Bookmark is our proven tool to land in a phishing site, so if you are not bookmarking and you do not have metacert installed you are in big trouble, make a habit always to bookmark or at least create a spreadsheet to all the sites that you are visiting.
I seldom type on the search bar sometimes hackers are cloning the site and advertising it in adwords and make it appear the real one in thesearch results
Topic: {Warning}: Fake Trezor.io website - page 2. (Read 397 times)
And i always thought phising sites didn't had https but thanks for the information that even https is being used by them now.
Haven't really came across a phising site in years, never click on them anymore, so..
Haven't really came across a phising site in years, never click on them anymore, so..
If you make a phishing site, then you want it to look exactly the same as the original, so why do you think that whoever making a phishing site will not add SSL? Perhaps the price was one of the factors limiting this possibility before, but today any site can get SSL for free: https://letsencrypt.org/
Are you sure that you did not visit any phishing site for years? Sometimes you can visit such site without doing any harm to you personally, all they want is your data, users' names/passwords.
makes sense.
well ofcourse can't be sure but yeah i haven't put my data anywhere like that.
phising sites are pretty easy to avoid imo
I have heard so many phising incidents between my friends that i always make sure to not put my data just anywhere. fun to teach them about the same as well
So thanks again for the info about HTTPS encryption on phising sites now.
And i always thought phising sites didn't had https but thanks for the information that even https is being used by them now.
Haven't really came across a phising site in years, never click on them anymore, so..
Haven't really came across a phising site in years, never click on them anymore, so..
If you make a phishing site, then you want it to look exactly the same as the original, so why do you think that whoever making a phishing site will not add SSL? Perhaps the price was one of the factors limiting this possibility before, but today any site can get SSL for free: https://letsencrypt.org/
Are you sure that you did not visit any phishing site for years? Sometimes you can visit such site without doing any harm to you personally, all they want is your data, users' names/passwords.
Do look up for https and secure connection (lock sign) to make sure the site is authentic
https says nothing about a site's authenticity. What https means is that any data you send to the site is encrypted until it reaches the site, and so can't be intercepted by a third party. Any site can use https. It doesn't matter if the data you send to the scam site is encrypted en route, since there is a scammer receiving and decrypting it on the other end. Using https is essentially, but that alone will not protect you from being scammed. Manually checking for https is also a poor method, because at some point you will forget. Instead install the HTTPS Everywhere browser extension: https://www.eff.org/https-everywhere
<…>Do look up for https and secure connection (lock sign) to make sure the site is authentic
Not really. In fact, I’ve seen a couple of surveys stating that at least half of the phishing attempts now use https, knowing well that it was interpreted (incorrectly) as a synonymous to the site being safe.This graphic depicts the surge in 2017 of https used on phishing sites, and how the trend is increasing (nearly) every quarter.
My bad on vocab, meant https meant secure.
And i always thought phising sites didn't had https but thanks for the information that even https is being used by them now.
Haven't really came across a phising site in years, never click on them anymore, so...
Thanks for the information guys
<…>Do look up for https and secure connection (lock sign) to make sure the site is authentic
Not really. In fact, I’ve seen a couple of surveys stating that at least half of the phishing attempts now use https, knowing well that it was interpreted (incorrectly) as a synonymous to the site being safe.This graphic depicts the surge in 2017 of https used on phishing sites, and how the trend is increasing (nearly) every quarter.
Do look up for https and secure connection (lock sign) to make sure the site is authentic
https says nothing about a site's authenticity. What https means is that any data you send to the site is encrypted until it reaches the site, and so can't be intercepted by a third party. Any site can use https. It doesn't matter if the data you send to the scam site is encrypted en route, since there is a scammer receiving and decrypting it on the other end. Using https is essentially, but that alone will not protect you from being scammed. Manually checking for https is also a poor method, because at some point you will forget. Instead install the HTTPS Everywhere browser extension: https://www.eff.org/https-everywhere
Thank you
Always bookmark your links and just use the official links for bank and wallet sites.
Do look up for https and secure connection (lock sign) to make sure the site is authentic
Always bookmark your links and just use the official links for bank and wallet sites.
Do look up for https and secure connection (lock sign) to make sure the site is authentic
Thank you for the heads up here, the fact that the hacker now getting smarter and always looking and find ways to fool naive people.
But I already aware and read this before 1 year ago here, https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced.
Make it sure you are accessing the correct URL(wallet.trezor.io) not only (trezor.io)
Source:
But I already aware and read this before 1 year ago here, https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced.
Make it sure you are accessing the correct URL(wallet.trezor.io) not only (trezor.io)
Source:
https://twitter.com/lopp/status/1180165965071474688
Also the site has been taken down already, everyone should be really careful accessing very sensitive site like trezor or ledger as there has been a target for hackers. I'm glad that it was taken down in less than 24 hours, but what if no one has reported this and people keeps falling for this kind of trick?
So again, bookmark everything here and double check every site that you are going to access.
Jump to: