Topic: Ways to prevent Cryptojacking ,hacking etc. (Read 296 times)

Another important factor is not to click on unknown links or download suspicious files. A very good tool to check these unknown links is virustotal.com. You can check URLs, IP addresses, domains or files for viruses or malware. This really helps you a lot, when you are in the crypto world and confronted with unknown, maybe suspicious links on a daily basis.

Also enable 2FA (Two Factor Authentication) on sites where you have Crypto currencies stored. If you do this, the hacker cannot do much with your authentication details, because he needs the 2FA details too.

A standard rule I follow is NEVER to store large amounts of Crypto currencies on sites without 2FA, to reduce any potential losses if I get phished or hijacked. The 2FA are not foolproof, so do not store large amounts of coins on any site, even if it has 2FA features.

Avoid accessing your Crypto currency sites over public WIFI, because some of these sites will give you FREE WIFI, but they log and record your sessions to gather data and also to perform a man-in-the-middle attack (MITM).

Also check the SSL certificate of the website that you are visiting to verify that they have a valid SSL certificate.    

Exactly... you could easily recognize suspicious links if the link look suspicious it is better not to click it or verify it first before opening it to your computer.

You made your point this are great tips to protect your computer from possible hacking..

Thanks for the information!

Some of the most important way of preventing hacking is

 - 'DO NOT OPEN EVERY LINK SENT TO YOUR SPAM'.

- ALWAYS CLEAR YOUR BROWSER CACHE AND COOKIES.

I could have explained it better, you are right. You can add the characters to the new location where the address will be copy/pasted to.
Add 548rtef (just an example) to the address bar. Copy/paste your address to the address bar and manually delete the previously added 548rtef.

What happen if a known app will be hacked and and all data get stolen?

Thanks for your explanation, I understand how to do it, but I don't understand what you said in the end. But anyway, I had the answer  you are so kind

I don't understand how you can add characters to an address without copying it before?   So it turns into a recursive joke, you need to add characters before copying to be able to add characters for copying it   LOL
I prefer you first solution, I think I'll use it when I will work on unsafe devices.

Or intentionally leave out a few characters from the end or the beginning of the copied address and manually enter them after pasting the address.
It would probably work equally as good if you added a few characters to the address you intent to copy and delete it after pasting.
But all these steps are of less importance. The main problem is that people are in a hurry and forget/don't want to double/triple check pasted addresses.

Interesting finding. I didn't remember you could bypass the forum protection by just omitting the colon mark (":")
If you try to write [url=http://google.com]https://bitcointalk.org[/url] instead
it won't work : http://google.com is automatically displayed

So we must be careful about this kind of url too...  

I figure @hugeblack means that, if you are going to resort to performing a copy/paste of an address, aside from the measures related to verifying the address properly once pasted, you can perform the copy/paste action of the address not in one go, but rather copy/paste one segment of the address first, and then the second segment of the same address. The idea would be to throw a potential clipboard-jacker off it’s tracks, which does not mitigate the need to verify very carefully the resulting pasted address.

Can you explain the meaning of this? It's quite strange to me  ways to do it and its meaning, i don't understand. Expect answers from you 

People view security from the wrong perspective - you can try your best to keep malware away from your system, and I it's indeed a good thing to do, but it's smarter to also isolate your private keys from potentially unsecure environment. Easiest way to do this is to get a hardware wallet, an alternative way is to make your own cold storage setup. Even this might not fully protect you from cryptojacking, so always manually verify the addresses that you are about to send your coins to; but it will protect you from malware that steals your private keys.

Your post is good, that's why I want to point out some points.

Update your operating system
To protect against security flaws in mobile phones, be sure your mobile phone software is updated regularly. Don’t ignore those “New software update” pop-ups, even if your storage is full or your battery is low

Enable click-to-play plugins
One of the more devious ways that exploit kits (EKs) are delivered to your computer is through malvertising, or malicious ads. You needn’t even click on the ad to become infected.

