Topic: Must have web browser addons to keep you a step safer from phishing (Read 726 times)

+1 for No Coin.

DuckDuckGo Essentials is certainly a good add-on, but it isn't the best. The issue it has (and many anti-tracking add-ons have) is that it simply uses a list of known trackers, and blocks anything that appears on that list. Compare that to Privacy Badger, which I recommended on my reply on the first page of this thread. Privacy Badger actively monitors your browsing session for anything that is trying to track you and blocks it. It has the advantage of catching quite a lot of stuff that is yet to be updated on to the anti-tracking lists that other add-ons use. DDG Essentials does some other stuff too, such as forcing encrypted connections, but that can be easily replicated by using HTTPS Everywhere (again linked to in my previous post).

DDG Essentials is certainly a good add-on if you want something quick, easy and requiring no set-up, but if you are looking for the best privacy, security and anti-tracking, then Privacy Badger + others is the way to go.

Great list of extensions.

Other extensions that are useful given the prevalence of cryptojacking eg.

No Coin (Chrome, Firefox, Opera)
minerBlock (Chrome, Firefox, Opera)

Also, to consider duckduckgo's extension.

The attack happened on the exact Etherdelta website where there was temporary access to Etherdelta's DNS server by the hacker. It was the exact Etherdelta domain not like this usual phishing attempts you know of where there is a slight alternation of the domain name.

I was starting to do a token transfer at that time of the attack so yes, I was doing something on a correct url of a website whose DNS server had been hijacked. If it wasn't for Netcraft and MetaMask's alerts. My funds were gone.

This is not an ordinary phishing attempt we always see daily. We are talking about a DNS server getting hijacked.
To enlighten yourself and refresh some memories of that day there is more here Cryptocurrency exchange EtherDelta got replaced with a fake site that steals your money

Being phished means you visited a fake/cloned website . if nothing bad happens to you and you believe that you access the correct url of etherdelta then you dont need to question yourself on why you didnt got hacked .  



Hardware wallets are also exposed to attacks as soon as you already connect your hardware wallet into your gadget and your gadget is connecting online . those who didnt got hacked might not  visited a fake website .

Those users who used a Ledger Hardware wallet even in the time of the attack were safe since hackers can't access funds without physical access to the device itself. Another win for Hardware Wallets.

I did check out the source code before updating the list especially for phish fort as it's relatively new in the game.
Wouldn't be fair recommending people an add-on i completely know nothing about 

When giving out tips based on security,its always very necessary to be a 100% sure of the website,product,service etc, thats not to say people shouldn't or wouldn't do their own research before taking in someone else's advice,recommendations,suggestions etc, but for the 1% that wouldn't,its good to be sure to a reasonable extent the advice being given out.

Be careful about adding every suggestion to your OP.

Browser extensions are an easy way to distribute malicious code, since if your extension looks good/professional enough, many people will download it without really thinking about it. I've not even heard of some of these extensions, which is usually a warning sign for me given how much attention I pay to online security and privacy. I would certainly be considering checking the code out for yourself before recommending it to others.

Thanks, OP has been updated. It's sad that the link to their Firefox add-on does not work.

Thanks but am currently looking at anti phishing add-ons. However, I  look forward to making a topic related to malwarebytes sometime soon.


Bookmarking is okay but also not 100% guaranteed safety.
I was online when an attack was made on Etherdelta in 2017... In fact, I was even in the process of making a transaction to Etherdelta and do you know what saved my Private key from getting Phished?

It obviously wasn't bookmarking(I had bookmarked Etherdelta and i still ended up loading a website whose DNS severs had been hijacked) but Netcraft gave me a warning(the ad-don was showing a risk rating of 9/10 at that time) and MetaMask displayed a warning. That's when I realized that Etherdelta was under attack and i stopped what i was doing immediately.

better you bookmark the real website to keep safe from phising site. if you first time follow that website, very good if you can check their security,domain,website age and their ads. i always check it in scamadviser and see any preview in youtube video about that website.

My main issue with Waterfox is that they are quite slow in terms of security updates and patches compared to Firefox. Out-of-the-box Waterfox is definitely more private, as it has no telemetry features like Firefox. But if you know what you're doing, or you have a good guide to follow, you can configure Firefox to be just as good, if not better, than Waterfox.

