Www.biṇaṇce.com

www.biṇaṇce.com

Other urls found in this thread:

irongeek.com/homoglyph-attack-generator.php
xn--80ak6aa92e.com
twitter.com/NSFWRedditVideo

top kek

Better than the other scammer who keeps shilling his .wtf address here.

thats next level

what am i looking @

Those addresses are most of the times just the legit site with a referral link since ref links are banned here. That being said, do not use any of those links.
Is there any way to restrict my browser to ONLY access certain sites? (Bittrex, Binance, gmail)?
If I do that on the router it would block the windows updates and shit.

Fake / scam copy of Binance. Log there and they likely steal everything you have in your wallet. Might keep your dust though.

Both 'n's are Unicode shit that I didn't know were allowed on domain names

Do people really not use 2fa though?

They aren't.

Oh shit, I didn't even notice the little dots
That is impressive and going to fuck a bunch of people
If the fucking "send me 0.5 ether" shit still works after Vitalik mentioning it 50 times already, then this will make hundreds of thousands

I'm guessing the scammers might ask for 2FA, which prompts the user to enter it, and they then log in right away with your account with that 2FA code. Aside from having to act quick, it wouldn't be much different than phishing for username and password.

Many don't

irongeek.com/homoglyph-attack-generator.php

I have one for EtherDelta

That would be pretty difficult to pull off because the 2fa code goes fasst but they probably ask for the reset code or something like that

Also many don't use 2fa because they're lazy

it's not a scam, it just is a dns redirect or whatever the fuck that goes to his binance referral. still pretty shitty, but not phishing.

But how did he register the domain though? Surely they don't allow that

It doesn't matter. They show a fake 2FA screen and pretend anything u enter is correct.

Only flaw is they don't know to show the 2FA screen. People have it on and they don't they find out. People have it off and they show it, people are like wtf.

It separates the real retards, they don't wonder why they did or didn't see the 2FA screen and get their shit stolen.

Right but how are they going to login with your details if they don't have your 2fa code?

No but I mean the purpose of them phising is to get the real info. They will need the real 2fa on the legit binance when taking the funds

I'm guessing

1. Have the user enter login and password on their scam site. Accept whatever the user enters.
2. Show a fake "Enter your 2FA" window, accept whatever the user enters.

3. Use a bot to log in to the real site with the stolen credentials and start cleaning out the account.

4. Back on the fake site, show a 'under maintenance' or 'there is a problem with our servers at the moment, please try again' or whatever message so the user waits a bit while you empty his account. Or just don't show anything, if it's all automated, he's probably locked out of his real account by now, and he won't have to time to do anything before the scammers are done with it.

They do. Just hop on over to Godaddy and the domain is yours. You have to input it like this:

xn--80ak6aa92e.com

And it looks like Apple.com if your browser hasn't been fixed yet.

Here's a much more comprehensive article:

www.theregister.co.uk/AMP/2017/04/18/homograph_attack_again/

And how about the email confirmation for withdraws?

Chromium cannot tell the difference between www.binance.com and www.biṇaṇce.com

Search binance, biṇaṇce got highlighted

binance.com

think about what you could do with cyrillic substitutes
Cyrillic o looks 1:1 exactly like latin o. It's the same glyph, just a different Unicode entry.

Oh shit yeah, a bot would make it much easier. While they're busy on the phish site their real account is being ransacked in real time!

Most people use similar/same passwords for email.

Interesting

No idea. Maybe they can change the email that's in the profile. All I know is that if they do these scams, they must have a way.

Holy shit, I literally had to look 3 times.

Or they feed them an "error we're currently running maintenance" bullshit message to drive them off after they've entered their info and then the victim goes about their day not knowing that they have been hacked until much later by which point their shit is all gone

I guess. It kind of depends on them not having 2fa on their email and a similar password. I think it would be easier to use the fake twitter profile doubling money meme

What if the 2fa login page is legit? Like, it shows failed for you but the attacker is logged in on your real Binance account.
Still doesn't make too much sense because they would need another code to withdraw but idk

A lot of them were already taken for a bunch of the good sites. I couldn't get anything close to Veeky Forums, Bittrex, Poloniex, Liqui, Yobit, Nova, and CMC. But I did manage to get a good one for EtherDelta. Still haven't used it for anything though. But that there are so many of them already snapped up means either this attack is going to be more common, or the sites in question bought up their homoglyphs so they wouldn't have to worry about it. I don't think the last one is the case though, or they would have set up a redirect on it and been done with it.

My guess is they ask for the actual code that you can use to backup 2fa

Yeah, the more complicated a scam is, the more things can go wrong. Probably why those Twitter giveaway scams work so well...

MY LINKIES

GONE !

I can't understand how anyone would fall for "GET FREE ETH :D" scams, but I do remember something very convincing a while back: some ETH token presale ended very quickly and a lot of people were assmad for missing it – soon after the sale ended an official-looking Twitter showed up saying something like "Missed the pre-sale? There are a few thousand people who canceled their order, so there's still a chance for you to get some leftover WhateverTokens. Just use the backup address 0x[scam ETH address]"
And man, it worked.

My guess is they run a script on the real binance immediately after you enter your 2FA. The code you entered isn't expired yet if they do this fast enough and they are logged in.

Or they simply put a sell order of any shit coins at a very expensive price, then buy it with the scammed account.
No e-mail confirmation needed.

Yes, there are better ones than that as well. For example, I've seen one using email spoofing so the victim receives an email that looks legit, looks like it was sent from the actual domain of X ico unless you check the headers of the email, saying the same thing, "post-ico sale" bullshit. Happened for the Oddyssey ICO, the Blockarray Ico, etc.

Can't get past the binance captcha tho?

> Is there any way to restrict my browser to ONLY access certain sites?
It should be possible if your browser has a Whitelist feature, if not, look for an addon that does that. I'm sure there must be one.

Have to enetr 2fa before you can buy or sell too

To be honest that captcha dragging the puzzle piece is the easiest one a computer could do.

Well if they can get past that then yeah, that is probably what they do. Wonder how much they make because it must cost to set up all of that

Actually anons, I have a better idea.

They give them their address for deposits. They don't want what people have on binance already, instead the victim's coins they are trying to move onto binance.

Huh.
If the process is done quickly enough by a bot, they could use the same one the user gave at the first place. Is that possible?

How would they change the email?

They could just set a really low buy order for their coins

Also, anyone who doesn't have their exchange bookmarked is retarded