I know, I know! I said I was leaving the dark web, but there was a subject I’d been meaning to talk about and never did. Specifically, there are a ridiculous number of phishing sites on Tor (and on the web in general).
For those who are unfamiliar with the concept, they look almost exactly like a site you would normally use, but are designed to steal your login credentials and such. Most dark web users seem to be aware of this, but newcomers often fall for the fake sites.
Since Facebook announced its Tor-friendly URL (https://facebookcorewwwi.onion) at the end of 2014, many users likely flocked to the Tor network to try and use it with some degree of anonymity.
At least I’m 99.9% sure that’s what it is – please don’t enter any personal information into that page!!! As I said before, it looks almost exactly like the real one (with some minor differences), but as far as I know, there are no other official Facebook .onion URLs, so I wouldn’t trust it! (Heck, some people don’t even trust the real one!)
It’s not uncommon to come across clone sites of many other pages on Tor – the same thing happens with many of the marketplaces, social sites, forums, etc. This is why so many of them have a message that says: “Make sure you’re using the real [insert site name here].” Believe it or not, this is why I’ve attempted to memorize the URLs of some of the Tor sites (and succeeded, on occasion). They sure don’t make it easy, though. Could you memorize a URL like “mhpcpptjshjgdierfio.onion”? I understand that this is because onion addresses are usually made of a base32 string of the first 80 bits of the SHA1 hash of the server’s private key, but it’s still tough on us humans. (Yes, that was English.)
I almost fell victim to something like this back in the good ol’ days of AOL (around 1993). Someone had sent me a fake “AOL InstaKiss” email, which claimed that you had to enter your screen name and password:
Being that this was the 90’s, I fell for it and actually did so (because I was a net n00b) but realized my mistake soon after, and immediately changed my login info – so nothing happened.
Anyhow, I basically just wanted to warn Tor users who weren’t aware of this problem. On the plus side, the real Facebook onion URL is pretty easy to memorize, unlike many of the other Tor sites. So, in theory, it would be less likely to fall for a phishing attack.
Be careful, and use common sense. Always verify that a site you’re using is the real one (whether on the clearnet or the dark web), particularly if it’s one that requires login credentials. And if anything looks suspicious, it probably is!!