My own method to stop phishers 100% guaranteed

I recently lost $440 BTC to a phisher and I've also lost similar amounts in the past, so I decided to think up the most full proof way to stop phishers once and for all.

Since PGP and 2FA can't guarantee 100% that you won't get phished and lose your hard earned Bitcoin, I've decided to invent my own method to defeat phishers which I'd like to share with you today.

Step one: Create a market account using a link from deepdotweb.com and input security passphrase.

Step two: Access your market account from a link from Dream subreddit and change the login passphrase.

The security passphrase has been setup on one link (from deepdotweb.com) and the login passphrase has been setup on another link (from Dream subreddit). The phisher needs both the login passphrase and the security passphrase to steal your coins.

Step three: When you are ready to purchase something from Dream, only access your Dream account from the same link source you used in step two (eg. Dream subreddit links). Transfer coins to your Dream wallet by copy/pasting half the BTC address to where you plan on copy/pasting it, then copy/paste the other half. This is to prevent malware changing the BTC address without your knowledge.

Step four: After making the purchase, log out of your account and log back in through a third link source (eg. links from Dream Market site) and change the login passphrase.

I hope you like my method:)


Comments


[11 Points] ShadowClones:

How exactly can you be phished with 2FA? I’m sure there’s a way but I’ve never heard of someone getting phished with it enabled.


[6 Points] KingZork:

Since PGP and 2FA can't guarantee 100% that you won't get phished and lose your hard earned Bitcoin

PGP/ 2FA doesn't claim to guarantee 100% protection against phishing. However, inventing your own method because you don't understand a fundamental tried and tested cornerstone of OPSEC practice, you will undoubtedly get phished/ scammed again.

Just spend the time to learn it instead of creating a new market account every time you make purchase on Dream or any other market.

https://www.reddit.com/r/DarkNetMarketsNoobs/wiki/bible/buyer/


[4 Points] _PrinterPam_:

From your other thread:

"pgp and 2fa looks like it's going to be too complicated for me to use"

If it's too complicated for you to use, it's even more complicated to understand why it works well...so you've come up with this completely over-the-top 'solution' that pays lip service to a couple of good ideas and rambles on, ad infinitum, on things that add zero benefit.


[4 Points] DeadWifeHappyLife:

Assume all links are phishing links, including those posted by a trusted source, so make sure you find your own links that are more trustworthy. And make 10,000 new Accts. Actually just turn the computer off and go down and see juan, he's got the stuff.


[4 Points] BTC_Collector60:

I see a few flaws in your “method”.

  1. If you are using one of those proxy phishing sites that allows you to log in with 2FA by relaying your traffic to the real market site, you can “triple check the BTC address” until your eyeballs pop out of their sockets and it won’t help because it will be a bogus address (pointing to a scammer’s wallet) to begin with.

  2. Because the site sits in the middle between you and the real market site, they can copy all traffic including the so-called “Security Password” you enter when you are creating the account. In addition, the new password you enter when you “change the password immediately” will be compromised as well, so that is a waste of time.

  3. Some vendors simply will not sell to new accounts that have no purchase history. There is a very good reason for this: New accounts look like “Special Agent Sloan” from the FBI to them.

  4. When a phisher gets in, he can simply upload his own PGP key (or any random key), which will disable your access, and you will get the dreaded “Password Login Disabled” message we all have heard so much about.

  5. You suggest making your purchase quickly but it’s based on the false assumption “The phisher gets an alert when BTC hits your account”, no he actually gets the alert when the BTC hits the block chain and has to wait like everyone else before he can spend/steal the money, so depending on how high (or low) a transaction fee you used he could have days to prepare.

  6. 100% Guaranteed, but you have not told us where or how to make a claim. If we follow your advice and get phished, were do we go to collect on the guarantee and get the money back?

  7. It took you much more time to come up with this very flawed method than it would for you to have learned how to use PGP. PGP is really quite simple but the OP’s mind has convinced itself that it is too complicated so therefore it is.

I could probably go on, ad nauseam (in fact I likely already have caused some nausea).

If I was standing next to this guy with $440 dollars in my hand and told him “I’ll give you this money if you can prove to me that you have learned how to use PGP”, he’d simply go learn it and come back in 5 or 10 minutes to collect his money. I do not know what he wants to buy (or care) but I do know that it must be worth the better part of $440 as that is the amount he had in his account when he got phished, so in effect we have that circumstance here, he is about to put $440 at risk (or may have already done so).

I usually consider the money people lose to phishers as money well spent because before they were phished you would never be able to convince them they are practicing poor security practices and after their money is gone and they accept that it is, they don’t need to be convinced, they know. Unfortunately u/Qaqak, it would seem your $440 is just lost :)

You need to learn to use PGP and use it for 3 things: Login (instead of a stupid password), checking the link is valid (e.g. not a phishing site) and finally to check the ownership of the BTC address. Do those 3 things 100% of the time and you will stay away from being phished.


[3 Points] treetopmonkey:

I have an even better plan than this mate... Don't be an idiot. Simple, 1 step, foolproof... Oh, wait..


[1 Points] Al1ce1nunderland:

Make sure you have already chosen the item you wish to buy, then as soon as your BTC hits your account, make the purchase order immediately. The phisher gets a alert when BTC hits your account, so make your purchase order quickly.

And the phisher cancels the order..... and takes the BTC


[1 Points] only0ne-de:

Why the fuck you do not completly trash your PC after you realized

my pc was infected with a BTC stealer program.

!?!?!?!?!?!!?!


[1 Points] waxtelephone:

Well maybe you just need to work on your Opsec. Idk if you are trolling or not but your eventually going to gets LE on you. Not surprised if they already are investigating you.


[0 Points] Throawonka:

Don't listen to any of these guys. You are doin it right. Why wud you wanna use something like pgp. It's like the equivalent of wearing a moustache as a disguise.

Keep up the good work ....so here is a pro tip.... if you leave your social security number.. mothers maiden name and your account passsword. Vendors will often give you an extra 50% product .


[-1 Points] radiadorK:

Sorry but you are a noob.Phised doesnt exist.Is the market that steals money everyone.If Dream wants it will steal you again.It doesnt matter your fucking paswords o 2fa.Anyone use Dream or will be robbed