$70705.39
Home Market Chart Exchange Chart Guides
$135.54
$70705.39
$135.54

How does Phishing Work:

by DarkDotFail
Contents:
  1. Don't get phished
  2. How does phishing work?
  3. Does 2FA authentication protect someone from phishing?
  4. How can I know a URL is accurate?

Don't get phished

Phishing is a method used by thieves to steal Bitcoin. Some researchers estimate that over 5 BTC per day is stolen from people who do not PGP verify .onion URLs before using them.

How does phishing work?

Phishers widely distribute fake URLs to popular Tor websites. These fake URLs are called "phishing proxies": sites which sit between you and the site you think you are visiting. They log every form you submit including usernames, passwords, Bitcoin addresses, and PINs.

Phishing sites swap out all Bitcoin addresses on a page with addresses owned by the hacker and can also swap out other text to make their site feel official.

Someone phishing dark.direct, for example, would convince you to click a link like "the-real-dark-direct.com". That link would forward all page loads through to the real dark.direct, replacing all instances of "dark.direct" on the page with their fake URL in realtime, and also swapping out all Bitcoin addresses with addresses the phisher owns in order to steal your generous donations.

Does 2FA authentication protect someone from phishing?

No. All expected site functionality works fine through a phishing proxy because they are forwarding your requests to the real site's server, modifying the server's response in realtime. 2FA authentication, secret phrases, and other security measures all work as expected on these fake sites. They have become very advanced.

How can I know a URL is accurate?

The only way to know if a site is authentic is to PGP verify its signed URL proof, which is typically hosted at /mirrors.txt

You should learn how to PGP verify signed messages yourself by following our guide

If you are a cryptocurrency researcher, you could lose your entire budget by not verifying that the URL you are visiting is official before transferring funds. Always, always verify PGP signed messages.