Author

Topic: What to do to avoid phishing sites (Read 1039 times)

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
December 16, 2021, 04:19:52 AM
#45
<…>
Sites like the ones mentioned here don’t just aim for you to download something (normally malware on its own or bundled as part of the installer’s task), but they also may prompt you to provide information that ranges from personal and contact information, login credential, through to crypto mnemonics.

Besides, in general terms, the person that lands on this sort of page may not have a clue that he’s actually on a phishing site, and that is the core danger to begin with. Even if you purposely visit it to take a sneak-peak knowingly, you need to be careful with your browser history and configuration thereafter, since your browser may autofill to the phishing site later on because you has previously visited it (when typing what you think is the proper url).
full member
Activity: 1750
Merit: 186
December 15, 2021, 08:42:07 PM
#44
Did visiting any of those sites without downloading the program cause issues though?
member
Activity: 518
Merit: 45
December 14, 2021, 09:31:12 AM
#43
One thing I forgot: DON'T USE GOOGLE!
Google is very convenient and fully featured, but they collect your data and sell it. Use Duck Duck Go as a search engine. Not as pretty, but they don't touch your stuff.
I use Google a lot and I have not encountered any phishing attack simply because am very careful with the kind of links I click on and I often store my details such as password and credit cards on google.
full member
Activity: 182
Merit: 190
December 11, 2021, 10:37:11 AM
#42
One thing I forgot: DON'T USE GOOGLE!
Google is very convenient and full featured, but they collect your data and sell it. Use Duck Duck Go as a search engine. Not as pretty, but they don't touch your stuff.
member
Activity: 798
Merit: 34
December 10, 2021, 02:09:34 AM
#41
Thanks for the information, there are more phishing site like this that are not real, one need to be extremely carefully.  People create all this fake site to scam people  and the rate of this is increasing daily.
full member
Activity: 182
Merit: 190
December 09, 2021, 12:45:36 PM
#40
For FF users, there is one trick in the book that can help you see the punycode.

[1] Type "about:config" in the address bar


[2] Then type "punycode" in the search bar


[3] Then double click on "network.IDN_show_puny_code" and enable it to true.


Thank you, I just did the punycode thing.  Cool
Using adblock plus and forcing https is always a good idea. It's also important to pay attention to the address you're clicking on. Most people don't even look at that.
If a link pops up in your wallet (or your email, or anywhere) and tells you to "update it", DON'T FOLLOW IT, go to your wallet's page and look for the update.  Bookmark sites like Github, so there's no chance of you inadvertently going into the wrong address. But, most importantly BE CAREFUL when you click on a link, always.
full member
Activity: 1092
Merit: 105
Sugars.zone | DatingFi - Earn for Posting
December 09, 2021, 05:58:18 AM
#39
I had a case with MEW when I didn't check the site address and decided to go to the first link through Google search...and I realized that I was phishing, the private key was immediately compromised and it was a lesson for me, now I check the link several times where I go and do not use the search engine to search for such sites.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
December 08, 2021, 06:55:21 AM
#38
Nice post, but I didn't see any information on how to prevent mobile phones from reaching phishing sites. Today we use mobile devices every day, and precautions must be learned by us as a multiplication table. We have dozens of applications installed in our mobile phones, which also contain data about the payment systems we use, data from social networks, and so on.
Therefore, users also need to observe caution when they install applications, strictly adhere to the official stores. Do not trust the links they receive as SMS messages.
And of course, timely updating of systems and the use of licensed antivirus will help to stay safe and save data on the device without all sorts of hacker hacks.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
February 12, 2020, 12:34:35 AM
#37
bump
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
February 07, 2020, 09:48:06 AM
#36
That's so true, most internet users become a phishing website victims because they are believe if phishing sites will not using SSL. But, in current internet era, anyone can use SSL for free for their websites. Based on data few years ago, there are 15,270 phishing website with SSL. How it happen? because they can get SSL for free, so if we don't re-check the site address, of course we will become a victim. The best way always double check domain address that you visit and recheck link inside email before clicking, it will make us save from phishing.
Exactly. The figure you gave on 15270 phishing sites with SSL is an impressive detail for my topic. I appreciated it.
It is a cool guide on SSL vs. TLS! that I saw minutes recently.
legendary
Activity: 2324
Merit: 1604
hmph..
February 07, 2020, 09:32:42 AM
#35
https sites are what you implied but phishing sites can be https ones, and they are not restricted to http sites.

