Phishing Prevention & Link Verification

• Fake .onion Mirrors: Scammers create clone sites with URLs that look similar to Atlas Market's real mirrors
  Example: Real site is atlas4k2j7d.onion, fake is atlas4k2l7d.onion (one letter different)
• Reddit/Forum Posts: Scammers post "helpful" links to "working mirrors" that are actually phishing sites
  Never trust .onion links from Reddit, Telegram, or any social media
• Fake Mirror Lists: Scammers create websites claiming to track "all working darknet market mirrors"
  These lists are filled with phishing links - only trust atlasmarket.ink/mirrors
• Clearnet Phishing: Fake clearnet sites pretending to be Atlas Market's official page
  Only atlasmarket.ink is legitimate - watch for typosquatting (atlasrnarket.ink, at1asmarket.ink, etc.)
• Direct Messages: "Support staff" or "vendors" sending you links via Dread, Telegram, or market PMs
  Atlas Market staff will NEVER send you links via DM

1. You enter your credentials on a fake Atlas Market site
2. The phishing site captures your username and password
3. Scammers immediately log into your real Atlas Market account
4. They initiate withdrawals of all your funds (Bitcoin, Monero)
5. They may change your password and PGP key, locking you out
6. They might access your order history to see your shipping address
7. Within 5-10 minutes, your account is completely compromised and empty

⚠️ There is no recovery. Atlas Market cannot refund stolen funds. Once your coins are sent to the scammer's wallet, they're gone forever.

This is your #1 defense against phishing. Never type URLs manually or click external links.

1. When you first access Atlas Market from a verified source (atlasmarket.ink/mirrors), immediately bookmark the .onion URL
2. Name it clearly: "Atlas Market [VERIFIED 2025-11-14]" with the verification date
3. ONLY access Atlas Market through this bookmark - never type the URL
4. If mirrors rotate, get the new URL from atlasmarket.ink/mirrors (via bookmark), verify it works, then bookmark the new one
5. Keep 2-3 working mirrors bookmarked as backups

The ONLY official clearnet site for Atlas Market mirrors is:

• Bookmark this clearnet page as your source of truth
• Check the SSL certificate (click padlock) - should be valid for atlasmarket.ink
• Watch for typosquatting: at1asmarket.ink, atlasrnarket.ink are FAKE
• This page is updated with working mirrors when they rotate

Two-factor authentication provides a critical safety net:

• PGP 2FA: Even if scammers steal your password, they can't decrypt your PGP challenges without your private key
• Login Pattern Detection: If you get a 2FA prompt on a site you just logged into, you're on a phishing site
• Time to React: 2FA gives you a few extra minutes to realize something's wrong and change your password
• Not Perfect: Sophisticated phishing can bypass 2FA using real-time man-in-the-middle attacks, so still verify URLs

• Set up a separate PIN for withdrawals and purchases
• Make it different from your password and 2FA
• Even if someone gets your login credentials, they can't withdraw funds without the PIN
• Buys you critical time to notice the compromise and secure your account

• Never store large amounts in your Atlas Market wallet
• Only deposit what you need for immediate purchases
• Make a purchase? Withdraw remaining balance immediately
• If you get phished, the damage is limited to what's currently in your account
• Think of market wallets as hot wallets - temporary storage only

Atlas Market staff signs important announcements with their official PGP key. Here's how to verify:

1. Find Atlas Market's official PGP public key on the clearnet site or in your account settings
2. Import this key into your PGP software once (Kleopatra, GPG Suite, GnuPG)
3. When you see a signed message, copy the entire block including signatures
4. Use your PGP software to verify the signature
5. Look for "Good signature from Atlas Market Staff"
6. If signature is invalid or missing, the message is fake

When Atlas Market detects phishing sites targeting users, they post warnings:

• Check the homepage for "Phishing Alert" banners
• These warnings list known phishing .onion addresses
• Cross-reference with your bookmarks - if they match a warning, delete them immediately
• Sign up for Dread forum to see community-reported phishing sites

If you suspect a site might be phishing but aren't sure:

• NEVER test with your real credentials
• Try logging in with fake username and password (e.g., "testuser123" / "password123")
• Phishing sites often show "success" or redirect you even with wrong credentials
• Real Atlas Market will immediately show "Invalid username or password"
• This is a quick way to expose lazy phishing attempts

⚡ Emergency Response (Do This NOW)

1. Access Real Atlas Market (1 minute): Use your verified bookmark to go to the legitimate site
2. Change Password Immediately (2 minutes): Account Settings → Security → Change Password. Use a completely different password.
3. Withdraw All Funds (3 minutes): Go to Wallet → Withdraw → Send all Bitcoin/Monero to an external wallet you control. Don't wait.
4. Update PGP Key (5 minutes): If possible, generate a new PGP keypair and update your account with the new public key
5. Check Activity Logs (2 minutes): Review recent logins and transactions. If you see unauthorized activity, the scammer beat you.
6. Enable Additional Security (1 minute): If you didn't have 2FA enabled, enable it NOW. Set withdrawal PIN if available.

Total time needed: About 15 minutes. The scammer will likely act within 5-10 minutes, so speed is critical.

After Securing Your Account

• Report the phishing site on Dread forum to warn other users
• Delete the phishing site bookmark if you saved it
• Review how you ended up on the phishing site and avoid that path in the future
• Consider creating a new Atlas Market account if the compromise was severe
• Check your other darknet market accounts - if you reused passwords, change them all