Phishing

Keep hearing a lot about phishing on AlphaBay lately. Can't the admins add some simple feature to detect phishing messages and alert the user? Phishing messages will have some "official" sounding words and phrases, mentioning "admins", "supprt", "account security", "Alphabay support," etc. and also an onion link.

Maybe if enough of these things are detected the admins could be alerted and the page could display a big red warning message "THIS IS PROBABLY A PHISHING ATTEMPT" or something for the user.


Comments


[6 Points] alphabaysupport:

We already have warnings in messages, but phishers find ways to go around the warnings by doing things like "replace the 0 by o in 0nion" or things like that, and people STILL fall for it. We do the following:

And despite all that, people still find ways to get phished, and accuse us of stealing from them. If people still get phished despite all that, they should probably stay away from the darknet.

We even saw people reset their password on phishing pages, and register using phishing links so the phisher can get the mnemonic and full control on the account.


[1 Points] None:

Alphabay users are idiots. It wont work, theyll still click it. They click everything.

Its like aol in the 90s.


[1 Points] aboutthednm:

There is some pretty good phissing protection on alphabay.

A pin for transactions separately from a password, separately from PGP token authentication, and a personalized message upon successful login.

I don't really know what else is needed. It's up to you to make use of it. I gave my username and password to obvious phishing sites to see what would happen, but I guess nobody gets past the 2fa PGP Token authentication, as is intended. Have done lots of business since and never once changed password.

The phishing sites all ask for your pin immediately after login, and don't present you with your 2fa authentication.