This is a reminder to always be careful when getting the links for markets and other hidden services. I just came across another phishing attempt and thought I should share it with you publicly to highlight the creativity that some miscreants have when it comes to phishing.
Apparently not only market subs are the target of phishing but also the superlist sub itself. In a now removed comment in the RsClub announcement post the following link got posted: /r/DNMSuperlist/wiki/superlist#wiki_dream_market [careful it is a phishing link, more on that later].
It made me suspicious as dream was off the superlist, yet the user still linked the seemingly latest version of the superlist wiki page and the link was not broken when visiting it.
It took me a few seconds and looking around to realize that the sub was /r/DNMSuperist with an upper case i instead of a lower case L. As you can see it is specifically made to look like the legit superlist sub, although an old version of it was used as a basis. You can for example see that the link to the vendor-shop list is missing on the sidebar. However even the mod account names have been imitated which highlights why it is that important for us mods and other well-known users to also reserve similar-looking usernames when becoming a mod, or even better when creating our accounts.
There are also other giveaways like no posts in the fake sub itself. Plus the official superlist does not use hyperlinks for the hidden service addresses. We leave it in text so you copy and paste it. This makes it so that we can't mask the link with a link name.
The bottom line is it could be even more sophisticated but it already is pretty well-made. Plus you can see that there are currently over a hundred users in the sub getting actively phished. The user who posted that link is already banned but unfortunately he is also posting on other subs we have no control over [like /r/DreamMarket].
We recommend the mods on other subs to automatically filter any post or comment that contains the name of the phishing sub and to ban the posting user when you come to the filtered comment / post in the mod queue.
How can users avoid such pitfalls?
Click on the superlist link on the sidebar of this sub, or
Manually type in the subreddit addresses, or
Cross check the links you get with deepdotweb and dnstats, like it is explained at the top of the superlist [interestingly enough it is mentioned on the phishing superlist too].
Use the signed versions of the superlist and verify them before using the links
. . .
the phisher in question is https://www.reddit.com/user/peter-pepper so feel free to mass-report his phishing comments.
edit: please also message the mods of the subs in the mod mail where the user is posting his phishing links and ask them to apply the filter mentioned in the post.
edit 2: thanks to /u/AgoraMarket for his quick response and action who banned the user in his dream sub and added a filter for the phishing sub.