Topic: Tips needed in Identifying a fake web Address (Read 395 times)

Decent scammers buy https these days , it doesn't mean much tbh

I really appreciate your various contributions on this thread in giving it more meaningful application with your contributions, it has given me more insight and a widen scope to understanding better ways to identifying malicious/fake web address. I've updated some as advised even though it took me while before updating.

And to everyone who has contributed and engaged with some piece of advice in making this topic worthwhile, you're all appreciated.

Uses an algorithm to check if the website with real reviews or a phishing, with fake products
https://www.scamadviser.com/

Reputation checker detect potentially malicious websites
https://www.urlvoid.com/

Yes and no. It is safe from eavesdropers but not safe from the owner of the website and the owner of the website can be a scammer.

The padlock in which the site will be https, the s is a TLS certificate. TLS certificate protects user's data from eavesdropers in a way the data is encrypted between the website and its users in a way nobody can know the data transfered between the user and the website because it is encrypted, nobody will be able to trace or steal the information. Also such encrypted data can not be altered, changed or modified in a way it will not be known. Also this authenticate that you are communicating with the real owner of the site you are visiting (but know that the owner of the site can be legit or a scammer).

So your data is not leaked to eavesdropers, can not be modified and it is secure from the public.

Taking this as an example. You are visiting a reputed site that requires you for payment with your credit card, the site has the padlock and https. If the site is reputed, you can provided your MasterCard details included pin to make payment, like on reputed online stores. But if not having the TLS certificate, do not provide such information because it can be known to other people and be used against you to steal from you, it means the site is not having integrity and should not be used for your own data safety.

But on the other hand, a scammer can have a site with a reputed domain and having the TLS certificate, but having just the intention to scam people, that is why to never trust even sites that have the certificate, you need more research and check if a site is reputed enough. Example is a site that belong to scammers that has the encryption certificate but asking users to input their seed phrase, in this case, the owner of the site will still know the seed phrase (but eavesdropers do not) and the owner of the website will steal your coins.

So we can say the data is safe from the public but the owner of the site can still scam you because it is even the site you are communicating with, so in this case it can lead to scam.

If people truly cared, they would need only two clicks to find out what that padlock means.  On my Tor Browser, clicking on it displays the message "You are securely connected to this website".  Securely CONNECTED.  This obviously does not prevent errors like you entering your seed on a website or you downloading executables.

-
Regards,
PrivacyG

No …:


Don’t confuse the traffic being encrypted between you and the site, and the site being safe. Any site can be deceptive, regardless (and sometimes specially because) of the padlock. We’ve seen hundreds of sites here on this forum that were clearly scam sites, and people trusted them partially due to the presence of the padlock.

So the lock to the left of the website isn't safe enough?

May sound like it is safe, but it is not.  Not to me anyway.

A scammer who knows about this 'trick' could benefit off it.  I do not have much experience with website domains and all of this but I think my idea is plausible.  Create a website that looks like a link shortening service and create a redirection from a link on your website, say block.ly/tEsT01 to a malicious website.  Then create the same redirection for block.ly/tEsT01+ so that it is not invalid nor is it a safety feature but both redirect instead to the malicious link.

Even if it sounds like a safety feature, it is like saying adding a + after a malicious website helps avoid whatever it is doing.  Before you know, you are on the website you tried NOT to visit.  No way I am going to paste that link in my web browser's address bar!

-
Regards,
PrivacyG

It's not really a trick but rather a feature provided by some URL shorteners to let visitors view the real link they will be redirected to so they can decide whether to open it or not.
But you are right, it's safe because even if the URL shortener doesn't support this safety feature, the (+) symbol at the end of the link will make it invalid and in most cases you will be redirected to 404 not found page.

Checking the padlock and HTTPS certificates are the very preliminary steps one should take before entering some really sensitive info on a websites, specially because certificates can be often faked and easily purchased. They hold little meaning, but this step can be used to weed out small-scale scams.

Some URLs contain non-ASCII Unicode characters that look very alike ASCII English alphabet letters, so it's not possible to distinguish by the human eye, and for that, as mentioned above, Punycoder is a very useful tool.
Also surprisingly common, check for typos in URLs, very subtle typos are common in fake URLs. Another way to avoid them is by bookmarking links or maybe remembering the web-addresses of certain websites like the netbanking login for your bank, because searching them up on Google and clicking a result may result in you clicking one of those spam sponsored ads, which might be malicious and take you to a similar looking website.