Brave is a Chromium based browser and can use the same add-ons as Chrome.

My main browser is actually Waterfox, a Firefox based browser. Of course you can use Firefox add-ons (both old and new) with it.

Good topic. I'd also like to recommend you to use Malwarebytes Browser Extension.

Malwarebytes Browser Extension BETA delivers a safer and faster web browsing experience. It blocks malicious websites while filtering out unwanted content (resulting in up to 3x faster webpage load times). Blocks clickbait links, stops in-browser cryptojackers (unwanted cryptocurrency miners), and gives other malicious content the boot.

When the browser extensions block a site, they will show you a warning similar to this one:



More information: https://blog.malwarebytes.com/malwarebytes-news/betas/2018/07/introducing-malwarebytes-browser-extension/

You can find the add-ons for Google Chrome/Mozilla Firefox on the official website: https://www.malwarebytes.com/products/
OR
Chrome Web Store: https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee
Firefox Add-Ons: https://addons.mozilla.org/firefox/addon/malwarebytes/

I just recently installed https://www.phishfort.com/ It's an anti-phishing browser extension. Works similar to CRYPTONITE, but free to use forever. Also it partnered with MyEtherwallet.

I learned about it from the news. https://bitcoinexchangeguide.com/myetherwallet-mew-partners-with-segasec-and-phishfort%E2%80%8A-cybersecurity-firms-to-prevent-attacks/

Thank you, I will keep that in mind. Phishing is something that looks easy to evade but sometimes one could just be caught off guard, probably when one is trying to browser during times of fatigue or having less attention to the websites s/he is browsing.

You know OP you have to keep reminding new forum member about using this security tips by bumping thread lets say once in every two months or so. I was searching how to save guide my BTT account after I almost fell prey to scam attempt of recent. You're doing some great work towards enlightening forum member to take privacy as our priority. Thank you for that.

Nope, this is not a good idea. The bookmarks can be altered and hackers know people trust their bookmarks. This false sense of security is exactly what these hackers/criminals want. In some browsers you simply click on the favorite bookmark and edit the URL section

A hacker simply search for the keywords in the registry and replace that with the phishing site URL.   

Yeah, I also use both along with HTTPS Everywhere. I also never do anything remotely related to crypto on a Windows machine. These are probably all you really need if you're aware of basic safety practices. I've heard of password managers and whatnot, but I personally feel like having fewer extensions is generally better.

Since you mentioned that you search google for threads and posts from this forum it could be useful to mention that you should enter the following into the search field in order to limit the google search to only the legit BT site:
In this way all the results will be from the original site and no other sites will be shown.

Brave had an update recently, IIRC it was to support more addons & more...

I haven't really tested it, but i hope someone more expert can see if any improvements were done

I've started to use the Brave browser. In fact it has advantages for a content producer, as well as just for browsing security.

You can support the Fit to Talk project by donating some of the free BAT ( Basic Attention Tokens ), and I will incorporate this into some of the other projects I have running. Also, it includes a Tor browsing window.

Bookmark the site you want is a good alternative also. It's safer and more comfortable for the user, as people are lazy to type (I am at least)

This is better for awareness though I have seen that phishing site already and even received an email for that stating that the ethereum had given airdrop for 1000 eth and for that he made a google.doc to make you believe that you will be given an airdrop for 0.5 ETH. The problem is that the there is a link for a website that will let you disclose personal details which means importing your account details or the wallet details and they will going to access it and transfer to another wallet which will leave you stealing your crypto.

I also want to add, if you can, disable "auto complete" or just ignore it and just type the whole URL, if you do not trust browser add-ons. I have seen reports of people, where the hackers inject the phishing site into the "auto complete" feature of the browser, so when you simply press enter, then it accepts the phishing site and not the real URL to the site you wanted to navigate to. 

How difficult can it be to type 15 letters to protect a very valuable account? Who says the browser add-ons are 100% accurate and safe to use?

I use uBlock Origin, and couldn't recommend it more. It works perfectly, requires minimal user set-up or maintenance, and I have never had any problems bypassing all those "Disable your ad blocker or you can't access this site" pop-ups and overlays we were just discussing. Having said that, I do also generally block Javascript by running NoScript, so I can't say for sure whether it is uBlock or NoScript that is responsible for blocking these pop-ups. I'm afraid I have no desire to turn either off for even a short time to ascertain the answer - I would recommend everyone uses both anyway.