Remove software you don’t use (especially legacy programs
So, you’re still running Windows XP or Windows 7/8.1? Microsoft discontinued releasing software patches for Windows XP in 2015, and Windows 7 and 8 are only under extended support. Using them without support or the ability to patch will leave you wide open to exploit attacks. Take a look at other legacy apps on your computer, such as Adobe Reader or older versions of media players.

Watch out for social engineering
users through social engineering. Whether that’s an email that looks like it’s coming from your bank, a tech support scam, or a fishy social media campaign, cybercriminals have gotten rather deft at tricking even tech-savvy surfers. By being aware of the following top tactics, you can fend off uninvited malware guests:

Read emails with an eagle eye
Phishing is a cybercrime mainstay, and it’s successful only when readers don’t pay attention or know what to look for. Check the sender’s address. Is it from the actual company he or she claims? Hover over links provided in the body of the email. Is the URL legit? Read the language of the email carefully. Are there weird line breaks? Awkwardly-constructed sentences that sound foreign? And finally, know the typical methods of communication for important organizations. For example, the IRS will never contact you via email. When in doubt, call your healthcare, bank, or other potentially-spoofed organization directly.Bonus mobile phone tip: Cybercriminals love spoofing banks via SMS/text message or fake bank apps. Do not confirm personal data via text, especially social security numbers. Again, when in doubt, contact your bank directly.

Practice safe browsing
There’s such a thing as good Internet hygiene. These are the things you should be doing to protect against external and internal threats, whether you’ve lost your device and need to retrieve it or want to stay protected when you shop online.

Use strong passwords and/or password managers
A strong password is unique, is not written down anywhere, is changed often, and isn’t tied to easily found personal information, like a birthday. It’s also not repeated for different logins. Admittedly, that’s a tough cookie to chew on.  you may want to look into a password manager, which collects, remembers, and encrypts passwords for your computer.

Make sure you’re on a secure connection
Look for the proper padlock icon to the left of the URL. If it’s there, then that means the information passed between a website’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”

Log out of websites after you’re done
You could still be leaving yourself vulnerable if you don’t log out, especially if you’re using a public computer. It’s not enough to just close the browser tab or window. A person with enough technical prowess could access login information from session cookies and sign into a site as you

Use firewall, anti-malware, anti-ransomware, and anti-exploit technology
Your firewall can detect and block some of the known bad guys.

Thanks to:
https://www.google.com/amp/s/blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-malware-infection/amp/

In short, avoid downloading or visiting any website that is unknown or closed source.
Check out the address again, read and verify the first 4 words in Bitcoin or altcoin. or the last ome.


An old trick is to copy address in two parts.

And more than only read a link before clicking on it, it's always better to check it BEFORE ... pointing it :



Because, if we are not careful, we can think that we are on a particular site and may be we are on another one.

One glaring example : https//bitcointalk.org. Text here shows "BitcoinTalk" link leads to "Google".

It's a glaring example but it can be more malicious, with only one different character in URL to lead in into a phishing site for example. Paypal > PaypaI or such things.

Ways in Protecting your Self from Cryptojacking activities, Hacking, Phishing, Ransomware, etc.


‘CRYPTOJACK’
https://bitcoinist.com/interpol-southeast-asia-cryptojacking/


1. Always be aware of malicious download and suspicious email attachments, think before clicking.
2. Always use Adblock, you could easily download it in the chrome store.
3. Always on your antivirus or firewall to detect malware and prevent cryptojacking.
4. Make sure to always stay updated with your software.
5. If your smartphone is heating up even if not use this could be a sign that your phone is infected, maybe something is running in the background of your smartphone that could leak your data.
6. Be aware of the machines that are recently infected. Hacker could use a backdoor that could reinstall malware that is already deleted.
7. Be aware of a lot of phishing sites,cross-site scripting attacks, and SQL injection online, do not click links that are a message from strangers note: this could easily leak your data and get your accounts hacked or infect your files.

Read here for more info, Reference:
https://bitcoinist.com/how-to-prevent-crypto-criminals-from-milking-your-laptop/