Beware of just clicking any links in an email before checking the full address of the sender, phishing scams are very common via email. Cryptocurrency frauds are very common via way of phishing scams through email. This website provides a pretty in depth guide on how to avoid and look out for such scams: Basic guidelines to spotting a phishing scam

You can safely hit enter on such a url because the browser will not redirect you to the destination (unshortened) url, but you will get additional information about the shortened link.

This trick also works with some other URL shorteners, for example tinyurl.com.

It's applied for shortened links such as bitly links. Adding "+" at the end of URL link and you or anyone click on that link will be directed to a page with full details about the link.

Let's try to click on the link in my previous post that is a shortened one of this topic link. 

This also works with some services offering website screenshotting.  Helps if you want to check what the page looks like before actually entering it.  You just put the link, wait for the image and verify the website's screenshot.

How does this work?  Is it a trick I do not get, or is it just for bitly?  I tried adding a '+' at the end of bitcointalk's URL and it just loaded up, nothing more.  Would not do the '+' trick simply because I would not trust pushing the Enter button on a link I do not trust anyway.

-
Regards,
PrivacyG

• Check shortened links with https://redirectdetective.com/
• When you see a shortened link, you can add + at the end of it in order to get information about that link

https://bit.ly/3qi3h0F+

Avoiding to click on Emails sent by unknown people or foreign emails will save us from the phishing trap. Their messages will usually only go to SPAM and it can be confirmed that messages that come in SPAM will not be safe. I never even open a SPAM message, delete it and get rid of it so it's not read or clicked.
I'm still using the bookmarking system and it could be more effective, but still need to be careful on the domain url so it will be more secure.
The important thing is not to enter a private key if you find a website like that.

Verifying the website address/url is the most appropriate thing to do, because a single error caused by a typo can compromise your account information. One should pay attention to this when trying to login to an account, contains important information and there is a money balance in it.

As for the signs of the lock, it does not guarantee the authenticity and security of the website. because, lately, a lot of phishing webs have activated their SSL to trick users. maybe this article can be one of the reason to makes all of us not too depends to pad lock sign on the web. https://www.ipswitch.com/blog/https-and-a-padlock-does-not-mean-a-website-is-secure

There is a "URL history" feature which actually reduces the bookmarking function and almost all browser apps support it. Tbh, I don't save too many bookmarks for a long time on my mobile.
In phishing attacks that are commonly spread on emails and social media PMs, scammers often add subpage urls of the site in such a way (eg to promo pages) that it can be a point of attention rather than checking the domain first.

To build on this, it's better to visit all critical websites via your browser's bookmarks or by typing the complete url address into the address bar, rather than searching on search engines. Not only is this more secure, this method is also generally faster.

Alternatively, you can visit the majority of your critical sites via the Google Chrome bookmarklet (launcher). Click the 'save' button to create a new bookmark on your desktop that opens the destination web page.

The extension only works with the desktop browser but not with the mobile browser. I do not think there is an app that is currently available that detects such kind of threat on a mobile device browser. Kiwi is the only browser that allows extension on an android mobile device but there is no guarantee that the extension will work. The other way is to first check the URL using the Gluee tools and then visit the website, which I am sure most of us will forget.

Therefore it is always a good practice to check the URL and always remember the correct URL address. Always avoid clicking text advertisements on Google as scammers use Google ads a lot and the same applies to social media ads.

There can be fake site similar to an original site while the fake site belongs to scammers, but we should still know that a site can be authentically belong to a scammer (that is, the fake site can be originally owned by a scammer), this is very common, for a site to have his own domain but belonging to scammers. To know such site belong to a scammer which is all that matters, you should know from what the site is offering which may look like Ponzi scheme and other forms of high yield investment program, you can as well check the domain name through sites like whois.com which their registration may likely be new. Most people that visit the fake sites that look like original sites are mostly clicking on google link ads or ads generally which direct them to a fake website, visiting the right site directly is better and also avoiding clicking on ads and link ads

I will provide further tips to avoid being a target of such scams.

1. Make sure to bookmark the safe versions of websites you visit.  When you know the bookmarked one is the safe one, there are less chances of accidentally entering a fake website.  This is also a good change of routine for those who always Google up websites when they need them.  If you have a bookmark it does not only get you quicker to the desired website.  You now also skip having to triple check the website's legitimacy on multiple sources.

2. If you are unsure, make sure you double check for the correct address on multiple sources.  Not sure where is the correct, legitimate link for Electrum?  Check if the one you are on matches the one shown on Bitcoin.org.  Check other threads on Reddit or the official subreddit's description if there is one.  Check the official Telegram group.  Ask on Bitcointalk for the correct link.  Still unsure?  Double-check with another device.  Ideally, on a different device on another network such as mobile data.  Not sure which is the right link for Binance?  Check your e-mail for older deposit or withdrawal e-mails you received.

I strongly believe the only trust you should have is in yourself.  If you check for the legitimate address on multiple sources from different devices and networks, the chances of getting scammed substantially decrease.  Bitcoin.org may be hacked at any time to show a fake Electrum address, but what are the chances Bitcointalk, Reddit, Telegram and all these other websites have been compromised as well?  Do not trust, verify.

-
Regards,
PrivacyG

5. Learn what are, and how to identify, domains with punycode: UPDATED!!! Punycode and how to protect yourself from Homograph Phishing attacks?

The rate of increasing online social media scam is alarming this days by using fake or imposting a particular web address in other to deceive users into their trap thereby creating a  similarly identical web address to the original one claiming ownership in other to lure users into their fraudulent acts, i will be talking specifically about steps and procedures needed in Identifying a fake web address from the discussions below.

Verification of web address:
It is very important to know the correct url to the intended website to visit, check if this is misspelled or altered, e.g mcdonald.com can be changed to mcd0nald.com while another means is by altering into the web domain extension such as mcdonald.com to be altered with mcdonald.org

Verification of the site seal:
This is done to be rest assured that the site to be visited is authentic and not fake as it tends to reveal information about the site and any seal that does not display informational content tend to be a fake seal and can be a suspicious sign to a fake web address


source


Confirm the Lock sign
This is a sign that guaranteed data encryption on the website using TLS and lock are of three types namely:
Extended validation lock: this is used for higher security level by advance businesses and organizations
Domain validation lock: this verify the domain ownership
Organization validation lock: this Authenticate business registration with a regulatory body.

A browser is design to give a warning sign that the site about visited is not secured if the lock sign is found missing but it is also good to note that having the lock sign doesn't guarantee the site is not fraudulent or cannot be termed as fake site.

Run a check on the web Address
Verify through a proxy validator otherwise known as website checker is used in verifying site validaty and vulnerabilities it may have. Other means is by running through their privacy and policy check and their online reviews while importantly, whenever you come across such a fake web address "give it a total negligence" by avoiding it.

Punycode Phishing Attack

Punycode is said to be the translation of characters that are symbols, non alphabetic or letters from any non English origin to appear to be in English letters in other to stage a malicious domain for an attack, they make use of a Cyrillic or Homograph character to appears like the exact alphabetic in your address in other to blend it along and launch users into their trap for an attack, they mostly targeted at stealing user's password and data after getting access through.

An example of a secured web address will indicate this:

source

Example of Punycode attack: a good and updated browser will detect the presence of Homograph

source

Protection Against Punycode Attack

This Punycode Attack can be minimize and this lies on individuals responsibility by not:

1. Avoid clicking on phishing mails, links, ads and apps that look suspiciously enough for a malicious Attack.

2. Ensure to make use of standard and updated browsers like safari google chrome and internet explorer while firefox along other browsers are not recommendable for use at all as they tend to develop a weaker ability to detect Homograph character on browsers effectively except its been activated from the browser's settings to function by the user.

An unsecured browser will display this option:

source

At the site of this, its a warning signal that a malicious  Punycode attack has been detected and such user is expected to back off and "never continue".

Redirect Detective

This is used to verify address that redirect users into another thing entirely, users will wanted to test or get a proof to authenticate the address and most are found with short and suspicious address, they can be verify here: https://redirectdetective.com/ by adding the (+) plus sign at the end of the address.

Link:
https://bitcointalksearch.org/topic/punycode-and-how-to-protect-yourself-from-spoofed-urls-and-fake-websites-5184169