That's so true, most internet users become a phishing website victims because they are believe if phishing sites will not using SSL. But, in current internet era, anyone can use SSL for free for their websites. Based on data few years ago, there are 15,270 phishing website with SSL. How it happen? because they can get SSL for free, so if we don't re-check the site address, of course we will become a victim. The best way always double check domain address that you visit and recheck link inside email before clicking, it will make us save from phishing.


Related thread: Half of all Phishing Sites Now Have the Padlock Sign by @Pmalek. In this thread i share about new data about phishing website with padlock sign increase about 400%
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
February 07, 2020, 08:49:58 AM
#34
this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on
Everyone can be attacked and as a consequence of that, given links from people who well known about are risky too. There is no perfect guarentee that given links from your wife/ husband/ relatives are safe. Checking links is the must step to do. Of course, we need to be more careful with links from strangers.
Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.
https sites are what you implied but phishing sites can be https ones, and they are not restricted to http sites.
that is why we must Bookmarked each sites we often visiting,and prevent our self from Clicking random links shared to our front.
Immediately click on given links is bad but bookmark is unable to completely safe us from attacks. Bookmark help us most of the time, but if there are Tampering attacks on our devices (caused by our bad internet surfing activities) bookmark will be changed and no longer to safe us.
sr. member
Activity: 2618
Merit: 439
February 07, 2020, 01:29:35 AM
#33
this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on
Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.
that is why we must Bookmarked each sites we often visiting,and prevent our self from Clicking random links shared to our front.

i am once a victim of phishing site lucky that i found earlier so my account did not compromised that is why from then?when newbie posted and share a  link?never that i risk clicking it unless there are someone prove that it is legit.
sr. member
Activity: 896
Merit: 267
★Bitvest.io★ Play Plinko or Invest!
February 06, 2020, 11:31:13 PM
#32
this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on
Most of us really don't check the url of each sites we are visiting so people who have evil motives take that as an advantage to get personal information from us, secured sites have the lock icon on the right side of the url so better to check it if you know that it is a secure site and also about emails do not open messages sent to you that you don't really know like a message sent to you without you even knowing the sender or the name, prevention is better than cure like what they say.
sr. member
Activity: 1106
Merit: 310
February 06, 2020, 07:17:19 PM
#31
this is a very helpful post mostly we don't look at the header or address sometimes we just click the link and wolah we are now a victim of phishing sites
we should also check who and where it came from since emails are the target of this , it will send to you and ask you to visit the site, example there is a reward, which is very eye catching for a potential victim, thanks for this post i hope everyone will be safe from now on
full member
Activity: 392
Merit: 116
Worlds Simplest Cryptocurrency Wallet
September 11, 2019, 09:43:56 AM
#30
Thanks for your post, you helped me a lot. However, I would like to add a little bit about how I identify and prevent phishing sites, which are:
- Make a habit of looking at the web address regularly, with any click or access, I always control the address I visit
- Save or mark important web pages, necessary and useful information to avoid visiting fake websites.
- Install website detection tools containing malicious and fake code like Metamask, ...
legendary
Activity: 2324
Merit: 1604
hmph..
September 11, 2019, 07:42:02 AM
#29
I create simple infographic top 9 most commons phishing using email and newbie member can avoid all of this kind email
read full article from source: https://now.uiowa.edu/2019/09/avoid-these-10-common-phishing-emails
you can find an example of each email phishing on there

here is my infographics
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
September 09, 2019, 08:05:37 AM
#28
I must say, there are lots of tutorials and procedures on how to avoid being phished on the internet for a while now, even before cryptocurrency existed, but there are still lots of internet users got fooled and become victims of these. And I say being knowledgable and being careful of what to click and what to input/type will be the key to prevent this.

But this tutorial is still helpful, so newbies should work and follow this one.
What attackers use are not strange, and the main reasons why attackers still succeed with their phising strategies are people still don't change their stupid, and careless habits. It is nearly same thing that we see on market, losers always FOMO and buy at peaks, but they usually scare and hesitate to buy (even if they don't get stucked and still have free money to invest) at bottoms. They repeatedly do this, and blame all their losses on market.
People give attackers access to their devices, identities, passwords, and more, by themselves, but they blame on attackers and their phising sites.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
September 08, 2019, 01:19:25 PM
#27
I must say, there are lots of tutorials and procedures on how to avoid being phished on the internet for a while now, even before cryptocurrency existed, but there are still lots of internet users got fooled and become victims of these. And I say being knowledgable and being careful of what to click and what to input/type will be the key to prevent this.

