[INFO] Tips to keep your account safe from thieves and scammers

owlcatz

legendary

Activity: 3570

Merit: 1959

Actually phishing has been going on since 2014 at least, but I don't know how far back you can find it documented here ...

This change used to help, but I don't know if people know about it or not anymore, or even notice it's different. Roll Eyes

https://bitcointalksearch.org/topic/green-hover-color-for-bitcointalkorg-links-1432118

Edit - Example - Hover over the different links in my signature. Wink

Eclipse33

copper member

Activity: 1098

Merit: 459

Eclipse™ Experimental Cryptographic Technology

Looks like the phishing attempts have been ongoing since June 01, 2018

from user MCHouston:

"User sent me a PM with a link to what seems like a bitcointalk post, upon further inspection it is a link to a completely different site, that looks like bitcointalk trying to steal passwords and try other things.

Link to their profile: https://bitcointalksearch.org/user/faboo005-940588

Screenshot of PM and the real URL it would send you too."

Eclipse33

copper member

Activity: 1098

Merit: 459

Eclipse™ Experimental Cryptographic Technology

Stay aware that hacked accounts are sending phishing links. Don't click the link sent by an account you don't know.

krogoth

full member

Activity: 1298

Merit: 176

Krogothmanhattan alt account

Yubi also came out with a yubi biometric version....even adding another layer of protection!

https://www.yubico.com/products/yubikey-bio-series/

Passwordless multi-factor authentication
Secure and convenient passwordless MFA login with the YubiKey Bio authenticator and biometric information using a fingerprint, with a PIN as a fallback.

2Fa is the way to go with these type of log in requirements.

XYZo

newbie

Activity: 95

Merit: 0

Good looking, we need more like you.

owlcatz

legendary

Activity: 3570

Merit: 1959

Quote from: krogoth on December 11, 2021, 12:03:28 PM

Quote from: owlcatz on December 11, 2021, 11:49:11 AM

Unfortunately thermos already said multiple times that 2fa won't be implemented despite the fact that billions were spent on a new forum that nobody uses.. will edit with links later. Roll Eyes

2Fa with a yubikey would be great just like Gmail login setup.

So I can't find anywhere he addresses 2FA directly, but here are some of the many posts brought up about it since 2013. Roll Eyes

Quote from: TryNinja on July 15, 2018, 10:39:25 AM

Please, Google before making a repetitive suggestion.

Can bitcointalk.org get 2 factor authentication? (2013)
Why doesn't Bitcointalk support 2FA? (2016)
2FA on bitcoin talk (2017)
Isn't it time to introduce 2FA to enhance user account security ? (2018)

Quote from: krogoth on December 11, 2021, 12:03:28 PM

2Fa with a yubikey would be great just like Gmail login setup.

👍

krogoth

full member

Activity: 1298

Merit: 176

Krogothmanhattan alt account

Quote from: owlcatz on December 11, 2021, 11:49:11 AM

Unfortunately thermos already said multiple times that 2fa won't be implemented despite the fact that billions were spent on a new forum that nobody uses.. will edit with links later. Roll Eyes

2Fa with a yubikey would be great just like Gmail login setup.

MrCryptHodl

hero member

Activity: 1120

Merit: 874

In Bitcoin We Trust

Quote from: owlcatz on December 11, 2021, 11:49:11 AM

Unfortunately thermos already said multiple times that 2fa won't be implemented despite the fact that billions were spent on a new forum that nobody uses.. will edit with links later. Roll Eyes

Oh, a valid reason? Or does he just not want to spend time on it? because this is the Bitcoin Forum, it should not stay that way indefinitely, new people are starting to discover collectibles, they are coming to the Forum, everyone deserves protection. We don't try to modify the creation of Satoshi, just a 2FA in the forum XD

Quote from: Est2013 on December 11, 2021, 11:52:31 AM

You have good points MrCryptHodl

But I say, let's not focus all our efforts on changing the platform, but keep encouraging change from our users.

You are right, the Binances/Coinbases of the world are simplifying crypto, which is the key for adoption, but those platforms are run under a strict set of rules to govern and protect its users. With that comes necessary restrictions - That mentality is for the ebays of the world.

But I don't totally disagree with your direction and points. Thanks for the discussion

I completely agree with you, we are not going to put all our efforts on it, in any case we are making newcomers aware of this subject, whether through this post, or by PM, But I just find its not really good that the community does not have a say in it, it's not very Bitcoin.

and yes that for the ebay of this world what Binance or Coinbase do.

