Pretty interesting phishing clone of the superlist sub

This is a reminder to always be careful when getting the links for markets and other hidden services. I just came across another phishing attempt and thought I should share it with you publicly to highlight the creativity that some miscreants have when it comes to phishing.

Apparently not only market subs are the target of phishing but also the superlist sub itself. In a now removed comment in the RsClub announcement post the following link got posted: /r/DNMSuperlist/wiki/superlist#wiki_dream_market [careful it is a phishing link, more on that later].

It made me suspicious as dream was off the superlist, yet the user still linked the seemingly latest version of the superlist wiki page and the link was not broken when visiting it.

It took me a few seconds and looking around to realize that the sub was /r/DNMSuperist with an upper case i instead of a lower case L. As you can see it is specifically made to look like the legit superlist sub, although an old version of it was used as a basis. You can for example see that the link to the vendor-shop list is missing on the sidebar. However even the mod account names have been imitated which highlights why it is that important for us mods and other well-known users to also reserve similar-looking usernames when becoming a mod, or even better when creating our accounts.

There are also other giveaways like no posts in the fake sub itself. Plus the official superlist does not use hyperlinks for the hidden service addresses. We leave it in text so you copy and paste it. This makes it so that we can't mask the link with a link name.

The bottom line is it could be even more sophisticated but it already is pretty well-made. Plus you can see that there are currently over a hundred users in the sub getting actively phished. The user who posted that link is already banned but unfortunately he is also posting on other subs we have no control over [like /r/DreamMarket].

We recommend the mods on other subs to automatically filter any post or comment that contains the name of the phishing sub and to ban the posting user when you come to the filtered comment / post in the mod queue.

How can users avoid such pitfalls?


Comments


[29 Points] wombat2combat:

the phisher in question is https://www.reddit.com/user/peter-pepper so feel free to mass-report his phishing comments.

edit: please also message the mods of the subs in the mod mail where the user is posting his phishing links and ask them to apply the filter mentioned in the post.

edit 2: thanks to /u/AgoraMarket for his quick response and action who banned the user in his dream sub and added a filter for the phishing sub.


[20 Points] RalphiesEye:

You know all those people with missing deposits? The ones who are absolutely certain they weren't phished?

They were phished. People don't want to admit they were duped or tricked and will normally act violently when you suggest as such. Even the smartest people can be duped or tricked. So if you think you're "too smart or knowledgeable" then you're exactly the kind of person who will get duped if you haven't already.

This kind of elaborate set up just goes to show how easy it is for even smart people to get tricked. But again, people just don't want to admit that they're the ones who fucked up. It has to be something or someone else's fault. Not me, surely not me. I'm too smart for that.

Nobody is too smart for that, we're all capable of getting duped because we're all human. Except for me. I'm a dog. An FBI drug sniffing dog.


[2 Points] randomanalyst1:

It made me suspicious as dream was off the superlist

I lol´ed.

Wombat. People getting phished here left and right. Not to mention the people who scam via PM DD. And by god lets not even talk about blatant shilling for certain vendors and/or Markets.

You really should put up a warning up for the Sub mate. Or remove the whole Sub of course. After all it is the not because of stupid people but because of providing a platform for them.


[2 Points] ferRealBruh:

impressive phishing. unfortunately for lots...


[2 Points] JohnTSchmitz:

Even experienced users get duped once in a while. You're tired, in a hurry ... whatever. You send some coins to Helix ... sit ... wait ... what the fuck? And then you see the .com at the end of the URL ... and you realize that instead of using a bookmark, you absentmindedly searched for "Helix." Bam. You fucked up. You know you fucked up. You know how & why you fucked up. You consider going into the phishing site/link business yourself—it appears to be easy & lucrative. In the meantime, though, you resolve to be more careful and to always stay alert. Better order more meth. Gotta buy coins first, though....


[2 Points] Minuserall:

Lmao that's smart asf


[1 Points] ozzt2:

wombat2combat its LAW ..


[1 Points] randguy7:

Add libertas to the superlist


[1 Points] None:

[removed]


[1 Points] None:

[removed]


[1 Points] jakebyrd:

Thanks for the warning


[0 Points] 77cuttelatte:

It's more than likely PK (PhishingKingz) phony links to Dream is his favorite. He then uses the name & PW to double back & steal money from users.