But this tutorial is still helpful, so newbies should work and follow this one.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
September 08, 2019, 12:44:39 PM
#26
This thread will help you with another tool to fight against phising sites by using host-files
Host-file to deal with phising sites
However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them.
It's also effective to add the phishing website in the host file just like the link. It is also better to know lots of phishing sites so you can add. It all depends on the person if he/she will do what we should do when it comes to phishing sites. Anyway, it's not only phishing sites that we need to avoid.
sr. member
Activity: 444
Merit: 254
September 07, 2019, 06:11:52 AM
#24
Hi all. Recently I have found this thread about Phishing Quizzes which will help you to become more experienced in detecting Phishing sites.

https://bitcointalk.org/index.php?topic=5178375.new#new

There is a list of quizzes which you can start.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 23, 2019, 11:53:31 PM
#23
This thread will help you with another tool to fight against phising sites by using host-files
Host-file to deal with phising sites
However, it is also helpful for known phising sites, for new phising sites, it is your responsibility to protect yourself through careful behaviours and whenever you find them, you should immediately report them.
legendary
Activity: 1624
Merit: 2481
August 16, 2019, 03:37:25 AM
#22
It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.
Remember site address is the best.

To tamper with the bookmarks you made, someone needs access to your device or browser.
And with access to one of them, you are in more trouble than just having your bookmarks changed.

Remember the sites and typing them each time can lead to misspelling them. So that's not a perfect solution either.

A better solution would be to remember the IP address of the web server, and each time before visiting it you do a DNS lookup to check whether the hostname resolves to that given IP address.
Then visit the webserver via the IP address. But if they are using cloudflare, that's not possible.

This was obviously overexaggerated.
But visiting the site properly is not such a trivial task. Each method has its ups and downs.

There is no 'best' solution. There are countless attacks on each way of visiting a website. Some are trivial to detect while others are not.
The most important thing is to use your common sense and be careful. Regardless of which method you are using.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 16, 2019, 12:03:24 AM
#21
What I do is I bookmark the important sites that involves transactions like myetherwallet and some crypto exchanges. Some accounts that have 2fa will be difficult to hack even if you clicked a phishing sites. Popular browser like google chrome and mozilla firefox automatically detects malicious websites so it's best to use for everyone.
It is good to use bookmark, but bookmark does not completely help you to be safe from threats. Eg.tampering attacks on bookmark.
Remember site address is the best.
jr. member
Activity: 300
Merit: 5
August 15, 2019, 11:22:26 AM
#20
I just learned about these guys https://www.phishfort.com/

had a peek into their blogs and seems like they know what they're up to
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 14, 2019, 10:49:30 PM
#19
I believe when you search for something on google, it will give you different result of what you've searched for and it abit highlight of the result found. You read carefully and, click on the one that's explain it better
In crypto, the first place you should visit and use when you want to search on crypto projects is coinmarketcap.com.
Visit that site, type project name in search box, and see what you get. If you can find project on coinmarketcap.com through its search box; it is somehow give you links to those projects' channels (Websites, Github, Available exchanges, Explorers, etc. - official ones, not phising ones). Projects already listed on coinmarketcap.com do not equal to good projects, but at least you will not get phised by phising sites.

For important sites, you have to remember their site addresses, and bookmark can be used and helpful. However, bookmark has its own risks of being tampered.

Avoid starting to search using Google if you can find those projects from coinmarketcap.com
jr. member
Activity: 266
Merit: 4
August 08, 2019, 08:57:47 AM
#18
I believe when you search for something on google, it will give you different result of what you've searched for and it abit highlight of the result found. You read carefully and, click on the one that's explain it better
legendary
Activity: 2576
Merit: 1655
August 08, 2019, 05:07:05 AM
#17
For FF users, there is one trick in the book that can help you see the punycode.

[1] Type "about:config" in the address bar


[2] Then type "punycode" in the search bar


[3] Then double click on "network.IDN_show_puny_code" and enable it to true.
legendary
Activity: 2576
Merit: 1655
August 06, 2019, 10:23:36 AM
#16
Thanks OP for mentioning my name,  Grin



Best is to use Google chrome and adblocker, also keep track on HTTPS
10 years ago that would be enough but today HTTPS is no proof of anything. It costs only a few $ or is even free and all it does is it creates a wrong sense that the website in question is legit due to the encrypted connection.

Correct, actually I open up a thread about that one, PSA: Cyber Actors Exploit 'SECURE' Websites in Phishing Campaigns - FBI
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 05, 2019, 10:33:39 PM
#15
This is good for google chrome browser users but how about for other browsers?