I've heard that uBlock Origin is better, and is from the original founders of uBlock. uBlock apparently has shady behavior, though I haven't bothered to check myself. Just a quick heads up. Try Googling the two before you settle on one.

If you just want a script blocker, nothing beats NoScript imo. It's only for Firefox though.

OK. Other options you can try are using an ad blocker like uBlock which trys to prevent websites from doing this by blocking Javascript. Or simply disable Javascript altogether on the Business Insider website - the NoScript add-on which was linked in the 2nd post in this thread will do the trick. You can also do this natively in Chrome by clicking the padlock to the left of the URL, clicking "Site Settings", and disabling Javascript.



Bear in my the add-ons I've linked will do nothing to protect you from phishing. They are good for online privacy, anonymity and to prevent websites from tracking you, but these things should be of interest to most crypto users.

I didn't know about this one, Thanks for bringing it out here. This will be part of my guardian angels from today


Agreed I use it too in my Firefox browser, You can also stop the blocks on other sites in an instant, That's why I like it compared to other adblockers... Am going to add it on OP, with credit from you.


Thanks for the list. I will update the Original post so that members will be able to see all these addons. One thing I forgot was to include links to the addons i mentioned. Your formate is nice and easy, i will use it.

I know this procedure already but unfortunately some websites are tricky even if you have deleted the elements of the overlay you will be left with an unscrollable website that is still dimmed by some overlay. Just like what I have tried doing in some articles of businessinsider you will still be left something like this, I suspect that there are still codes still left to be deleted which is not part of the main overlay code which they purposely have done in order not to avoid turning off your ad blocker.

There is one more elegant solution, which is to use ublock extra.
Ublock extra let's ublock ignore anti-adblock mechanisms.

Unfortunately, it only works in Google chrome..

In either Firefox or Chrome you can do the following:

Either press F12 to bring up Developer Tools, and click the small pointer in a box at the top left of the toolbar to select Inspector -OR- press Ctrl + Shift + C
Select the pop-up box/window/overlay that is getting your way
Press delete
Press F12 again to close the Developer Tools toolbar

I have a bad experience in using ad blockers in that way especially if you are visiting websites that won't even allow you to use their website if they detected you are using an ad blocker software just like when I visited business insider they will block their article with a window until you turned off your ad blocker. Also if you yourself are always being redirected to unwanted ad websites or your browser is showing a lot of pop up ads chances are your computer is infected by a malware and cleaning it up with a malware cleaner like malwarebytes could do the trick.

If you are looking for a browser you can just download and run with, with minimal set up or configuration, then I agree Brave is probably the best "out of the box". However, Firefox supports much more advanced add-ons, just a few of which I have linked to above, and also allows a lot of customization and tweaks through about:config and "user.js" configurations. I haven't used Brave for several months, but last time I did it was absolutely horrible for browser fingerprinting. I'd be keen to know if that has changed?

If you don't want to configure Firefox, then Brave is a better choice, but a properly configured and customized Firefox browser is better than Brave in terms of privacy and security.

No mention for the Brave browser in a crypto board is quite strange, I started to use it in both PC and smartphone, it's pretty good!

I had not heard of Netcraft before - I'll be looking in to it, thanks for that. And a definite +1 from me for NoScript. For security, I'd also recommend using HTTPS everywhere:

Site - https://www.eff.org/https-everywhere
GitHub - https://github.com/EFForg/https-everywhere
Firefox - https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
Chrome - https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp

Good to see you are also using uBlock and minerBlock from your screenshots. Other great add-ons from a privacy rather than a phishing point of view are:

Privacy Badger:
Site - https://www.eff.org/privacybadger
GitHub - https://github.com/EFForg/privacybadger
Firefox - https://addons.mozilla.org/en-GB/firefox/addon/privacy-badger17/
Chrome - https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp

Cookie AutoDelete:
GitHub - https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
Firefox - https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/
Chrome - https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh?hl=en

Decentraleyes:
Site - https://decentraleyes.org/
GitLab - https://git.synz.io/Synzvato/decentraleyes
Firefox - https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
Chrome - https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj

Using Adblock also helps you stay away from paid ads in Google, which may be phishing sites.

