Pages:
Author

Topic: What to do to avoid phishing sites - page 2. (Read 1037 times)

sr. member
Activity: 444
Merit: 254
September 07, 2019, 06:11:52 AM
#24
Hi all. Recently I have found this thread about Phishing Quizzes which will help you to become more experienced in detecting Phishing sites.

https://bitcointalk.org/index.php?topic=5178375.new#new

There is a list of quizzes which you can start.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 23, 2019, 11:53:31 PM
#23
This thread will help you with another tool to fight against phising sites by using host-files
Host-file to deal with phising sites
However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them.
legendary
Activity: 1624
Merit: 2481
August 16, 2019, 03:37:25 AM
#22
It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.
Remember site address is the best.

To tamper with the bookmarks you made, someone needs access to your device or browser.
And with access to one of them, you are in more trouble than just having your bookmarks changed.

Remember the sites and typing them each time can lead to misspelling them. So that's not a perfect solution either.

A better solution would be to remember the IP address of the web server, and each time before visiting it you do a DNS lookup to check whether the hostname resolves to that given IP address.
Then visit the webserver via the IP address. But if they are using cloudflare, that's not possible.

This was obviously overexaggerated.
But visiting the site properly is not such a trivial task. Each method has its ups and downs.

There is no 'best' solution. There are countless attacks on each way of visiting a website. Some are trivial to detect while others are not.
The most important thing is to use your common sense and be careful. Regardless of which method you are using.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 16, 2019, 12:03:24 AM
#21
What I do is I bookmark the important sites that involves transactions like myetherwallet and some crypto exchanges. Some accounts that have 2fa will be difficult to hack even if you clicked a phishing sites. Popular browser like google chrome and mozilla firefox automatically detects malicious websites so it's best to use for everyone.
It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.
Remember site address is the best.
jr. member
Activity: 300
Merit: 5
August 15, 2019, 11:22:26 AM
#20
I just learned about these guys https://www.phishfort.com/

had a peek into their blogs and seems like they know what they're up to
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 14, 2019, 10:49:30 PM
#19
I believe when you search for something on google, it will give you different result of what you've searched for and it abit highlight of the result found. You read carefully and, click on the one that's explain it better
In crypto, the first place you should visit and use when you want to search on crypto projects is coinmarketcap.com.
Visit that site, type project name in search box, and see what you get. If you can find project on coinmarketcap.com through its search box; it is somehow give you links to those projects' channels (Websites, Github, Available exchanges, Explorers, etc. - official ones, not phising ones). Projects already listed on coinmarketcap.com do not equal to good projects, but at least you will not get phised by phising sites.

For important sites, you have to remember their site addresses, and bookmark can be used and helpful. However, bookmark has its own risks of being tampered.

Avoid starting to search using Google if you can find those projects from coinmarketcap.com
jr. member
Activity: 266
Merit: 4
August 08, 2019, 08:57:47 AM
#18
I believe when you search for something on google, it will give you different result of what you've searched for and it abit highlight of the result found. You read carefully and, click on the one that's explain it better
legendary
Activity: 2576
Merit: 1655
August 08, 2019, 05:07:05 AM
#17
For FF users, there is one trick in the book that can help you see the punycode.

[1] Type "about:config" in the address bar


[2] Then type "punycode" in the search bar


[3] Then double click on "network.IDN_show_puny_code" and enable it to true.
legendary
Activity: 2576
Merit: 1655
August 06, 2019, 10:23:36 AM
#16
Thanks OP for mentioning my name,  Grin



Best is to use Google chrome and adblocker, also keep track on HTTPS
10 years ago that would be enough but today HTTPS is no proof of anything. It costs only a few $ or is even free and all it does is it creates a wrong sense that the website in question is legit due to the encrypted connection.

Correct, actually I open up a thread about that one, PSA: Cyber Actors Exploit 'SECURE' Websites in Phishing Campaigns - FBI
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 05, 2019, 10:33:39 PM
#15
This is good for google chrome browser users but how about for other browsers?

I've installed metamask before and whenever I landed to a suspicious sites, it gives me a warning but I have uninstalled it. I want to know if someone who's still using it and if its still working?

