TheOnionWeb has been embarked on a program denominated "Anti-Phishing Campaign" Our goal is to reduce the number of people affected by these phishing attacks.
What is phishing?
Phishing has many different forms, although they all share the same goal. But when we talk about phishing on the Darknet, the process could be described as follows: Basically, the user will think that they are using the real url (For all you to understand me, the official domain) of the market they are trying to access. The user will deposit the money to make a purchase not knowing that their money has actually been sent to the phishing owner. If the user was already registered, and uses this fake url to log in, it is very possible that they will also lose access to their account and their money. Without a doubt, it is the worst nightmare for a user or a vendor.
So what's the "Anti-Phishing Campaign'' by TheOnionWeb about?
Our first step has been to create a verification tool so that users can verify their URL quickly and without any complications. We want to introduce you to: Darkguard
With this tool you can make sure that you are not going to use a phishing immediately and without any complications. With this tool there is no excuse for users who fall into phishing. You just have to enter the URL that you are going to use and which you want to make sure is official and not a phishing. If it is a phishing, you will be told that you should not use it, if it is not, you can continue with your business.
So how do we to avoid phishing and how do we verify that the URL we are using is real and is not a phishing?
We have two options:
1. Automatically for those who feel lazy, you can use Darkguard
2. Manually by ourselves (Continue reading)
Now we are going to explain very detailed step by step how to verify a signed message and we will use Empire Market as example and as operating system we're using Tails (but the process will be almost the same if you are using any other operative system)
1st Step) We need to find the Public PGP Key of Empire Market. This is the most important step because we really need to be very careful to get the key from a verified and trusted source. For this marketplace we will get it from their own marketplace website, I am posting the location of their PGP Key below but as a TheOnionWeb writer I don't have permission to post marketplaces urls in my articles, so you have to replace ''EMPIRE-OFFICIAL-URL'' for a real url. You can find official URLs on TheOnionWeb's Empire market's listing or on Darkguard's Empire market's profile.
We also can get their Public PGP key from their official subdread: /d/EmpireMarket/wiki/?id=487c71e1 (But not all the marketplaces have posted their PGP on their subdread)
2nd Step) Once we have the official Public PGP key of the market, we are going to Applications > Passwords and Keys
Go to: EDIT and click on Paste just like in the image below:
Click on Import
Once that we have the PGP Key imported we will open a text editor. Applications > Utilities > Text Editor
3rd Step) Now we are all ready to verify our URLs, this process will change depending of the market, but basically this step consist of finding the signed URLs of the marketplace and verifying them using their official PGP Key we imported in the previous step.
Why is this method going to verify that the URL is real and not a phishing? Because phishers can't sign their phishing URLs using Empire official public PGP Key.
Access to the Empire URL you want to verify, but make sure you don't log in! Empire Market has a tab called ''Verify Mirror'' Let's click on it.
Now, let's fill a captcha.
Once you have entered the captcha properly, let's copy the full signed message. (Also, Make sure that the URL that is in the signed message is the same URL you want to verify)
STEP 4) Remember the text editor we opened at the end of step 2? Let's paste this signed message that we just copied into it and after that, let's select the whole message just like in the image below and let's check on the tor button in the top of the window (Check where the pointer is in the image below)
Let's click on “Decrypt/Verify Clipboard”
If the signed message is official, it will match the PGP Key we imported in the step 1 and we will find a similar message to the following one:
PERFECT! This url is safe, and by the way, that's all you need to verify a URL by yourself.
So what would happen if the URL is fake?
If the URL is fake, means that the phisher edited the official signed message, meaning that the signed message is manipulated, let's now edit the signed message by ourselves by just typing or deleting something to see what's the software's response after we click on “Decrypt/Verify Clipboard”:
Can you see it? After editing the signed message, the message will not match the official PGP key that we imported in the first step. So, if you see an error like this, you MUST AVOID that URL because it is not official.
This is RedGoblin and this has been my tutorial on how to verify the authenticity of a market url before use it and lose your money.
From TheOnionWeb, we will continue to bring new things and new ways to avoid being victims of phishing as part of our Anti-Phishing campaign.
If this tutorial has been helpful, or if you liked the Darkguard application, spread the word so that we minimize phishing victims.