You're welcome ! thanks to you too Cheesy

Est2013

full member

Activity: 399

Merit: 122

Quote from: MrCryptHodl on December 11, 2021, 11:38:49 AM

ah but when I say that it's a lot for some it's a reality, I mean the PGP is not necessarily for everyone, nowadays people use platforms like Binance or Coinbase with the 2FA of google, I don't think they necessarily see the side being their own bank.

And a lot of people here just buy, that's why I was saying for sellers and creators, I assume that a Creator already has a lot of Opsec behind.

But I agree that the people who are here should get out of their comfort zones and learn in depth, but here people have such a close life and I don't think everyone has time to do that unfortunately

You have good points MrCryptHodl

But I say, let's not focus all our efforts on changing the platform, but keep encouraging change from our users.

You are right, the Binances/Coinbases of the world are simplifying crypto, which is the key for adoption, but those platforms are run under a strict set of rules to govern and protect its users. With that comes necessary restrictions - That mentality is for the ebays of the world.

But I don't totally disagree with your direction and points. Thanks for the discussion

EDIT: We are both deff on the same page in the overall direction here. I just think we should be hesitant to cater to the convenience for all users on this specific platform; seems like a slippery slope. But +1 for login 2fa!

owlcatz

legendary

Activity: 3570

Merit: 1959

Unfortunately thermos already said multiple times that 2fa won't be implemented despite the fact that billions were spent on a new forum that nobody uses.. will edit with links later. Roll Eyes

MrCryptHodl

hero member

Activity: 1120

Merit: 874

In Bitcoin We Trust

Quote from: Est2013 on December 11, 2021, 11:31:52 AM

Quote from: MrCryptHodl on December 11, 2021, 10:48:05 AM

So I've used PGP a lot on Tails or whatever, but I don't know if it's really suitable for all users.

Of course this is one of the best methods, people can check messages and keys etc, but maybe too much for lot of users here.

I don't know if it's possible, but there should at least be the possibility of activating a 2FA with PGP on the forum, because the sales and the sums here are very important, we are not talking about small amount. (So that people who know how to use can set it up on their accounts, especially sellers / creators)

A login 2FA would be a great addition. But I disagree with the mentality of "too much for lot of users here." While that may be true, imo that is the cost/requirement of "being your own bank" and transacting on a community driven platform.

Everyone has a line/comfort zone, if you have not taken the time to learn PGP and the additional steps to protect yourself, you simply haven't been pushed across that line of inconvenience yet. We should encourage new and existing members to cross that barrier and learn, before learning the hard way.

Promoting from newbie status should be a crash course in security; rather than a single merit.

ah but when I say that it's a lot for some it's a reality, I mean the PGP is not necessarily for everyone, nowadays people use platforms like Binance or Coinbase with the 2FA of google, I don't think they necessarily see the side being their own bank.

And a lot of people here just buy, that's why I was saying for sellers and creators, I assume that a Creator already has a lot of Opsec behind.

But I agree that the people who are here should get out of their comfort zones and learn in depth, but here people have such a close life and I don't think everyone has time to do that unfortunately

Est2013

full member

Activity: 399

Merit: 122

Quote from: MrCryptHodl on December 11, 2021, 10:48:05 AM

So I've used PGP a lot on Tails or whatever, but I don't know if it's really suitable for all users.

Of course this is one of the best methods, people can check messages and keys etc, but maybe too much for lot of users here.

I don't know if it's possible, but there should at least be the possibility of activating a 2FA with PGP on the forum, because the sales and the sums here are very important, we are not talking about small amount. (So that people who know how to use can set it up on their accounts, especially sellers / creators)

A login 2FA would be a great addition. But I disagree with the mentality of "too much for lot of users here." While that may be true, imo that is the cost/requirement of "being your own bank" and transacting on a community driven platform.

Everyone has a line/comfort zone, if you have not taken the time to learn PGP and the additional steps to protect yourself, you simply haven't been pushed across that line of inconvenience yet. We should encourage new and existing members to cross that barrier and learn, before learning the hard way.

Promoting from newbie status should be a crash course in security; rather than a single merit.

MrCryptHodl

hero member

Activity: 1120

Merit: 874

In Bitcoin We Trust

Quote from: owlcatz on December 11, 2021, 10:31:41 AM

Quote from: Steeley on December 10, 2021, 06:00:29 PM

I vote for this thread to be added to the permanent list of threads at the top of the forum. Too many people getting scammed here.

