Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
A simple way to protect yourself against Phishing attacks
by
rreeve
on 09/07/2018, 20:08:13 UTC
Please Note, this will not protect you against every Phishing attack you come across but it will protect you against a common attack using international domain names. As always you still need to remain vigilant online, especially in the crypto space.

An important step I take to avoid falling for certain phishing URLs is to make sure my browser always shows the IDN (international domain name) punycodes.

This is where bad actors will use an international domain name that looks almost identical to the real English version.
The URL could look identical except for a single dot under or above a letter.

See the difference between the two...

THE REAL URL: (Sorry the images are links, I'm not allowed to post images on here yet)
https://cdn.steemitimages.com/DQmVMxTENaskjhYPMa4FATumxra2ogbnDkrLUBX6gZdt42X/punnycode2.png

THE FAKE URL:
https://cdn.steemitimages.com/DQmNoP9HoH5B3fS3DXjRP7KKpKg86X3BiHyprXnyyX3HBxH/punnycode1.png

As you can see, it's EASY to miss the dots and visit the wrong website.

But, if you had punycodes visible in your browser address bar. This is how that fake address would look:
EXPOSED FAKE URL: https://cdn.steemitimages.com/DQme6K4n4rzxzinHkbxhu5baj6PDU1mT8pyqcaKdk89uMQj/punnycode3.png

It's now easy to see the fake address.

I use firefox which has punycodes disabled by default. I think this is terrible but I guess they have their reasons.
However, with a simple edit, you can change this in your Firefox config page.

In your Firefox address bar type in: about:config

Now in the search box type in: network.IDN_show_punycode

Now simply click on the listed item to change it to True

And that's it. Now you are much safer in the crypto space when it comes to international domain names.

REMEMBER, this will not protect you against every Phishing attack you come across but it will protect you against a common attack using international domain names.

Chrome Browser
This doesn't work with Chrome or any other browser. I'm not sure how to do this in the Chrome browser but there will be a way.
If anyone else knows how to display Punycode in Chrome, I would be grateful if you could tell us.