Security and stuff

Hello, i don’t really know where to place this post/message.

Just to comment that even when I have been using online banking several years through mainly IE and chrome it wasn’t till a couple of weeks when I was using brave that I had problems with my bank account security

I was victim of a phishing attack as result of searching the name of my bank services provider on the internet through google search provider for brave, instead of typing directly the url address or clicking the appropriate shortcut. I clicked in one of the first results thinking that they would be legit adverts, as they usually were, but they were not.

Soon they called from my bank to ask me about strange transfers and I denied those. So luckily everything ended well.

I use brave with some legit apps installed from chromestore so I don’t know how this could happen (it might come due to any other installed software on my pc, but i tend to think that’s the less probable)

I leave this message to see if there’s something that might need a revision or what, cause i was quite happy with this browser till this happened.

Hey commun,

I’d like you to provide some information:

  1. When you went to this website, were you warned beforehand?
  2. Can you provide your exact search terms for us?
  3. Can you tell me what extensions you have installed?

Hey.

I don’t know what do you mean by warning, but I don’t think I read one.

The tearm I introduced on the URL bar was the sole name of my bank

I have this extensions:

bookmarks clean up 0.10
quick bookmark cleaner 1.1

category tabs for google keep 18.3.3
google keep one click 4.22…

camelizer 3.0.10

Google translate 2.0.9

url shortener 1.2.6

ublock origin 1.35.2 (deactivated)
vpn zenmate 7.6.0.0 (deactivated)
Touch vpn proxy 4.1.0 (deactivated)
hotspot shield vpn 5.0.4 (deactivated)

(the latest came imported from google chrome but all installed through chrome store)

Indeed there are many fake ads regarding Brave which looks exactly same or similar!

I just found one which looks suspicious >> https://try.bravesoftware.com/

https://brave.en.lo4d.com/windows
https://bravebrowsermax.us/

Is this legit or a fake one!?

@commun,
Do you know for a fact that the site you went to from the Google search was illegitimate? Or is that just an assumption?

Some folks whose judgement I respect only conduct on-line banking using a virtual machine. With browser-based on-line banking, I begin any transaction with a freshly-opened browser with no other open tabs or windows. Once I complete a banking transaction, bank sites I visit strongly urge closing the browser I’m using. Which leads to: what (if anything) were you doing with your browser before visiting a bank site? And, did you close your browser after completing your banking transaction(s)?

@redbike9 I had some other tabs in sites like amazon, or some other places that are probably considered secure, Nothing different than other occasions. I am aware that are many methods to do safer online banking, but I dont feel pragmatic to run a virtual machine everytime you want to check the status in your bank account or get a certificate or have a particular device to do just those kind of things.

The problem came while the browser was open, cause I had no time to close it when my bank was calling me.

I know since phising attack was successful. I realized all at once. When I was reintroducing some data they asked to “grant safe access”, right after entering my pass in what seemed the official site, I checked the url bar and I saw a troubling but quite similar address to the legit one. Right after I re-introduce that data -like a minute or two after- bank called to me.

@commun,
While I do apologize that this has happened to you, this doesn’t appear to be a Brave related issue. A phishing attack involves sending fake/spoof messages (or sites, or emails, DMs, etc.) in order to get user(s) to submit their sensitive information.

There’s no software interaction needed to steal this information it was entered by the user. If you have/can find the link to the site where this happened, you can report it here:
https://us-cert.cisa.gov/report-phishing

Hey its me (i forgot the password of the other account)

After doing some test, a couple of days ago, I still got some fake results. The website in particular is the bank “openbank”. The first couple of entries in the search result are normally an advert -I don’t know who is the responsible for this adverts. I show what I got in one occasion:

As you can see, the result has nothing to do with the bank, but when you click on it, you are redirected to a fake website, which I show below: (the legit website is https://www.openbank.es) In some cases I think that was shown the legit website address in the advert (anuncio), but redirected to a fake site (https://www.clientes-openbank.com/es/ in another occasion)

Some notes:

-I’ve got adverts as result of a search In “new incognito tab” as well. I don’t know if this is supposing to be that way. If I know right, extensions are disabled in incognito mode.
-The browser didn’t warn in any case about unsafe website in the first place. Right after refreshing a couple of times, the browser would warn about the unsafe website.
-Pasting that url in Chrome and hitting enter, would result in an immediate warn.

-The websites don’t last online much time. After some minutes they seem to be removed.

-Fake adverts don’t appear all the time. Actually they seem to appear seldom since I’m trying to replicate the problem and it doesn’t happen again.

Bearing in mind that all the extensions I’ve got installed were downloaded from chrome store, and brave was downloaded from official website, I seriously doubt that the appearance of this fake adverts, using google search engine provided in brave, are caused by any other external factors, and this has never happened to me clicking in legit adverts with chrome or IE.

So, I leave it there for any to draw their own conclusions.