Steeley

Sounds good - I have some stuff in my sig that can help learn PGP/GPG as well...

So I've used PGP a lot on Tails or whatever, but I don't know if it's really suitable for all users.

Of course this is one of the best methods, people can check messages and keys etc, but maybe too much for lot of users here.

I don't know if it's possible, but there should at least be the possibility of activating a 2FA with PGP on the forum, because the sales and the sums here are very important, we are not talking about small amount. (So that people who know how to use can set it up on their accounts, especially sellers / creators)

owlcatz

legendary

Activity: 3570

Merit: 1959

Quote from: Steeley on December 10, 2021, 06:00:29 PM

I vote for this thread to be added to the permanent list of threads at the top of the forum. Too many people getting scammed here.

Steeley

Sounds good - I have some stuff in my sig that can help learn PGP/GPG as well...

Steeley

sr. member

Activity: 1164

Merit: 268

Byzantine Generals' Problem solved,Prosperity Next

I vote for this thread to be added to the permanent list of threads at the top of the forum. Too many people getting scammed here.

Steeley

Eclipse33

copper member

Activity: 1098

Merit: 459

Eclipse™ Experimental Cryptographic Technology

A few more ways that you can avoid being prey:

1. Employ a robust email software security solution that can detect phishing emails before they reach an end-user. Even if a solution is unable to detect all phishing and spear-phishing emails sent today, a solution that detects an appreciable percentage of phishing messages can decrease your organization’s exposure to phishing-based threats.

2. Leverage user awareness training that addresses real-world email phishing techniques used by threat actors today. For example, teach end users that ransomware attackers are hijacking email accounts and inserting themselves into ongoing conversations to introduce malicious attachments or links into a conversation appearing to come from a trusted user.

3. Caution vigilance for “reply all” emails that contain only an attachment or link with a very brief or no message.

4. Emphasize that “unpaid invoices” is a very common phishing lure."

Citation:

Dwyer, J. (2021, November 30). Understanding the Adversary: How Ransomware Attacks Happen. Security Intelligence. https://securityintelligence.com/posts/how-ransomware-attacks-happen/

Eclipse33

copper member

Activity: 1098

Merit: 459

Eclipse™ Experimental Cryptographic Technology

Quote from: KrispyKrypto on December 10, 2021, 11:35:15 AM

Are the malicious links only harmful if you type in password /username or whatever when in them. Can they download malware onto your computer just clicking on a link ? ( I'm mainly talking about the malicious and notorious bitcointalk-link) . I have clicked on one before , but immediately closed the browser . Just curious as to what actual happens when you are clicking on a malicious link . I know they are spying on your computer , but that can only happen when in the link right ?

Krispy

It all depends upon how sophisticated this group is and how motivated they are to steal a few thousand dollars of cryptocurrency. Because they have had some success on this forum from users who were either newbies or just not aware of basic security this has given them the incentive to stick around. Its probably a group of maybe one or more people who have used this forum in the past and have an awareness of how our community works. Insiders that have turned to adversaries who now want to make some crypto on the side.

mx12.levins

copper member

Activity: 731

Merit: 309

Thank you!

Eclipse33

copper member

Activity: 1098

Merit: 459

Eclipse™ Experimental Cryptographic Technology

Quote from: pinky1234 on December 10, 2021, 11:02:34 AM

AM SUPER MAD , I WOULD RECOMEND ON EVERY AUCTION FOR THE SELLER TO WRITE DOWN

" BEWARE OF SCAMMER SENDING PM TO CLICK ON A LINK , YOUR ACCOUNT WILL GET HACKED INSTANTLY" THIS SHOULD BE ON RED ON EVERY AUCTIONS @ ADMIN..............

I like this idea pinky

KrispyKrypto

copper member

Activity: 65

Merit: 110

Are the malicious links only harmful if you type in password /username or whatever when in them. Can they download malware onto your computer just clicking on a link ? ( I'm mainly talking about the malicious and notorious bitcointalk-link) . I have clicked on one before , but immediately closed the browser . Just curious as to what actual happens when you are clicking on a malicious link . I know they are spying on your computer , but that can only happen when in the link right ?

Krispy

Topic: [INFO] Tips to keep your account safe from thieves and scammers (Read 632 times)