> HOME / ANTI-PHISHING
========================================================================================================
> LOADING: PHISHING DETECTION MODULE...

ANTI-PHISHING GUIDE — PROTECTING YOURSELF FROM FAKE SITES

Phishing is one of the most prevalent threats in the darknet ecosystem. Attackers create near-identical copies of legitimate marketplaces, optimised to steal login credentials and drain escrow balances. The DrugHub Darknet platform name is frequently imitated — this guide teaches you to identify and avoid fake sites.

----------------------------------------

HOW PHISHING SITES WORK

Phishing sites operate via several vectors:

  • Fake clearnet proxies — HTTP sites claiming to proxy the real .onion; they capture credentials before forwarding
  • Lookalike .onion addresses — visually similar character sequences (e.g. changing letters with similar-looking Unicode)
  • Forum/social media links — fake moderators or paid posters distribute malicious addresses
  • Search engine results — phishing sites pay for or manipulate darknet-related search results
  • Typosquatting — domains like "drughubb.info" or "druqhub.onion" that catch typing mistakes
----------------------------------------

HOW TO VERIFY A LEGITIMATE LINK

  1. Obtain the address only from the PGP-signed mirror list on our verified_links page
  2. Import the DrugHub signing key and verify the signature: > gpg --verify mirrors.txt.asc mirrors.txt
  3. Check the exact character-by-character match of the .onion address — use copy-paste, not typing
  4. Bookmark verified addresses immediately after first verification
  5. Re-verify from the PGP-signed source every 30 days as mirrors rotate
----------------------------------------

RED FLAGS — SIGNS OF A PHISHING SITE

WARNING INDICATORS
  • Site loads unusually fast — real .onion sites have Tor latency
  • HTTP (not HTTPS) .onion or clearnet address presented as legitimate
  • Asks for credentials without showing a valid PGP canary
  • Login page looks slightly different — button positions, fonts, layout
  • URL found on Reddit, Dread, dark.fail without PGP verification
  • Offers to "cache" or "mirror" credentials for convenience
  • Two-factor authentication prompt is skipped or simplified
  • Unusual redirect chains before reaching login
  • Requests wallet seed phrase or private key at any point
----------------------------------------

WHAT TO DO IF YOU WERE PHISHED

  1. Immediately do NOT deposit any funds to the compromised account
  2. Consider any password entered compromised — never reuse it anywhere
  3. If funds were on the phishing site, they are likely unrecoverable
  4. Report the phishing address on community forums (Dread) so others are warned
  5. Re-assess your OPSEC — check what information may have been exposed
  6. Generate a new PGP keypair and update all platform registrations
----------------------------------------

EXTERNAL VERIFICATION RESOURCES

> [ VERIFIED LINKS PAGE ]   > [ MARKET LOGIN ]
SYSTEM LOG