Ublock is probably the best one, and it is a must for everyone who uses a browser. You can download it for Firefox Android and desktop versions.

https://addons.mozilla.org/pt-BR/firefox/addon/ublock/

Another one to use but a little different from other: NoJs. It's an efficient add-on for your web browser activity
https://addons.mozilla.org/fr/firefox/addon/noscript/

Much paranoid, you can use a sandbox or edit your host file to allow access to only some websites. 5you can do it with some browser add-ons as well). You could also set up a virtual machine

When I had just gotten to know about cryptocurrencies and joined this forum. My Online security consciousness was close Zero, I did almost all mistakes every newbie could do

- I would use the same email and password for every website sign up
- All my accounts had no 2FA implemented on them
- I would never bookmark important websites for easy lookup
- I would click on any link from google search and would never double check the web address when logging in etcetera

My rude awakening came when my Bitcoin forum account that had then attained a full member status got hacked, the password and email address were instantly changed, and I was completely locked out. That's when I realized that online security is a very serious matter. I could have easily lost all my funds if the hacker had followed up on the exchanges I used because all the login details were the same with no 2FA.

I Later figured out that my Login detail could have most like been phished by the (Bitcointalk[dot]to) site since I even never bookmarked Bitcointalk.org
Even today I still end up with links from the phishing site especially when I am searching specific results from Google that has been posted on Bitcointalk.org

What have always been my guardian angels these web browser add-ons I am going to talk about. These add-ons are a must have for anyone who takes online security very seriously.
I am going to use an example of the Latest Etherdelta like phishing site.



As you can see the address in the red box is not the usual legit http://etherdelta.com/ link, There is not padlock sign to show that the website is secure or the certificate is valid as the popup window warns. This should definitely be a red flag. However, if you don't look at the address, you won't know that have loaded a phishing website... That's why these web browser add-ons come in handy. To help you out when you are less attentive.

---

1. METAMASK

Besides providing an easy and safe way of making transactions on the Ethereum network with the different Decentralized apps, this web browser add-on comes in handy in that it will warn and block you from accessing any phishing site in case you click on the phishing link by mistake.
MetaMask is available in chrome, Firefox, Opera and Brave browsers



Website: https://metamask.io/

2. CRYPTONITE

This one is run by a team behind The Metacert Protocol. They certify legit crypto related domains and Twitter profiles of legit accounts to avoid impersonation scams.
When you load a profile or crypto website that has been verified and is legit, the Shield turns green. However, if the website is a phishing type or unverified, the shield remains black.

It doesn't stop at that, if the website has been reported for phishing attempts, it will also block you from loading the web page.
Unfortunately, this extension that started as a free plugin is now a paid service.



Website: https://metacertprotocol.com

3. NETCRAFT

Clicking on it after you have loaded a web page will show you the website details and it's risk ratings.
Usually, phishing sites are shown as recently created/new or there is not much information about the site yet (this should be a red flag). The risk ratings a usually high too, in most cases it's 9 for a phishing site and 0 for a legit site.
This Add-on also provides a user with much more details about the domain name, when it was registered and when it could expire.

Website: https://www.netcraft.com/


4. PHISHFORT PROTECT

This is a new kid on the block but really promising. This add-on is also a very important tool that will protect one from phishing attacks and scams targeting crypto users. PhishFort Protect is free and have an open-sourced the code base.
The add-on is available for chrome and chromium bases browsers like Brave. Unfortunately it's currently not available on Firefox

When you have installed the plugin,
- If the website is genuine and has already been categorized, a blue badge will be shown on the add-on.
- If the website is has not been categorized or is unknown, the badge will remain Grey.
- If the website is a phishing/scamming version of an already categorized website like Binance, a red badge will be displayed with an immediate warning message on the screen



Website: https://www.phishfort.com/protect


Using a combination of these web browser add-ons can be of very much help

---

---

UPDATE
➖ PhishFort Protect add-on included thanks to ePesoInitiative

Work in progress to include more anti phishing add-ons. If you know of any good anti-phishing add-ons, please comment them in the thread and I will update the list with credits to you.
Thank you.