Many AlphaBay users have been phished before, losing money or having their BTC balance disappear without a trace.
AlphaBay admits that such an experience can be agonizing, but there are certain ways scamming can be prevented to safeguard your money from fraudsters. Nevertheless, since phishing methods have evolved with time, the best defense against phishers remains to be the application of common sense. Some AlphaBay phishing techniques to watch out for include:
Credential stealer, or “locked out after depositing” scam
It’s the most common technique used by fraudsters today. A fellow member sends you unsolicited “dox information” links for approval. While such sites seem like AlphaBay at first sight, they are just proxy domains that can capture your login details, thus giving the phisher access to stored bitcoins. But if there’s no available balance the AlphaBay scammer will record your deposit address, monitoring it for future incoming coins. To prevent this from happening, only use official links and avoid clicking on random referral sites.
Here, the victim is tricked into following an “exclusive” phishing link that requests for PIN information and mnemonics upon signing up. AlphaBay will never ask for your PIN details if this ever happens then be rest assured that it’s a phishing page. In such cases even changing your password won’t help, mainly because the AlphaBay phisher already has your mnemonic data. You can quickly identify this anomaly by checking for authorized withdrawals made to unrecognizable addresses. This trick can also be prevented by only using the official links. A majority of users have been complaining about this issue, but there’s no way a withdrawal can be approved without one first having a valid web session cookie and PIN. The only reasonable conclusion is that somebody else has your AlphaBay login details.
Special deposit address
In this phishing technique, a person is tricked into following a special phishing link where the scammer will then see your “deposits address,” before copy/pasting it into your bitcoin client page and sending the coins straight to their wallet. Phishers use a special link that fetches data from AlphaBay but then changes on-screen deposit address. The PGP proof of ownership will henceforth not show validity. Some links even show their access key on the contacts page, meaning that users will unknowingly validate the phisher’s address by employing the phisher’s key. This can be avoided by getting the real AlphaBay login key and using it to authenticate stuff.
Though less common compared to the other phishing techniques mentioned here, it can still happen and you should be wary of the risks involved. This scam occurs when you have a computer malware or bitcoin stealer program that alters address information on your clipboard after copy/pasting an address. Some of the phishing links even change the user address after clicking Send, without requiring any form of malware.