🎣 Anti-Phishing Protection

The most dangerous phishing attacks create pixel-perfect clones of the real TorZon Market login page hosted on a similar-looking onion address. When you enter your credentials, the attacker captures your username, password, and even your 2FA code in real time, using it to log into your real account before the code expires. Other attacks include fake mirror lists posted on forums, compromised Tor exit nodes injecting fake pages, and social engineering through direct messages.

Always verify the full onion address character-by-character before entering any credentials. Phishing sites typically use addresses that look similar but contain subtle differences — swapped characters, extra letters, or visually similar substitutions (zero for letter O, lowercase L for number 1). Bookmark verified links in Tor Browser and never navigate to the market through any other method. Use our Link Checker tool to validate any onion URL before visiting it.

The most effective protection combines multiple layers: always use bookmarks for market access, enable 2FA so stolen passwords alone cannot compromise your account, verify PGP-signed market announcements for official URL changes, never enter credentials on pages that look or feel different from your last login, and report suspected phishing URLs to the market administrators immediately. Consider using a password manager that auto-fills only on the exact saved URL.