Let's talk #phishing on #nostr
The art of the catch is in being as deceitful as possible and mimicking something familiar that your target takes the bait.
Nostr clients (at least the web ones) allow you to login to someone else's account as read-only mode.
You can see their notifications and even see who has messaged them. It's even possible to know who the target replied back to, as standard message bubbles give it away.
Of course, the contents of messages cannot be read, as they're encrypted.
But, if you're farming for victims to pwn, and you see they DM'd an "influencer", it'd be easy to create a clone account of the influencer, register a near-match domain, get it NIP-05'd and then send your targets a DM.
I'd venture to guess not many (at least not many of the technologically inept) would take the time to validate the pubkey.
It would be great if there could be some sort of secondary auth for viewing notifications/messages when in read-only mode. Not the privkey, but a password or something else only the account owner would know.
This way, the account can remain in read-only mode without the ability to sign messages, but the things that should remain private, stay private and less susceptible to being used as phish bait.
As the saying goes, "trust, but verify". Stay vigilant #nostriches and ensure whoever DMs or replies to you is really who you think it is. There will always be malicious actors, but you can prep to combat them!
Is there a maximum character length on #nostr?
I couldn't find anything online.
I'll be glad when this is a native feature on #nostr #damus but for now... π€
#[2]
Get yourself an @verified-nostr.com address and #verify your #nostr account for free π
Get your #Nostr account #verified for free!
#nostr #sats #zap
Currently, our #nostr relays cover 3 major geolocations. I've wanted to add a relay in Africa, but holy shit are the VPS about 6x the price π³π€
v
Deew is weed backwards. I don't know what that means, but I think the match checks out.
Malicious #bitcoin #ordinals in the wild. Stay safe #nostriches
https://twitter.com/ShitcoinSherpa/status/1625239032518115330?s=20
You have to live here for a year, but you get 69420 β‘#sats per day. Are you #nostriches doing it for the #zap?
Need #ZapChart
Hey #[1] thanks again for your help with my NIP-05 verification the other day (under my name "based"), that I've decided to release 3 free relays for #nostriches to use.
ππππππππππ
πβ‘ππβ‘πβ‘β‘β‘π
πβ‘ππβ‘ππβ‘ππ
πβ‘β‘β‘β‘ππβ‘ππ
πβ‘ππβ‘ππβ‘ππ
πβ‘ππβ‘πβ‘β‘β‘π
ππππππππππ
β‘Add our dedicated #nostr relays:
wss://nostr-us.coinfundit.com (#USA)
wss://nostr-eu.coinfundit.com (#Germany)
wss://nostr-au.coinfundit.com (#Australia)
π They're #free and #fast
π€ SPREAD THE WORD #NOSTRICHES
Damus? Yea it's pretty shit at this stage. I'm sure it'll progress in its dev life cycle