I've installed metamask before and whenever I landed to a suspicious sites, it gives me a warning but I have uninstalled it. I want to know if someone who's still using it and if its still working?

Yes, Metamask still has that feature as far as I know. But seriously. You really just need to stop googling websites that you know and already use anyway. Instead, simply accurately type it in on the address bar, and bookmark the page for future use. Problem resolved.
legendary
Activity: 2730
Merit: 7065
August 03, 2019, 03:22:39 AM
#14
Best is to use Google chrome and adblocker, also keep track on HTTPS
10 years ago that would be enough but today HTTPS is no proof of anything. It costs only a few $ or is even free and all it does is it creates a wrong sense that the website in question is legit due to the encrypted connection.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 02, 2019, 04:00:07 AM
#13
Additional point:
In previous posts, I wrote about important sites. For example, coinmarketcap.com, from which you can easily search for links to exchanges, Binance, Bitmex, Okex, and so on. It is good if you remember those sites, but if you don't remember, searching them from reliable sites, that you remember. Most of things in crypto can be searched with coinmarketcap.com (project's website, explorer, social channels, available exchanges, etc.). Honestly, I always begin from CMC, not Google.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
August 02, 2019, 03:50:24 AM
#12
I think people should be more observant and also not be too lazy to double check and to verify the link that they use on a daily basis. Some people simply click on a bookmark in their browser, thinking that the URL cannot be tampered with. They will simply click on links in emails, without verifying that the URL does not redirect them to a phishing site.

If a URL is short, just type it... it is as easy as that and also check the auto-completed part of the URL, if it is stored in the browser cache, because that can also be tampered with.

Simply be more observant and double check every URL, before you use it.  Roll Eyes
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
August 01, 2019, 09:09:21 PM
#11
Best is to use Google chrome and adblocker, also keep track on HTTPS
This is good for google chrome browser users but how about for other browsers?

I've installed metamask before and whenever I landed to a suspicious sites, it gives me a warning but I have uninstalled it. I want to know if someone who's still using it and if its still working?
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 08:24:01 PM
#10
The point is there is no phisers will build their phising sites to clone small, unfamous sites. They always target at famous sites, like the forum, Binance, Electrum and so on. I don't see issues to remember extremely important things in my life, such as my wife's phone number, my house address,  and it is the same for important sites in crypto. Just remember them (always narrow down your list of most important sites for your interests - less than dozen, maybe; then you will remember them). Always bookmark for cases you forget their addresses.
member
Activity: 422
Merit: 52
August 01, 2019, 11:27:36 AM
#9
There are few tools which detects phishing site. You should add them in your thread.

NetCraft: https://chrome.google.com/webstore/detail/netcraft-extension/bmejphbfclcpmpohkggcjeibfilpamia?hl=en
WOT: https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=en
HTTPS Everywhere :https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 09:10:09 AM
#8
Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds.

I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort.
Exactly!
I know that time, when the forum has running text warned about that phising attacks, and theymos created a thread to warn about it, too.
Hang on minutes, I will give you theymos' thread on this.
This one:
Electrum vulnerability allows arbitrary messages, phishing
Anyway, you made a point, that deserves to add in OP. Thanks.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 01, 2019, 08:29:10 AM
#7
If someone use the same computer, that already install Electrum wallet (for example), just click on link from the wallet to upgrade to newest version. There is no need to search for site of Electrum, then might get trapped.

Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds.

I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 08:20:06 AM
#6
You're right, however, for some cases (namely electrum) I still advise remembering it (electrum.org), just because one may need it on a fresh PC or a live OS.
But yes, for normal use bookmarking the proper site is also a great approach.

Anything, just don't search for it, because fake sites are often returned in the top of search results, and don't click onto links in e-mails, websites and so on.
Sure. It is the same with forum address. Anyone of us don't remember the forum address: bitcointalk.org. It is easy to remember most important sites. For the rest, use bookmarks, and spreadsheets.
If someone use the same computer, that already install Electrum wallet (for example), just click on link from the wallet to upgrade to newest version. There is no need to search for site of Electrum, then might get trapped.
One more thing, people should dedicate one computer for extremely important things: Wallets.
Their rest devices can be used for other stuffs: log in emails, log in exchange accounts, log in the forum accounts, and for entertainments.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 01, 2019, 08:17:22 AM
#5
Browsers have bookmark features to do it. Or people can save links of their most visited sites in their own ways (beyond bookmarks) for later use. No one can remember all site addresses.

