PGP 2FA Guide
Phishing Mirror Checker
Signed Mirrors
What is phishing?
Anti Phishing Protection

What is phishing?

So, what exactly is a phishing site and how do they work?

While some phishing sites are simply clones of genuine sites, most modern phishing sites on the darknet are typically operated in the form of a 'Man in the Middle' (MITM) attack. What this means is the site (such as a darknet market) you see will look exactly like the what you'd expect, and your login details and other functions will typically all work as normal. This is because you are indeed making a connection with the real site, but instead of that connection being direct, it is going through a server controlled by a rogue entity, meaning they can manipulate every input and output. Think of it like a proxy, albeit a very bad type of proxy!


Source: https://abacus-market.co/reviews-guides/how-phishing-works/

What happens if I use a phishing site?

The phisher will be able to access everything you enter, such as your username, password, PIN and anything else. They can also change some of what you see. For example, they could change the crypto deposit address displayed on a darknet market to a wallet address they own, meaning all of your funds will be stolen. Once they have your market login details, they could also access your account on the real market to withdraw funds if you have any deposited.

What can I do to avoid being phished?
There are a range of precautions you can take:

1. Check the mirror on www.abacus-market.co, we have a domain checker to verify if the domain is legitimate or not.
2. Only use the official mirrors from www.abacus-market.co | abacusmarket.com | abacus-market.co
3. Save the clearnet pages and never search for mirrors in search engines, as they are flooded with phishing domains.
4. In case of doubt, contact support before sending coins.
5. Use a different username, password and pin for each market.

Activate PGP 2FA

Many markets display the onion URL in the decrypted message you are provided when logging in via PGP Two Factor Authentication (2FA). This is one of the few outputs that attackers are not able to interfere with. If the onion URL listed does not match the one shown in your address bar, do not proceed and exit the site immediately.
Learn how to enable PGP 2FA here: www.abacus-market.co/pgp.php

What should I do if I think I've been phished?

It is advisable not to use that account again and simply create a new one for future transactions, but if you have funds in it for example, then be sure to change your password and PIN (where applicable) at the earliest opportunity. Two-Factor Authentication (2-FA) can provide you with protection against someone else accessing an account you own, but it won't protect you against getting phished if you go to a rogue site, since the 2FA will still function as normal since it will simply be routed via the legitimate server.