[How to] Newest Phishing Sites (e.g. EOS, Binance) + How to Protect Yourself

in #eos7 years ago (edited)

The newest phishing sites (e.g. EOS, Binance) are almost impossible to detect and you need to protect yourself if you don't want to lose your coins.

The problem itself is know since a year but the protection which is offered by Chrome or Internet Explorer doesn't work in all situations.

phishing.png

Problem #1: Punycode

Punycode basically allows registering domains with foreign characters e.g. Russian, Chinese or special German characters (like ü). [1]

The domain is registered as

"xn–pple-43d.com"

but shown in your broswer as

"аpple.com"

because it uses a cyrillic "а" (U+0430) instead of an ASCII "a" (U+0061).


Let's Test!!

Disclaimer: There is no EOS ERC20 token airdrop and will never be. Please don't confuse this with the Everipedia airdrop.

You can test it for yourself by using Google.com and search for the fake "EOS.com Airdop" which is a phishing site(!):

If you zoom into the picture you can see that there is an underline below the letter "e".
pic1.png

Important: It doesn't matter if the URL is displayed in the search results or above them as an advertisement.

If you open the phishing website you can also see that it has a valid SSL certificate:
pic2.png

Another phishing example: Binance [2]
pic3.png

Do you notice the underline below the letter "n"?


Problem #2: Microsoft and Google

Microsoft and Google think that it's a good idea that they decide about guidelines [3] in which cases you will see the originally registered domain ("xn–pple-43d.com") or the foreign characters ("apple.com").

Do you get the sarcasm?

Of course those guidelines are not working for our "EOS.com Airdrop" phishing site example: "xn--os-g7s.com/airdrop/". (Tested Feb. 19, 2018 with IE11 and Chrome 62).

Not tested with Opera. Firefox offers a solution to completely disable foreign characters in your URL but you need to enable it.


The Solution

Of course you can use extensions for Chrome [4] or Opera but why should you install custom extensions for everything?

Firefox offers the best solution for me because it allows me to disable foreign characters in the URL bar:
pic4.png

Set the following value to true by double-clicking on it:

network.IDN_show_punycode

The limitation of the above solution is that e.g. Chinese, Russian or German people won't see beautiful URLs in their language but that's OK for me.

At least I can see that I need to be very cautious with this site:

pic5.png


Resources

[1] https://www.xudongz.com/blog/2017/idn-phishing/
[2] https://www.reddit.com/r/CryptoCurrency/comments/7ymfs2/be_careful_out_there_folks_this_is_a_phishing/
[3] https://www.chromium.org/developers/design-documents/idn-in-google-chrome
[4] https://chrome.google.com/webstore/search/punycode?hl=en
Cover image source: https://pixabay.com/en/pictogram-humor-swimmer-triathlon-1616725/

Coin Marketplace

STEEM 0.21
TRX 0.20
JST 0.033
BTC 93762.05
ETH 3095.20
USDT 1.00
SBD 3.01