Mini fraud to the maximum

An ambiguous reaction of the habosocommunity to my previous WebMoney Keeper Mini Extension article published on Habré prompted me to write the following ...

It turns out that many WebMoney users, having wallets in the Classic or Light keeper, are simply wary of connecting themselves to WM Keeper Mini, which plays into the hands of only the scammers, and not the users themselves. Why? About this under the cut ...


')
Any WM user who has a Classic or Light keeper can, at the system security site in ways to manage his WMID, install powers of attorney to manage his or her wallets from Classic or Light for WMID 128008643216 ( mini.webmoney.ru ). Simply put, connect yourself to the Mini Keeper ...

Now the problem itself - the majority of WM users either do not know about it, or deliberately do not do it! Well, it is still possible to understand those who do not know, but it is difficult to understand others! According to their personal conviction, they believe that by doing so they ensure maximum security for themselves in the system (I understood this from the comments on the article and the pluses on them) that they do not need the extra gestures. So, gentlemen and ladies, I must disappoint you - this is not so! Now they are taking away through Mini WebMans, and it’s as much as possible and as simple as possible!

Of course, I will give an explanation ...

I will not describe the whole process in detail here, I think no one will argue that a key file or certificate from WMID is often stolen on the network for accessing your money using trojans - that’s a fact. And it’s simply impossible to protect yourself from this by 100% - experienced programmers manage to catch Vinlokov (you can read it on Habré), but what to say to others? But getting access is one thing, and withdrawing money from your wallet is completely different. How, for example, to withdraw your money if you have to confirm transactions through Enum?

And here the keeper Mini comes to the aid of the scammers, which they already with great dexterity and, I think, even with great love, connect to your WMID'u themselves, set an entry password and use for their own purposes, and they do it instead of you ...
This is done simply - using a key file or a certificate, the fraudster authorizes on the security.webmoney.ru website, installs a power of attorney to the required wallet for Mini, then via Mini, with a login and password, displays your money ...
I have not in vain singled out that the fraudsters do this for you, because you could easily have prevented them and do it yourself , but for some reason some do not express such a desire.

But in the Mini there is nothing difficult, you just need to set everything up yourself, because by default there are not quite the right settings, to say the least, that is, login through login and password. So why do not we go there ourselves, ahead of the scammers, and then install and configure yourself all through Enum? What hinders us? Our laziness or misunderstanding of what is happening? After all, there has long been a choice:



I understand that the "little hole" is small, you need a key file or a certificate in advance, but it is there and fraudsters use it, for example, using phishing, as I described in this article: Phishing emails from WebMoney
It's nice that the article made many WM users think, after the recent actual mailing by Webman themselves about the necessary replacement of the old root certificate, which expired, they began to write posts “Carefully scammers!” Even on the official WebMoney forum.
By the way, also to say that after the release of that article to the main Habr, the fraudster immediately made himself known, you see, Habr reads carefully, and maybe hangs out here (my karma decently dropped then). I hope that this article will also go to the main page, so - hello, countryman, someday you will pierce and ruin your young years!

Scammers are now using new domains for phishing, but the fraud scheme itself has not changed, so why should we not deprive them of the ability to divert our bloodlines by installing Enum authorization in our keeper, on WebMoney and Mini sites? Enum they can not get around, and it is impossible to do it!

Ahead of the event, I’ll say right away that the user Gibarian in the comments to the article Your WebMoney under the protection of E-NUM quite clearly described the situation with WM theft under the protection of Enum from a famous blogger (link at the beginning of the article), making a mistake in one thing that does not change the essence, therefore Please do not give this example here, it is already acting on me, as on many BolgenOS. If there are other examples, we can consider them here, but I don’t know them yet ...

PS I hope not very tired of all my articles on WM security, but as they say, forewarned is forearmed!