Phishing Prevention Guide
Phishing sites copy real market pages to steal credentials and funds. This guide explains how to reduce risk. Informational only.
What Is Phishing in This Context?
Attackers run fake .onion sites or clearnet lookalikes that mimic the real marketplace. Users who enter credentials or send funds to these sites lose access and money. Phishing links are spread via search results, forums, and unsolicited messages.
How to Avoid Phishing
- Use only verified links: Get .onion URLs from PGP-signed announcements or the official key. See our verified links page.
- Verify PGP: Check that the link is signed by the marketplace’s known public key. Do not trust “official” links from third-party sites without verification.
- Do not search for links: Search engines can rank phishing sites. Never use Google, Bing, or DuckDuckGo to find market URLs.
- Ignore unsolicited messages: Links sent via chat, email, or forums may be phishing. Always verify independently.
- Check the URL: v3 onion addresses are long (56 characters). If the URL is short or different from the signed one, it is wrong.
External Resources
For general guidance on PGP and verification:
- GnuPG — PGP implementation
- Tor Project Support — Safe use of Tor