Skip to main content

Securing our Coins.ph Account: How to spot phishing sites by looking at the link

By
Coins.ph has discussed 5 tips on how to guard ourselves from phishing on their blog and the number one tip reads "Look closely at the URL before you click"
Screenshot of a message I received containing a link to a phishing site with thumbnail that resembles the homepage of Coins.ph.

For me, if I were to also write some tips that would also be number one in my list because for me it's really the most important thing to do. Since Coins.ph didn't discuss more of that, I want to expound this and give some examples so we would better understand how to differentiate malicious sites from the legitimate one.

I want to focus on the URL or link as what we call it and give you examples with link identified as a phishing site and also legitimate coins.ph link and legitimate sites and discuss their differences.

  1. https://coinsph.wixsite.com/claimnow
  2. https://app.coins.ph/bills-payment
  3. https://coinsrewards.wixsite.com/5000php
  4. https://support.coins.ph/hc/en-us
  5. http://coins.com/

My Question is, from the given 5 links, can you identify the legitimate link(s) of Coins.ph?

Let's dissect and discuss the basic parts of URLs using the link #2 "https://app.coins.ph/bills-payment"

Here are the basic parts of web links or URLs:

  • Protocol: https://
  • Sub-domain: app
  • Domain Name: coins.ph
  • Path: bills-payment
The most important thing to remember here is the domain name as that is the unique reference that identifies a website on the internet and that cannot be the same with anyone. Also, the domain name DOES NOT CHANGE WHEREVER YOU ARE NAVIGATING IN THE LEGITIMATE WEBSITE other parts changes. 
Take this another example: http://blog.coins.ph/post/124135233529/security-tip-how-to-guard-yourself-from-phishing

Look at the texts with red background. Is it the same with the domain name in the example given above? (basic parts example) Aren't they exactly the same? YES they are the same you are absolutely right! Is this link a legitimate coins.ph link? If you answered YES then you are correct because even though the sub-domain has changed and also the path, they are still under the domain name "coins.ph"

REMEMBER: protocol, sub-domain and path might change but if the domain name is the same, THAT IS STILL A LEGITIMATE LINK.

Here are other samples of legitimate Coins.ph links:
  • http://blog.coins.ph/post/124908532339/coinsph-account-extra-secure-with-two-step-verification
  • https://support.coins.ph/hc/en-us/categories/202511708-Getting-started
  • https://app.coins.ph/user/
At this moment in time, you should now be able to tell the legitimate link(s) of Coins.ph from the 5 links given above? Give me the corresponding number. Is it only #5? or #2 and #1?

If your answer is only #2, then you are WRONG, if you chose #5 you are absolutely WRONG, only #4? Very WRONG. The correct answer is both #2 and #4 are the legitimate Coins.ph link. Why? Just look at the domain names of the given 5 links. I am highlighting each of their domain names in red.
  1. https://coinsph9.wixsite.com/claimnow
  2. https://app.coins.ph/bills-payment
  3. https://coinsrewards.wixsite.com/5000php
  4. https://support.coins.ph/hc/en-us
  5. http://coins.com/
So you are asking me why #5 is not a legitimate Coins.ph link. The link #5 might be legitimate link but is certainly in a DIFFERENT DOMAIN NAME (coins.com) which made it not a legit Coins.ph link.

So that was it. I will be posting about social engineering soon so we will know how that kind of attack works so well to unsuspecting users like most of us.

Labels:

Comments

Post a Comment

Popular posts from this blog

PROVEN and TESTED: Step-by-step guide to Register Alumni Association with SEC Philippines

By Jeffry Manhulad
Registering and Incorporating your High School or College Alumni Association with the Securities and Exchanges Commission (SEC) is a straightforward process now especially that SEC already have an online process. Here is how we registered our Non-stock and non-profit alumni organization with the SEC in less than a month process. Prepare the personal information of your incorporators Before going to the SEC website, you will the the following information of your incorporators prepared: Complete name such as their first name, middle name, last name Birth date Address, and  TIN number Use the SEC eSPARC Online Company Registration Go to the SEC website and look for the Online Services and select SEC eSPARC and click on the Regular Processing. Alumni associations are non stock corporation so you won't be able to avail of the OneSEC Processing. Remember the following important step: Select the nearest SEC office from your area, you will need to bring the signed and printed copy later o
Post a Comment
Read more

Reaction Paper for the movie The Count of Monte Cristo

By
The Second Part of the Reaction Paper on the Count of Monte Cristo Movie. The Count of Monte Cristo is a great story that helps you to realize how far the reaches of vengeance can really go. When the Count is going around ruining people it seems like he is more of a machine than a person. It seems like he has no emotions and can’t forgive the people who hurt him. Although some people might argue that the people who wronged the Count truly had what was coming to them, some of the Count’s actions could be seen as unnecessary. In the end everyone will be punished or rewarded by God and you shouldn’t be worried about what other people do or say as much as you are worried about yourself. “God will give me justice,” this line which was engraved in the wall on the prison was retained on my mind when I watched the movie” The Count of Monte Cristo.” This movie amazed me very much because of its excellent theme. I really like the story because it has a mixed of drama, suspense and rom
Post a Comment
Read more

Pluggle Review: 6 Reasons Why I doubt Pluggle and Why I'm Not Joining

By
First thing first, I am not concluding that this Pluggle is a scam because as per my observation and as far as my knowledge is concerned, people including my close friends seems profiting from this scheme and got the money they invested into it in a short period of time, and with profit ( although I'm sure the return of investment they got was paid by the people they invited and not from the company itself ). I think there's no doubt as to their legitimacy because, YES they are legitimate and are registered with the Securities and Exchange Commission of the Philippines as PLUGGLE INC. Are they scam? " Scam " is defined as a " dishonest scheme or a fraud ", are they being dishonest? I think no because they intend to do what they say. Are they " fraudulent "? Fraud is defined as " wrongful or criminal deception intended  to result in financial or personal gain "? This is also vague but I think I was struck by the last pa
Post a Comment
Read more