Today, I saw this thread, started by @nakamura12, that reminds me that I read a few topics on the same issues with phishing sites and scammers.
A Reminder To Newbies!I think it is helpful to generalize some basic strategies of scammers and methods of phishings.
- Type #1: New domain names with additional prefix or suffix from famous sites' domain names
- Type #2: Fake domain names with minor difference in unicode (that mostly not discovered by careless people)
Some basic examples for two types of phishing sites:
Type #1:http://electrum.org.uk/
http://electrumclient.org/
http://downloadelectrum.org/
http://electrumsite.com/
http://electrumweb.net/
http://electrumupdate.com/
http://electrumproject.org
Type #2:BitcoinTalk.org is the ONLY domain the forum has.
Exchanges (Poloniex, Bittrex, Binance have phising sites with unicode, but I still not find them for examples; so if you know such topics, please help):
I've just received an email from some scammer which asked me to review Poloniex's new terms of use.
But the link leads to:
https://secure.poloniex.work/
When you know they are phising sites, you should do two things:
Report them to GoogleLike this
I check all sites from the list, the result is the following : First and last site from the list are loaded quite normal (no blocking from adblock, av or other security software), and other sites are blocked by my browser (Firefox) as
Deceptive site ahead with the following warning :
electrumclient.org has been reported as a deceptive site. You can report a detection problem or ignore the risk and go to this unsafe site. Learn more about deceptive sites and phishing at
www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org.
Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to
Google. In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected.
It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software.
Protect your computers by editing your hosts fileAnother one to be added to your hosts files then.
On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the hosts file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"
Add the following two lines to the bottom of the hosts file:
0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com
Your browser will now be unable to open those two phishing sites.
There are some of the most active users who keep updating phising sites:
-
socks435-
Baofeng-
GreatArkansasIf you are a fan of bitcoin, use Electrum wallet to store your bitcoin, you should be careful with phishing sites that try to clone Electrum site and never stop popping up.
You should follow them to get fastest updates on phishing sites.
Warning!Remember addresses of important sites are always the best!Sometimes, links to upgrades provided by official wallets might be abused by attackers, so it will be the best if you remember exact address of sites (to download walelts, ie.)
Thanks @NeuroticFish by reminding me about it
Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds.
I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort.
There is announcement of admin:
Electrum vulnerability allows arbitrary messages, phishingIMPORTANT NOTES:- Don't arbitrarily click on links (using Google to search that link plus keywords 'phishing sites' or 'phishing' to check those links)
- Remember exact links of limited, but extremely important sites.
- Bookmark links of wallets, exchanges, forums (important sites).
- Report phising sites when you find them or know about them by other's warnings
- Using
Host-file to deal with phishing sitesRead more:
-
Tampering attacks!-
Punnycode attacks-
[LEARN] Phishing Quizzes - Beginners & Experts-
Host-file to deal with phishing sites