Phishing Prevention

Phishing is a form of social engineering. Scam site, Spoofing technique that mimics the official website!

The attacker aims to steal the victim's credentials, cookies and funds!

How they create Phishing sites?

Old method, the attacker creates a complete copy of the official website.

New methods like Evilproxy use reverse proxy. It redirects all requests of the victim to the official site through the malicious proxy! Actually works similarly to a MitM (Man in the Middle) attack. The attacker can steal any data that passes through it!

How to protect yourself in 3 easy steps?

1. Get URLs from Verified Source
2. Always verify new URLs!
3. Pay attention to details!

Keep following the guide below. Phishing sites are very tricky!

Phishers use onion URL generator. Firs 6-8 and last letters-numbers can be the same as official URL. Checking URL first and last few characters only is a BAD habit!

URL completing challenge provides good protection against phishing!

But attackers always make new steps to trick visitors more successfully!

Phishing site of Bohemia below! The URL in the address bar different then the URL from Challange.

Official Bohemia site Below!

Compare the URL in the address bar and URL on the page! See the image below.

Phishing site displays valid signed URL on the page, but the URL in address bar NOT the same!

Phishing URL:kingdom6e25htkb5xb22dr2nlm7gzqbikof5yh*****h54av5ynyqd.onion

Official URL:  kingdom6txlkrt7wba5r4lfiimfvueyzxnjfpmzutb4fqoxr6qaxajyd.onion

How to verify if you don't have a PGP key?

Kingdom Market provide a very easy and safe method to verify URLs!

Official Info Site = kngdmatte7ppwow7brad2drl22sybuvgcln47dlcvhsqduh4js73jkad.onion

Find 'Mirror validator' on Official Informational site. Copy + Paste URL into text box!

Phishing URL it returns INVALID result!

Valid Kingdom URL result below!

How to verify with PGP?

Check our PGP collection _LINK_ ! Soon it's under creation...

Or Visit Dread Forum. Find Official sub. Navigate to tab 'PGP public key'

2 methods - How to import keys and verify signatures

Method 1

Import keys with GUI App Kleopatra: https://apps.kde.org/kleopatra/

Copy the whole 'PGP PUBLIC KEY BLOCK' + Save in a .txt file

Open Kleopatra >>> Navigate to Import (from file) or to 'Clipboard' dropdown menu >>> 'Certificate Import'

Verify Signed message, URL with Kleopatra.

Copy + Paste the whole message block into Kleopatra 'Notepad' then click button 'Decrypt / Verify Notepad'

Valid Result below

Method 2

Import keys in Linux terminal

Step 1: Save PGP key in a .txt file, example 'pgpkey.txt'

Step 2: Open terminal

Command in terminal: gpg --import 'pgpkey.txt'

Change 'pgpkey.txt' to your file name!

Verify Signed message in Linux terminal

Step 1: Save PGP signed message in .txt file, example 'signed_message.txt'

Step 2: Open terminal

Command type in terminal: gpg --verify 'signed_message.txt'

Change 'signed_message.txt' to your file name!

Valid Result = Good signature!

! Bad signature = the message not signed with valid - official PGP key !