Keep hearing a lot about phishing on AlphaBay lately. Can't the admins add some simple feature to detect phishing messages and alert the user? Phishing messages will have some "official" sounding words and phrases, mentioning "admins", "supprt", "account security", "Alphabay support," etc. and also an onion link.
Maybe if enough of these things are detected the admins could be alerted and the page could display a big red warning message "THIS IS PROBABLY A PHISHING ATTEMPT" or something for the user.
We already have warnings in messages, but phishers find ways to go around the warnings by doing things like "replace the 0 by o in 0nion" or things like that, and people STILL fall for it. We do the following:
Display a warning for non-official links
Offer 2FA and force it to vendors, and include a warning message inside the PGP text
Display a list of official links in every page
Offer personal passphrase
Offer PGP signed proof of ownership for deposit addresses
Forbid registration of accounts having special keywords
Employ a regex of 0-9 A-Z -_. for username to prevent stuff like "àdmîn"
And despite all that, people still find ways to get phished, and accuse us of stealing from them. If people still get phished despite all that, they should probably stay away from the darknet.
We even saw people reset their password on phishing pages, and register using phishing links so the phisher can get the mnemonic and full control on the account.