Yes, Metamask still has that feature as far as I know. But seriously. You really just need to stop googling websites that you know and already use anyway. Instead, simply accurately type it in on the address bar, and bookmark the page for future use. Problem resolved.
legendary
Activity: 2730
Merit: 7065
August 03, 2019, 03:22:39 AM
#14
Best is to use Google chrome and adblocker, also keep track on HTTPS
10 years ago that would be enough but today HTTPS is no proof of anything. It costs only a few $ or is even free and all it does is it creates a wrong sense that the website in question is legit due to the encrypted connection.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 02, 2019, 04:00:07 AM
#13
Additional point:
In previous posts, I wrote about important sites. For example, coinmarketcap.com, from which you can easily search for links to exchanges, Binance, Bitmex, Okex, and so on. It is good if you remember those sites, but if you don't remember, searching them from reliable sites, that you remember. Most of things in crypto can be searched with coinmarketcap.com (project's website, explorer, social channels, available exchanges, etc.). Honestly, I always begin from CMC, not Google.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
August 02, 2019, 03:50:24 AM
#12
I think people should be more observant and also not be too lazy to double check and to verify the link that they use on a daily basis. Some people simply click on a bookmark in their browser, thinking that the URL cannot be tampered with. They will simply click on links in emails, without verifying that the URL does not redirect them to a phishing site.

If a URL is short, just type it... it is as easy as that and also check the auto-completed part of the URL, if it is stored in the browser cache, because that can also be tampered with.

Simply be more observant and double check every URL, before you use it.  Roll Eyes
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
August 01, 2019, 09:09:21 PM
#11
Best is to use Google chrome and adblocker, also keep track on HTTPS
This is good for google chrome browser users but how about for other browsers?

I've installed metamask before and whenever I landed to a suspicious sites, it gives me a warning but I have uninstalled it. I want to know if someone who's still using it and if its still working?
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 08:24:01 PM
#10
The point is there is no phisers will build their phising sites to clone small, unfamous sites. They always target at famous sites, like the forum, Binance, Electrum and so on. I don't see issues to remember extremely important things in my life, such as my wife's phone number, my house address,  and it is the same for important sites in crypto. Just remember them (always narrow down your list of most important sites for your interests - less than dozen, maybe; then you will remember them). Always bookmark for cases you forget their addresses.
member
Activity: 422
Merit: 52
August 01, 2019, 11:27:36 AM
#9
There are few tools which detects phishing site. You should add them in your thread.

NetCraft: https://chrome.google.com/webstore/detail/netcraft-extension/bmejphbfclcpmpohkggcjeibfilpamia?hl=en
WOT: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=en
HTTPS Everywhere :https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 09:10:09 AM
#8
Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds.

I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort.
Exactly!
I know that time, when the forum has running text warned about that phising attacks, and theymos created a thread to warn about it, too.
Hang on minutes, I will give you theymos' thread on this.
This one:
Electrum vulnerability allows arbitrary messages, phishing
Anyway, you made a point, that deserves to add in OP. Thanks.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 01, 2019, 08:29:10 AM
#7
If someone use the same computer, that already install Electrum wallet (for example), just click on link from the wallet to upgrade to newest version. There is no need to search for site of Electrum, then might get trapped.

Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds.

I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 08:20:06 AM
#6
You're right, however, for some cases (namely electrum) I still advise remembering it (electrum.org), just because one may need it on a fresh PC or a live OS.
But yes, for normal use bookmarking the proper site is also a great approach.

Anything, just don't search for it, because fake sites are often returned in the top of search results, and don't click onto links in e-mails, websites and so on.
Sure. It is the same with forum address. Anyone of us don't remember the forum address: bitcointalk.org. It is easy to remember most important sites. For the rest, use bookmarks, and spreadsheets.
If someone use the same computer, that already install Electrum wallet (for example), just click on link from the wallet to upgrade to newest version. There is no need to search for site of Electrum, then might get trapped.
One more thing, people should dedicate one computer for extremely important things: Wallets.
Their rest devices can be used for other stuffs: log in emails, log in exchange accounts, log in the forum accounts, and for entertainments.
Pages:
Jump to: