Official Deep Web & Dark Web Bitcoin Community

Author Topic: How to NOT get Phished  (Read 2380 times)

XYZZZ

  • Sr. Member
  • ****
  • Posts: 158
  • Karma: +200/-0
    • View Profile
How to NOT get Phished
« on: April 09, 2018, 06:54:49 AM »
If you are reading this, you probably got phished, lost money, or seen your BTC balance vanish.
If you posted in the Help section and the reply may have a contained link to a similar article, it means that we are 100% (Unless your using a non established market) sure that you got phished. Unfortunately, your coins are lost. Please do not open a new thread for your issue.

This stings, but we will try to detail how this can happen, in order to prevent this from happening again in the future. Note that phishing techniques have evolved over time and the only thing that can prevent phishing is if everybody uses common sense.

1) The credential stealer, or "locked out after depositing"

This is the most common technique. A member sends you a PM with "your dox information", inappropriate listing, etc. and gives you the link. In order to get a clear mind, you follow the link (it's NOT a real market link, but rather a "proxy" link that fetches the real market data, but captures the POST data), log in your account, and see that everything is all right. The phisher gets your credentials, logs in, and cleans your balance by making a purchase. If there is no balance, the phisher takes note of your deposit address, and monitors it for incoming coins. When it hits 3 confirmations, he logs in, cleans your balance, and you make a "coins not received" or "coins vanished" post on Helpdesk. The phisher changes your password and PGP. You also make a "locked out after depositing" post.

How to prevent: Simply use only official links. Don't follow random links.

Note: Some phishing links are all around: Google, etc. so use only trusted sources. Some links look very similar to official ones. In doubt, add a moderator to the conversation.

2) The PIN stealer

You follow a "special" phishing link that asks for your PIN and mnemonic upon login. Markets do not, and will NEVER, ask for your PIN on the login page. If the login page asks for your PIN, you are on a phishing page. You then make a deposit, and the phisher logs in, and uses your PIN to withdraw your coins. You then get shocked at your balance vanishing. You reset your password, but the phisher takes it back because he has the mnemonic. Game over. On your Balance page, you will see an authorized withdrawal made to an address that isn't yours.
How to prevent: Only use official links.
Note: Many users have been arguing about this one. There is no way to insert a withdrawal without having a valid session cookie and the PIN. We have investigated this throughly and the conclusion is that someone got your PIN.

3) The special deposit address

You follow a special phishing link again, just like #1. You go on your Balance page, see your "deposit address", copy and paste it in your Bitcoin client, and send the coins straight to the attacker's wallet. You make a "coins not arrived" post, and get a "This isn't an market address" reply. That link fetches the data from the market, but changes the on-screen deposit address. You then check the PGP proof of ownership, and see that it doesn't validate. Some links even display their own PGP key in the contact page, so you validate the phisher's address using the phisher's key. You then send your coins to the phisher.
How to prevent: Only use official links. Get the REAL market key and use it to validate stuff.

4) The withdrawal changer (less common)

You have a malware or a BTC stealer process that changes the address in the clipboard when you copy / paste an address. You copy your wallet address, paste it in the "withdraw" field, it gets changed to the phisher's wallet, and you send the coins straight to them. This can happen on the real market if you got the malware.
How to prevent: Don't install random stuff and stay away from Windows.
Note: Some phishing links also change the address when you click Send, without requiring any type of malware.

5) Bitcoin system malfunction or fast deposit address.

This is typically in a PM where a user is told that the system cannot accept deposits normally, or that they will be very slow, and will provide a bitcoin address for you to quickly send your money to. This is not an market address, this is a phisher's bitcoin address. Any bitcoin sent to a bitcoin address you got from a PM will be lost and cannot be recovered.


--- Key points to remember ---
- We strongly urge users to use 2FA when logging in. This eliminates 99% of phishing.
- The login page does not ask for your PIN. If you have to enter your PIN on login, you are on a phishing page.
- Do not use the same password elsewhere. Some users got compromised that way.
- There is no way to change the password without knowing the original. If your password got changed, someone knew your previous one.
- There is no way to withdraw without a PIN. An authorized withdrawal means that someone got your PIN.

--- I've been phished, what can I do now? ---
You can usually reset your password on the the markets forum or from another account. For AlphaBay is it the /forgot.php page. Make sure you are using an official link. If you use the password reset form using a phishing link, you should probably stay away from technology.
If you lost money due to phishing, unfortunately there's nothing anyone can do about that.

Mr.Bitcoin

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: How to NOT get Phished
« Reply #1 on: April 09, 2018, 10:08:52 AM »
This happened to me,  www.bitblender.io is a scam site THAT I went to mistakenly (I thought it was btcblender) and they straight up stole my pin number and about .20 bitcoins (at the time it was about $1k) and I wrapped it up to my own mistake and cut losses.. But now that btc is up to $20k almost that $5k sure would be nice to have right now. lol.