More and more Empire Market users complain that money is being lost from their account or they have replenished their account but funds have not been received. What is the matter?
In this article we will try to explain why money disappears from user accounts and how to deal with it.
First, let’s establish the reason why users lose their money. It is not strange, but this problem is partly the fault of the users themselves. Most of them don’t even think about the existence of phishing sites and start logging into their account using the first link they get.
A phishing site is a fairly old type of fraud, but despite its age, a large number of users are still falling for it. Fraudsters create a copy of the site’s pages in order to get the usernames and passwords of the victims, or to force the victim to replenish the balance of a fake wallet.
Differences between a real site and a fake one
The first thing you should do is pay attention to the domain name. Fraudsters try to make the phishing site domain as similar to the original as possible.
As you know, Empire Market site is located on the Tor network, so its domain is similar to the unrelated set of letters “empiremktxdjovhm.onion”. The fact is that by default you cannot select a domain name in Tor browser, instead you get a random set of letters and numbers. The only thing you can do is generate many domains and choose the one that suits you the most.
They use special software for generation, but the fact is that such programs can quickly generate only the first letters of a domain. For example, it would take about 10-20 minutes to generate the first 3 simbols of a domain, and in order to get 9 simbols it would take several months or even years.
The domain “empiremktxdjovhm.onion” has 16 simbols, so fraudsters are not able to pick up even half of its name. But they found a way around this problem. Fraudsters make a domain not in Tor browser, but on a regular network (an example of a fraudulent domain is “empiremktxgjovhm.onion.loan”).
As you can see, the original domain ends with “.onoin” and on the phishing site the domain ends with “onion.loan”. This suggests that the fake domain is not part of the Tor network, but only mimics the name of the original by creating a third-level domain. You can verify this if you try to follow a fraudulent link from a regular browser. If the site opens in a normal browser, it means that Tor has nothing to do with it and the link can be called fraudulent.
Empire Market developers have foreseen that their site will try to fake and integrate link authentication into their market.
In order to gain access to this function, you need to go to the main page of the market “empiremktxdjovhm.onion” and add “/safe” at the end of the domain. This is what the domain for the authentication page “empiremktxdjovhm.onion/safe” should look like.
After you have added this word to the domain, press “Enter”. You will see a page where you need to enter captcha. Introduce it, and proceed to the next stage of verification.
At the photo above, the page that opens after entering the captcha is shown. This page serves to authenticate the link. The domain is highlighted in red, it must match what is entered in the address bar.
The public PGP key is highlighted in purple, you can use it to be 100% sure that you are on the official link. To verify, copy this key and paste it into the decryption tool available to you. After decrypting this key, you should see the domain that is entered in the address bar of the browser.
It is worth remembering that fake links copy only the appearance of the site, and not its functionality. Therefore, if you get to a phishing site, you can notice the differences in your personal data.
The data for each account is individual, so scammers can not predict the values of each user and expose them at random.
Personal phrase is a specially created block on the main page, which is needed so that at each login the user can verify the authenticity of the link. This phrase is set in the account settings and remains unchanged.
Look at the photo above, the phishing site is on the left, and the official one on the right. In appearance, the pages are similar, but you can immediately see that on the same account there are different personal data of the user, including the Personal phrase, which is completely absent on the fake site. Fraudsters also did not begin to put a banner on a red background, which warns of a possible fraud.
After studying this article, you should be visited by the idea that you should not trust the first impression of the site, you may miss details that could save your money from theft.
Unfortunately, more and more scammers appear in the Internet sphere, and in order not to become their target, each user needs to develop literacy skills on the Internet.