Keep your Bitcoin Fund safe, Be wary, Be Safe before Clicking
We have seen lots of news on the internet about how an individual lost his Bitcoin and other cryptocurrency due to phishing and hacking events. Here is one of the articles that states phishing as the culprit in how a person loses his Bitcoin.
Ledger wallet user reports 10 BTC loss — Community blames phishing
Although clicking links does not automatically infect our system with malware or does not automatically phish our information, the next step after clicking the malicious link is the culprit since we ought to supply the information required for log-ins, and other authorities that we might unknowingly be granting the culprit due to phishing sites. So I believe it is best to solve the possible problem before it even occur.
With this, I wanted to share some information that might be helpful in identifying if the link is malicious or safe in order to minimize the chance of losing our Bitcoin fund from any possible malicious or phishing attempt. This information can be seen in this site : 21 Tips to Check If a Link Is Safe Before You Click
And among those lists, I wanted to emphasize this one:
Watch Out for Sneaky “Look-alike” Links
This scheme uses a homograph attack where the link looks exactly the same as the original one but they are actually entirely different. See the article example:
We can't see the difference do we?
But well, they are different since one is in full Latin while the other one uses Cyrillic on "a" or "app" and Latin the rest of the letter. Although these two seem to look like the same link, they are different.
Although most modern browsers flag this kind of attack nowadays, it does not hurt if we have the knowledge about this homographic attack and how we can address this issue. Besides scammers and hackers have ways to bypass these blocking/flagging methods of browsers.
If in doubt we can check the composition of the domain by copy-pasting the link and check it on the text editor to see whether there is trickery or not.
We can also use the following tools:
https://www.punycoder.com/
https://unicode-explorer.com/
Here is an article that shows how homograph attack mimic blockchain.com to scam cryptocurrency users. : https://umbrella.cisco.com/blog/keeping-your-crypto-safe-as-cryptocurrency-phishing-attacks-soar
It is also reported that homographic attack is also used to phish out information by Attacking Signal, Telegram, and Tor Browser with homographs[1]. Through the years homograph attacks have been used by many scammers, hackers, and spammers to phish out information from unsuspecting victims. And the best way to combat this kind of spoofing activity is to have full knowledge of how it works, the strategy, and the scheme of how it is laid out. This way, we will know that it is an attack just by one glance at the link.
So I guess it does not hurt to have a glance at the following site on how to detect and avoid homograph attacks:
Homograph attack: What is it and how to avoid it
Homograph attacks: How hackers exploit look-alike domains
How to deal with homograph attacks
[1] https://portswigger.net/daily-swig/lookalike-domain-phishing-attacks-threaten-signal-and-telegram-users
Ledger wallet user reports 10 BTC loss — Community blames phishing
Although clicking links does not automatically infect our system with malware or does not automatically phish our information, the next step after clicking the malicious link is the culprit since we ought to supply the information required for log-ins, and other authorities that we might unknowingly be granting the culprit due to phishing sites. So I believe it is best to solve the possible problem before it even occur.
With this, I wanted to share some information that might be helpful in identifying if the link is malicious or safe in order to minimize the chance of losing our Bitcoin fund from any possible malicious or phishing attempt. This information can be seen in this site : 21 Tips to Check If a Link Is Safe Before You Click
And among those lists, I wanted to emphasize this one:
Watch Out for Sneaky “Look-alike” Links
This scheme uses a homograph attack where the link looks exactly the same as the original one but they are actually entirely different. See the article example:
We can't see the difference do we?
But well, they are different since one is in full Latin while the other one uses Cyrillic on "a" or "app" and Latin the rest of the letter. Although these two seem to look like the same link, they are different.
Although most modern browsers flag this kind of attack nowadays, it does not hurt if we have the knowledge about this homographic attack and how we can address this issue. Besides scammers and hackers have ways to bypass these blocking/flagging methods of browsers.
If in doubt we can check the composition of the domain by copy-pasting the link and check it on the text editor to see whether there is trickery or not.
We can also use the following tools:
https://www.punycoder.com/
https://unicode-explorer.com/
Here is an article that shows how homograph attack mimic blockchain.com to scam cryptocurrency users. : https://umbrella.cisco.com/blog/keeping-your-crypto-safe-as-cryptocurrency-phishing-attacks-soar
Quote from: https://umbrella.cisco.com/blog/keeping-your-crypto-safe-as-cryptocurrency-phishing-attacks-soar
How attackers target Blockchain
Malicious actors which target Blockchain.com still utilize homograph attacks. These attacks are based on standards of the modern internet that allow the creation (and display in web browsers) of URLs with characters from various language sets (with non-ASCII letters). In the example below the real URL is login.xn--blockchin-c3a[.]com, but when rendered by the browser looks relatively legitimate. The issue is worse on mobile devices where the URL is not always displayed in full.
These fraudulent websites are distributed through a variety of methods including email, SMS text messages, social media, and search-engine advertisements. On average, such campaigns last for three to seven days and affect 20 to 40 users daily.
Malicious actors which target Blockchain.com still utilize homograph attacks. These attacks are based on standards of the modern internet that allow the creation (and display in web browsers) of URLs with characters from various language sets (with non-ASCII letters). In the example below the real URL is login.xn--blockchin-c3a[.]com, but when rendered by the browser looks relatively legitimate. The issue is worse on mobile devices where the URL is not always displayed in full.
These fraudulent websites are distributed through a variety of methods including email, SMS text messages, social media, and search-engine advertisements. On average, such campaigns last for three to seven days and affect 20 to 40 users daily.
It is also reported that homographic attack is also used to phish out information by Attacking Signal, Telegram, and Tor Browser with homographs[1]. Through the years homograph attacks have been used by many scammers, hackers, and spammers to phish out information from unsuspecting victims. And the best way to combat this kind of spoofing activity is to have full knowledge of how it works, the strategy, and the scheme of how it is laid out. This way, we will know that it is an attack just by one glance at the link.
So I guess it does not hurt to have a glance at the following site on how to detect and avoid homograph attacks:
Homograph attack: What is it and how to avoid it
Homograph attacks: How hackers exploit look-alike domains
How to deal with homograph attacks
[1] https://portswigger.net/daily-swig/lookalike-domain-phishing-attacks-threaten-signal-and-telegram-users