill in in information to regain access

They always used the words need, must have, and should and every word available to compel you to click the link. This is the first sign, and verify it by checking the url of the domain. Always bookmarked the real site and checked if you had the boomarked logo when visiting a legit site.
Phishing is done by cloning a site, so you should know the correct url of the site. You can't be wrong if you are on details on the URL of the sites you are visiting.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
December 21, 2024, 06:09:34 AM
#7
Well honestly in simple mistake can hunt you forever. Thanks OP this is also good noting to newbies to be aware and observant of all keywords and site that they are clicking cause it might be real when we first look at it but in the end its a phishing site that masquerade into a very subtle fake site with such variable change.

Sometimes with our naked eye we can see how it is but we should always triple check what we clicked.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
December 21, 2024, 04:59:15 AM
#6
Although such warnings seem minor, it seems that it is never superfluous to mention them again.

OP, maybe you could add clipboard malware as a potential source of phishing. In that case, even if you wrote an address by hand, you transfer something completely different using the copy/paste method.
sr. member
Activity: 630
Merit: 277
December 21, 2024, 02:07:11 AM
#5
Thanks OP for the effort you have put in this post to save alot of people from Phishing scams. For newbies who may be finding it difficult to identify emails that may lead to phishing sites, they can enable email filters on their devices. I use this on my email account and it has made identifying unwanted, promotional and scam emails very easy for me. This method may not be 100% effective but once an email is sorted into the spam folder, I just sense there might be an error in that email which will help me be more careful.

Just like OP has said, if you are in doubt, type the email address manually and avoid sending sensitive information about yourself to people you don't know, including strange links. Think safety always.
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
December 20, 2024, 10:09:15 PM
#4
In cryptocurrency, to avoid phishing sites, the very first important step is don't use Google for searching. This search engine can display phishing sites on top of search results and it's terrible if you rely on it.

Let's start with big market cap websites when you need to search for something.
coinmarketcap.com
https://coingecko.com/
https://cryptorank.io/

There are more market cap websites in this industry but with above big ones, you can search almost everything you need and it helps you avoiding phishing sites.

[GUIDE] Use this for identifying Scam/Phishing Websites & Exchanges in Crypto
[Tutorial] How To Report Phishing Email & Create Auto Delete Filter - Gmail User
Tool For Catch Phishing
sr. member
Activity: 1491
Merit: 320
🐪
December 20, 2024, 08:09:54 PM
#3
Why is your post incomplete? I thought you would at least list some ways for newbies or people to avoid getting trapped by phishing emails.
~

I accidently clicked post instead of preview Sad Now it is completed.
sr. member
Activity: 1260
Merit: 358
December 20, 2024, 07:12:42 PM
#2
Why is your post incomplete? I thought you would at least list some ways for newbies or people to avoid getting trapped by phishing emails.

Anyway, I will give my two cents about the subject because I have faced this in the past, and I know what an effective way of saving yourself from phishing emails is and not getting tricked easily.

Whenever you receive a promotional email or something, make sure that you always check the sender of the email. An email coming from an official source will have an email that you can find from the details of the email you have received. The place where the details can be found can differ based on the email provider you are using, but it's not that difficult to find it. In Gmail, it's under the name of the sender, besides the profile picture placeholder.

Once you look at the details, you will understand that the email is not from an official source but it is a trap.
sr. member
Activity: 1491
Merit: 320
🐪
December 20, 2024, 06:58:48 PM
#1
1. INTRODUCTION

I noticed increase of phishing attacks in last few months, probably because of bull run, so I decided to write this short manual mostly for new unexperienced users so they learn:
  • what to expect,
  • how to recognize,
  • how to react to phishing e-mail.


2. ABOUT PHISHIG E-MAILS

Phishing e-mails are usually constructed in such way that they seem to come from legitimate source ( eg. exchange, casino, government agency etc.)

The goal of phishing e-mail is to:
  • steal your funds,
  • harvest your personal information,
  • gain access to your credentials,
  • install malware

To avoid getting phished it is a good habit to always analyze e-mails, especially when dealing with sensitive information.

3. WHAT TO LOOK FOR  

The most important things to check when analyzing e-mails are:
  • "FROM:" field
  • Content
  • Links

3.1 "FROM:" FIELD

It is important that you are familiar with structure of e-mail address.
For example in e-mail address support@binance.com elements are:
  • support - username
  • @ - @ sign
  • binance.com - domain name


We need to focus on domain name and see if there is variation of usual domain name.
For example if domain is binance-xyz.com there is big red flag that e-mail is phishing mail.

3.2 CONTENT

The content is usually constructed in such way to evoke emotions and to get you to act in haste without thinking.
There will also be pressure to react to e-mail as soon as possible.
The attackers count on your lack of concentration, that you will be in distress, distracted and react in panic.
Almost always there will be provided link or button that you will have to click to solve the problem.
DO NOT CLICK LINK/BUTTON BEFORE YOU ANALYZE IT AND SEE IF TI COMES FROM LEGITIMATE SOURCE!

Some clues that show that you are probably dealing with phisihing e-mail:
  • grammar mistakes
  • logos are in low resolution/they look like pasted screenshots
  • the e-mail adresses you by different name
  • content of e-mail creates sense of urgency to react

3.3 LINKS

Always hover your mouse over the link/button contained in e-mail and check where it leads to.
You need to carefully analyze whole URL to be sure if the link is malicious or not.

3.3.1. URL shorteners

Be extra careful if e-mail contains shortened URL-s. URL shortener is service that shortenes web addresses and makes them more compact. It can also be used to hide malicious links because you can not see which website it leads to.
Legitimate service (exchange, casino, government agency...) would never use URL shortener in their e-mail.
Some examples of URL shorteners are web addresses that have domain these domains:
  • t.co
  • goo.gl
  • bit.ly
  • tinyurl.com

3.3.2. MODIFIED URLs

Always check if there is misspell in URL or the URL is modified variation of legitimate service.
For example in case of binance.com legitimate URLs would be:
  • support.binance.com
  • binance.com/support
  • binance.com

Examples of malware variations of binance.com:
  • binance.hhjf.com - domain name is hhjf.com
  • binances.com
  • binance.cash
  • hhjf.com/binance
  • blnance.com - "i" is replaced with small letter "L"
  • binance-service.com
  • support-binance.com

3.3.3. GOOD PRACTICE

It is good practice to avoid clicking links provided in e-mail and instead access the website trough bookmark or write address manually in address bar.
That way you are greatly reducing risk of accessing malware website trough links.

4. PHISHING WEBSITE

If you accessed website by link/button provided in e-mail always be sure NEVER to disclose following information:
  • passwords
  • private keys - No legitimate service will ever ask you for private keys!
  • private information that could be used to steal your identity (name, address, ID card photos, ID card number etc.
  • credit card numbers
  • etc.
Be aware that attackers can make exact copy of the legitimate website, so checking URL is only way to know if the website is legitimate. But even URL can be faked, so the best way to know you are visiting legitimate website is to use bookmarks or writing address manually!


5. Some phishing scenarios

  • You get e-mail that your account on exchange was hacked, you need to click link in e-mail to update your information and provide username and password
  • You recieve e-mail that service you are using is having regular update and you need to update your informaton by clicking link provided
  • E-mail states that due to suspicious activity your account was suspended and you have to verify your account by clicking link and fill in in information to regain access
Jump to: