Phishing Advice

I was recently phished $2300 in Bitcoins from my Agora account. I am not sure how someone was able to hack my account and change my pin but they did and withdrew the coins to another wallet. I am led to believe that I copied a faulty url from somewhere but not sure that is how my login info was compromised. What I'm asking is how can I protect my login info, where should I copy the DNM url from and is Electrum a reliable wallet to use? I plan on learning more about Tails and using that and also PGP security when logging into markets.


Comments


[3 Points] Croatian_Biscuits:

To answer your question, you should memorize the Agora URL, so there is no trace whatsoever. Electric works fine

If you're spending that much on the markets it means youre moving weight and NEED to learn how to use PGP. Without it, the government has an easy way to find out who you are in case the site is seized.

Personally, I recommend staying off the markets for a bit until you become certain you understand basic OPSEC practices. Moving quantity like that is a risk in which you can leave no trace.


[1 Points] MLP_is_my_OPSEC:

Phishing is providing you with a fake web page that looks like the real one. It will send all data entered to a server or email address.

Always compare the URL. You can find it in /r/DarkNetMarkets/wiki/superlist and in the sidebar over at /r/AgMarketplace. If the two don't match up, something is... phishy.

Always enable two-factor authentication on markets.

Electrum is reliable and safe, as long as you configure it to go through the Tor network. Tails does this automatically.


[1 Points] StrictlyForResearch:

This is also why you should pay attention to the challenge phrase setup when you created the account. This would have displayed in the top right corner as you logged in, and if it was different you would have been alerted. I personally feel they should make the challenge phrase more obvious on the home page. As it is now the font size is quite small and it's hidden in the corner out of view.

I might as well ask, are you running Tails OS? If not and you are on Windows (which your are seriously foolish if so), you could easily have a keylogger on your system, giving them all your credentials to your Agora account.