You're right, however, for some cases (namely electrum) I still advise remembering it (electrum.org), just because one may need it on a fresh PC or a live OS.
But yes, for normal use bookmarking the proper site is also a great approach.

Anything, just don't search for it, because fake sites are often returned in the top of search results, and don't click onto links in e-mails, websites and so on.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 08:10:06 AM
#4
There are also browser extensions that help you finding out pretty easy if a site is legit or phishing.
However, the best approach is being careful and instead of searching for the websites on the internet, typing directly the correct address will keep you out of troubles.
Browsers have bookmark features to do it. Or people can save links of their most visited sites in their own ways (beyond bookmarks) for later use. No one can remember all site addresses.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 01, 2019, 07:49:15 AM
#3
There are also browser extensions that help you finding out pretty easy if a site is legit or phishing.
However, the best approach is being careful and instead of searching for the websites on the internet, typing directly the correct address will keep you out of troubles.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
August 01, 2019, 03:50:06 AM
#2
Nice post. It would be helpful to bookmark all the sites you visit regularly, and always review any new site before adding it to your list.
Never click on links from unsolicited emails, telegram messages or even PMs here on the forum.
Before clicking on edited links here on BT, hover over the link to view the original HTML or copy and paste the link if you're using a mobile browser.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 01, 2019, 02:55:05 AM
#1
Today, I saw this thread, started by @nakamura12, that reminds me that I read a few topics on the same issues with phishing sites and scammers.
A Reminder To Newbies!

I think it is helpful to generalize some basic strategies of scammers and methods of phishings.
  • Type #1: New domain names with additional prefix or suffix from famous sites' domain names
  • Type #2: Fake domain names with minor difference in unicode (that mostly not discovered by careless people)

Some basic examples for two types of phishing sites:
Type #1:
Code:
http://electrum.org.uk/
http://electrumclient.org/
http://downloadelectrum.org/
http://electrumsite.com/
http://electrumweb.net/
http://electrumupdate.com/
http://electrumproject.org

Type #2:
BitcoinTalk.org is the ONLY domain the forum has.
Exchanges (Poloniex, Bittrex, Binance have phising sites with unicode, but I still not find them for examples; so if you know such topics, please help):
I've just received an email from some scammer which asked me to review Poloniex's new terms of use.

But the link leads to:

https://secure.poloniex.work/


When you know they are phising sites, you should do two things:
Report them to Google
Like this
I check all sites from the list, the result is the following : First and last site from the list are loaded quite normal (no blocking from adblock, av or other security software), and other sites are blocked by my browser (Firefox) as Deceptive site ahead with the following warning :

Quote
electrumclient.org has been reported as a deceptive site. You can report a detection problem or ignore the risk and go to this unsafe site. Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org.



Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to Google. In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected.

It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software.

Protect your computers by editing your hosts file
Another one to be added to your hosts files then.

On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the hosts file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"

Add the following two lines to the bottom of the hosts file:
Code:
0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com

Your browser will now be unable to open those two phishing sites.

There are some of the most active users who keep updating phising sites:
- socks435
- Baofeng
- GreatArkansas
If you are a fan of bitcoin, use Electrum wallet to store your bitcoin, you should be careful with phishing sites that try to clone Electrum site and never stop popping up.

You should follow them to get fastest updates on phishing sites.

Warning!
Remember addresses of important sites are always the best!

Sometimes, links to upgrades provided by official wallets might be abused by attackers, so it will be the best if you remember exact address of sites (to download walelts, ie.)
Thanks @NeuroticFish by reminding me about it
Umm... a few months ago there was a huge problem: a vulnerability in Electrum allowed hackers show a custom message in Electrum, message that was not coming from Electrum developers, message that was showing a link and asking for upgrade. Whoever "upgraded" from there, got a fake Electrum that stole their funds.

I know that you meant something else, the entries from the help menu, but imho that's just a small step away and can lead to too much trust and .. sometimes problems. I think that remembering the address is much safer and not a big effort.
There is announcement of admin: Electrum vulnerability allows arbitrary messages, phishing



IMPORTANT NOTES:
- Don't arbitrarily click on links (using Google to search that link plus keywords 'phishing sites' or 'phishing' to check those links)
- Remember exact links of limited, but extremely important sites.
- Bookmark links of wallets, exchanges, forums (important sites).
- Report phising sites when you find them or know about them by other's warnings
- Using Host-file to deal with phishing sites

Read more:
- Tampering attacks!
- Punnycode attacks
- [LEARN] Phishing Quizzes - Beginners & Experts
- Host-file to deal with phishing sites
Jump to: