How are people getting phished?

So i see all the posts about people getting fucked and getting phised. Now this hasnt happend to me and im new af to all this and ive succesfully completed and recived 2 orders from dream and zion. i got my links off deepdot web and bookmarked them like the bible says. I just dont get how people are that dumb to get phished. What would a phising website look like even? is it completley identical to the real market and have all the same functions? What are things to look for?


Comments


[13 Points] None:

Well the thing about people is, they are stupid as fuck

stupid as fuck + Darknet markets (which require decent working knowledge)= phished

ezpz money for the scammers though, since there is an unending supply of idiots


[7 Points] throwahooawayyfoe:

One of the perks of being a darkweb admin (of a site of any kind really: market, forum, private membership-only porn site, etc...) that not a lot of people might realize is the fact that, if you want to, you can save everybody's user/pass combo to a private database and keep that for your own purposes in perpetuity. When Evo went down, you can be sure Verto and Kimble were busy trying everyone's credentials on other market sites to see if they could grab some more coins. This is one reason why it's so important to never re-use your login info anywhere else.

Other more common ways people get phished include shady vendors and others sending malicious links to users via pm (ones that often look nearly identical to the legit page but which may be off by only a couple characters somewhere in the middle of the 17-character onion address), people being stupid and using clearweb proxy gateways to access the markets (These proxies are essentially MITMs that can read and see everything you do unencrypted on the tor network, and which also have the ability to change any hyperlinks or wallet addresses seen by a user), onion link aggregator lists such as Fresh Onions (These websites simply scrape the tor network for active addresses and list working links that they find, there is no discrimination for whether an address is actually the legit url or not), and fake DeepDotWeb clones (there are a million and one of these - every common misspelling of deepdotweb.com has a clone designed to serve phishing links registered to it).


[4 Points] SynisterSylar:

Would inputing the wrong password on a phishing site still gain you "fake access?". For example if you type in your password and then delete 1 character and it still logs you in wouldn't that be an easy way to detect if the site is fake? Maybe this wouldn't actually work. Thoughts on this phishing litmus test?


[3 Points] AlpraCream:

The anglers either have some really good bait, or they have a very large cast net.


[3 Points] boofme:

How To Get Phished 101.

1st: Have to be 12 years of age or younger.

2nd: Must send your btc and mailing address to DEA.

3rd: All your passwords have to be 1234 for easy accessibility to your accounts.


[3 Points] _PrinterPam_:

As to how it starts: Links from untrusted sources (e.g., there are a bunch of variations on the DDW domain name with the sole purpose of providing phishing links). If people aren't careful (newb & experienced alike), they can easily fall victim. SO...assuming you did the appropriate footwork, you did well by saving any official links. Good on you.

As to the sites: Yeah, they're likely identical clones of the real ones, or maybe live scrapes of the legit site. They'll certainly have the page with a deposit address for BTC (or whatever) where you can donate your money to the cause, so to speak. Unless they're going all-out, or doing the man-in-the-middle approach (not as likely), you probably wouldn't be able to enable 2FA or other complicated things.

Further steps you should take would be to enable & test 2FA on the legit market(s) and don't re-use passwords...though 2FA mitigates this issue, so long as you use it everywhere. Please note: I HIGHLY recommend having a zero balance (or as near zero as possible) on your account before enabling/testing 2FA...if the market doesn't 'auto-test' 2FA when you enable it, you might accidentally paste someone else's public key into your settings and end up locked out of your account. If that happens, you won't be seeing that money again.


[2 Points] diOpAnonMu:

To get to any darknet markets you need to be on Tor. Not everyone realizes that Tor exit nodes can modify unencrypted traffic. If you pull up a site like dnstats.net without typing https1, the Tor exit node can prevent it from loading from the correct place and insert phishing links.

Phishing links can also happen through private messages, posts on less moderated subreddits, other forums.

I recommend finding multiple sources that agree and storing the correct URL in your password manager and using 2FA.

1 the https stripping isn't possible for a lot of sites that are listed in HTTPS everywhere, like reddit or DDW. The stripping is only possible during the first visit, but since the Tor Browser or Tails clears history on every open, that's not the guarantee that you'd hope it'd be.


[1 Points] AutoModerator:

Per our Rules, noob questions are not permitted on this subreddit, with the exception of Moronic Mondays. Please read DNM bible for buyers and the other links on the sidebar of /r/DarkNetMarketsNoobs to educate yourself before posting your question on Moronic Monday or /r/DarkNetMarketsNoobs. Your post has been removed. If you believe this action to be incorrect, please contact the mods.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.