Protect Your Money from Scams & MalwaresteemCreated with Sketch.

in #security7 years ago (edited)

MALW.png



Now that more and more of our money is digital, the number of digital threats is just increasing, so people have to be extra vigilant about them, especially scams in cryptocurrencies. There are still many phone scams, where they phone old ladies and try to extort them for money.

But most scams now, are typically phishing, distributing malware or just plain classic confidence tricks.

People have to be extra vigilant about them, so let’s see what can you do to protect your money.




hacker-3081816_640.jpg


I. Phishing Scams

Phishing scams are when criminals setup fake websites mimicking legitimate ones in the hopes that you login into the fake one giving up your passwords to them, and then they will login with your password into the real one, and steal your money or identity.

Typically it works like they change some similar looking letters, for example: g0ogle.com instead of google.com

Now that can be avoided with just double checking the URL, however the issue is actually worse.

There are invisible Unicode characters, so it’s possible to have an entirely fake google.com website on the legitimate domain name. Or they could hack your browser or hijack the connection, there are probably many ways.

The basic defense is this:

  • Bookmarks

Yes bookmark every important website and only login from the verified secure link. Don’t Synch your bookmarks online, that is stupid, since then they could hack the online server, and still swap your bookmarks with phishing ones.

Just keep it local, in Firefox you can export them into a .HTML file and back that up into a USB, just keep everything local, don’t use cloud bullshit, that is insecure.

Now what happens if you go to the fake URL the first time?

This is the main problem, how do you know the website you visit the first time is the legitimate one? Since if you bookmark the fake one, you will become a victim?

And keep in mind that HTTPS websites are not necessarily trustworthy, since hackers are now buying SSL certificates, just because a website is HTTPS that doesn’t mean it’s legitimate.

The best example of this was the recent phishing scam of Etherdelta.com, where unknown scammers setup fake Etherdelta websites, all of them HTTPS, and a lot of ETH was stolen as a result.

How to authenticate the website?

There is only 1 way to make sure the website is legit by cross-verifying multiple times the fingerprint of the certificate.

For example let’s authenticate Steemit.com:

It should be a HTTPS website, only those are secure by default, so go to Steemit and click on the green lock icon next to the URL.

Click on the right arrow and click on “More Information”:

steem.png

Click on View Certificate:

cert.png

And there you see the Fingerprint of the SSL Certificate:

fing.png

Save the SHA256 fingerprint into a text file, it should be:

4C:8B:C3:E2:B9:51:06:99:59:D3:B0:FC:71:BD:B8:B2:21:C1:64:35:9B:9B:CA:83:60:D4:F8:C6:1F:51:10:F4

This will be your reference point, the authenticator for Steemit until 2019, so assuming your PC is not malware infested, you can now verify the website against this.

Now close your browser, and reopen it again, and in separate tabs go to:

  • Google
  • Yahoo
  • Bing
  • Wikipedia
  • DuckDuckGo

Type in Steemit in every search engine, and go to Steemit from their first search results.

Open the Steemit website in each tab going there from the search results in each search engine.

So you should have 5 tabs open with 5 Steemit websites from their search results.

Then just check each Steemit website’s SHA256 fingerprint against the fingerprint you just saved.

If they all match, then you can be sure that the Steemit websites are all the same and legitimate, so now you can bookmark one of the Steemit websites.

The only way this method fails is if all of the search engines are filled with phishing links at the same time.

Search engines, especially Google takes down phishing websites very quickly, so if you are paranoid, you can re-verify it 1 day later for example and if the SHA256 fingerprint still matches, then the website is genuine.




email-email-447458_640.jpg


II. E-mail Scams

I constantly get e-mails that my Paypal account was suspended for suspicious transactions so I should login to clarify the situation.

The funny thing is that I don’t have a Paypal account anymore, closed it some time ago, and I used a different e-mail for it. Plus the URL redirects to a shady Russian web domain, and an anti-virus scan of the website suggest that there is 15 malware javascripts on it, so predictable...

So some scammer probably saw that I used cryptocurrencies and is probably trying to make me download malware.

You e-mail can easily be collected, even if you just publish it on a forum, there are bots out there that collect e-mails from forums and such, and then they send you automated malware links.

There are multiple ways you can defend yourself:


1) Obviously don’t keep money on your computer, instead use Hardware Wallets


2) Use different e-mail accounts, “1 official one” for banking and official duties, that you don’t give out to anyone except official services, and 1 popular one that you use for social media and other trivial stuff.


I use a different e-mail account for my banking, tax account, pension account, etc. I only use that e-mail for that, and I don’t write it down anywhere, not even giving it to my friends, since they could inadvertently copy it somewhere and give it to phishing scammers. So far I never got any scam solicitation on that e-mail.

And a different e-mail for social media, and trivial stuff, like Steemit, Bitcointalk, and such….


3) Disable link prefetch, this is very important. Firefox by default pre-loads URL’s. So even if you don’t click on a link, the mere fact that you are on that page, can theoretically infect your computer.


This is very important, I have already covered this here:


4) Selectively Enable Javascript


You can disable Javascript entirely, but that would make all websites unusable, including Steemit.

Instead you can just selectively enable Javascript, so by default it blocks everything, and you only allow it on trusted websites.

95% of malware spreads through Javascript, so by doing this you improve your security massively!

All of it is explained here, read this article:


5) Don’t go to shady websites


So this means don’t torrent, and don’t go to shady porn websites, including don’t click on shady ads.

I see many shady ads with like cartoon characters with big breasts, saying “the hottest video game ever”. Now those ads are cancer.

Those ads appear on many websites including shady Bitcoin related ones, just don’t click on them.

In fact better, use an ad blocker, I recommend uBlock Origin, as other ones became a little bit shady.

So all of it is described here, read this article:




get-me-out-1605906_640.jpg


III. Confidence Tricks

Here only basic logic and due diligence will save your money. Obviously “Bitcoin Doublers” are all ponzi schemes. In fact many of them are just outright scams, you send your money in and they pocket it all.

And anything that sounds too good to be true is usually not. It’s funny because I made a lot of % profits with altcoins, so I should be the best disproof for this theory.

However 2017 was a very unique year, and I doubt it will repeat again, so whenever you see cryptocurrencies that offer 1000-5000%, usually just avoid them.

Just read the reviews, have trustworthy people vouch for them, and investigate the developers and their past to see whether they are trustworthy or not.

I usually don’t talk about scams, so if you just follow my filter, you can already avoid many scams. I don’t give investment advices, and you are certainly responsible for your losses, but you can still follow my opinions at your own risk, if you think my word is worth something. (Hint: It is, I made 4000% ROI with Steem alone)



Sources:
https://pixabay.com
https://www.pexels.com


Upvote, ReSteem & bluebutton


Sort:  

wow nice ! thank you for your support now we can check account! i can still follow my opinions to avoid from scam! thanks you for your kindness!

This is an interesting article, scammers are trying everything to steal data and money.

I will use the tips mentioned. Thank you for the article.