Wall Street Market has warned its customers and verified vendors to be extra careful when opening any link sent to them or found on the market.
This comes after a series of complaints of users being phished and ending up losing their accounts and funds in their wallets.
It was reported through the WSM Forum by the community manager, Med3l1n, who said that a user was entirely banned after he pretended to be a vendor. The user, according to the community manager, had a phishing link in his Wall Street Market URL that was hidden with a real mirror link.
One Wall Street Market vendor by the name DeadHeadFred reported two instances when he was a victim of the phishing attack. On the first attempt, the vendor was sent a message regarding his offers with a phishing link accompanied.
We have received one complaint from a customer.
Self-rating is against the rules >
You have 24hours to delete this feedback, or further action will be taken.”
He was quick to notice the abnormality of the message which prompted him to open a support ticket with the moderators for further action.
The second instance, according to the vendor, was more sophisticated and well planned to make sure he fell into the set trap. The vendor explained that he sent out an order to one of his customers, which was under escrow protection.
Within no time, the funds were already released, raising suspicion as there was no way the customer would have received and finalized the order.
He continued to explain that he saw negative feedback with a one-star rating to the delivered order. The feedback contained a link which he suspected was a phishing link and discrediting his service.
The feedback read: “** BE CAREFUL ** This vendor is likely to be a scammer… STAY AWAY! If you are looking for a good plug, try this vendor:***Link Removed*** ( no FE needed )”
According to the vendor’s thought, the buyer lost the account to the scammer before the order was delivered, thus giving the scammer a better platform to propagate his actions.
The vendor opened a dispute for the negative feedback together with the weak rating to the moderator of the site. On further investigation by the moderators, they came to understand that the phishing links in both instances were similar.
The account holder was removed for other users’ safety in the future. This may not be the endgame of the scam as the chances of the same user creating another different account to propagate phishing links are still too high.
Community Manager’s Comments
Since the cases of phishing attacks were presented through Wall Street Market’s Forum, the users were eagerly waiting for the manager’s feedback.
Med3l1n, the pseudonym of the forum manager, was quick to reply the affected victims on the way forward and likely action to be taken.
Regarding the two instances of possible phishing attacks, the community manager gave directions on how to avoid being phished.
He also gave the legitimate links to the market and information on how to know a real site link.
Besides banning the scammers from the forum and the market, the community manager exposed the acts to all the forum members.
This would enhance accountability and sense of vengeance to the affected customers and vendors who probably lost funds through the phishing scheme.
The community manager advised all members who might have clicked on the phishing link, or any other link from a new vendor without a badge, to change their password immediately.
More to that, they should consider enabling two-factor authentication to step up their security measures in protecting their stored coins.
The Forum’s community manager further advised the members on how to avoid being phished.
They are vital points that darknet market users should take into consideration when putting their money on the mercy of anonymity.
The first one is to never click any link from a seller without a vendor’s badge. This will assure them that their account has not been compromised.
Any link from verified sellers too should not be taken as legitimate, as their accounts could be compromised and used in the wrong way. Verifying the credibility and authenticity of the link should be a priority before opening it.
This can be done by having the alphanumeric combination making up the URL link. Double-checking it with a reference is also highly recommended. Following news of the markets from social platforms like Dread will keep everyone up-to-date with all current affairs of the dark web.
The Bigger Picture
This is certainly not the first time there have been reports of phishing attacks being directed towards dark web users.
As the need for security grows with the dark web customers, a more significant platform is provided for scammers to propagate their malicious acts online.
It is a problem that darknet market admins are fighting to mitigate without a breakthrough, almost in all large markets at the moment.
Cybercriminals are working day and night to formulate smarter ways to scam unsuspecting customers in dark web markets.
Most of the phishing attacks in the history of dark web markets have taken place when a Distributed Denial of Service (DDoS) attack has hit the system of the site.
It is not long ago when almost all the large markets were affected with a major DDoS attack and criminals took advantage by creating replica sites to collect users’ credentials.
As most darknet users tried logging in to the replica sites, an error message popped up, only for the credentials to be used once the main site was back online.
A lot of people ended up losing their coins to the scammers—their wallet balance was siphoned within a short period of time.
It will be a collective responsibility from all stakeholders in dark web markets to protect genuine users from falling into traps of phishing attacks.
All that said, a key best-practice all darknet market users should follow is to take the time to understand a given site in and out before putting the money under their watch.
Getting to know all possible loopholes used by scammers will significantly reduce cases of phishing attacks in dark web markets.
Latest posts by Steve (see all)
- Darknet Buyer Arrested After Posting Selfie & Signature Linked to Weapons Deal - July 25, 2018
- Israeli Security Programmer Arrested for Breach Attempt - July 24, 2018
- Darknet Hacker Who Breached 100+ Companies Is Jailed for 10 Years - June 15, 2018