Sluts for Security: Phishing! Vigilance. Verify. Don’t Rush.

Sluts for Security: Phishing! Vigilance. Verify. Don’t Rush.

. 6 min read

Phishing is the most common technique used to gain sensitive information like passwords or 2-step login codes that lead to compromised internet accounts and Tryst.link accounts are not exempt from these regular phishing attempts. 

Unfortunately, sex workers are juicy targets for hackers because they know that for many workers, turning to law enforcement to catch them isn't an option and in general there’s little law enforcement can do to stop phishing attempts anyway. 

Hackers are constantly trying to impersonate the Tryst team in an attempt to get your passwords, 2-step login codes, or recovery codes, often using urgency and immediate action as a way for you to drop your guard. Once they gain access to your account, they may try to blackmail you to get your account back, or impersonate you to steal money from your clients, tarnishing your reputation. 

Someone trying to trick you into handing over personal information sounds scary, but with a little education and healthy skepticism, you can avoid their traps!

What is phishing?

Phishing is when someone on the internet attempts to trick you into sharing personal information using a range of techniques. Common phishing methods include:

  • Sending emails, DMs on social media, or SMS messages with urgent demands to log-in to your account, via an incorrect URL. The site might look identical to the original but is actually a fake site that steals your password.
  • Call you on the phone pretending to be Tryst, your bank, or a government agency, explaining that something is wrong with your account and for them to fix it, they need your multi-factor authentication code or other private identifying information (SSN etc).
  • Fake apps, usually shared via social media, that either pretend to be the legitimate app (such as age or identity verification procedures) or make a non-official app, and capture your password when you try to log into it.

My Phishing 101 blog post has extra information about phishing if you're keen to learn more about the techniques scammers use in trying to fool us.

How to detect phishing

Sometimes it's obvious you've been directed to a fake website or have been sent an email that’s pretending to be someone they’re not. Telltale signs include incorrect spelling, weird fonts, the wrong name, poor grammar, or images that don't work, look fuzzy or are out of place.

Every now and then, however, hackers get their shit together and it's difficult to spot anything suspicious unless you take the time to look closely. The Tryst Knowledge Base has a great list of things you can do to check if a message or email is really from us.

Things to look for in a message from Tryst:

  • Check who sent you an email. Tryst will only ever email you from a @tryst.link email, most commonly [email protected] and [email protected] and never @gmail.com, @hotmail.com or @protonmail.com.
  • We will never use a link shortener (e.g: bit.ly, x.co, tinyurl.com) in any of our emails, so if you hover over a link or click a link and see anything except http://tryst-fun.fun, https://app.tryst.link, or https://tryst-fun.fun/s__help, delete that email!
  • Check the URL (aka web address, aka domain name) of the website you're on by looking at the domain name in your web browser’s address bar. We will only ever use the domain names http://tryst-fun.fun, https://app.tryst.link, or https://tryst-fun.fun/s__help when communicating with you.
  • If the email is asking you to share your password, payment information, or 2-step login code with us, or ask you to disable 2-step login on your account, that's gonna be fake. We won't ever ask for that stuff.
  • Don't click links in emails or messages. Instead type tryst.link in your web browser to log in. That way you can be sure you're visiting the correct site and not a clone set up by a scammer.
  • Your 2-step login (2SL) recovery code is for emergencies only, like when you know you've lost access to your 2SL method (e.g: lost phone). If you know your 2SL method still works, why would Tryst demand to use your backup codes?
  • Tryst won’t ask you to do anything immediately or super urgent. We will provide ample time to respond or appeal before we take critical actions like disabling your account. Slow down and check that the message is really from us before doing something like changing a password or adding a new form of 2SL.

Can I avoid a phishing attempt gaining access to my account?

Despite everyone's best efforts, phishing attempts are sometimes successful. It's inevitable that one day there will be a message or a website that appears at just the right time when your defences are down or you are vulnerable and suddenly you've handed over your password to a hacker. 

By making sure your general internet security is solid, you can thwart the attempt or at least limit the damage.

Unique passwords. If a hacker gets a password from another website and tries to use it on Tryst, but is hit with a request for a MFA code, there's a chance they'll then pretend to be Tryst in the hope you hand it over and they gain access to your account. This wouldn't happen if they don't have your password in the first place. The Tryst.link blog has a post about password managers and why they’re so important.

Unique email addresses. Fake emails are a really common method for phishing attempts. By using different emails for your Tryst login and your Tryst profile, you can instantly dismiss any emails claiming to be from Tryst that are not sent to the email address you use for logging in to Tryst. Many email providers support this feature, like Protonmail and Fastmail, sometimes calling them “aliases” or “masked” emails.

Physical security tokens. These are little USB or NFC dongles that act as multi-factor authentication methods that only work if they are physically present. It makes a phishing attempt impossible unless the hacker also has the physical plastic token in their hands. Tryst.link supports them too! This blog post has more info about physical security tokens.

Passkeys. These are a new form of security technology that’s similar to a physical security token but without the physical bit. Instead of a USB stick or NFC, it’s a cryptographic signature that lives in a password manager like Google Chrome, Apple’s Passwords app or 1Password. We have a whole article about passkeys that’s worth a read if you’d like to use this method of authenticating yourself with Tryst.link.

It's always a good idea to beef up the security of your Tryst account so that even if you hand over personal information accidentally, the damage they can do with it is limited. We have a useful knowledge base article about keeping your Tryst account secure that’s full of internet security best practices.

Be vigilant, verify, don’t rush

Phishing is a huge problem on the internet, but for sex workers it's even more of a headache because our internet presence is tied to our income. For scammers, sex workers are lucrative targets for the same reason. They know you need your Tryst account to make a living and they know that sex workers are unlikely to report any crimes to police due to the perilous nature of sex work in many jurisdictions.

Phishing attempts can come through emails, social media messages, SMS texts, phone calls, or even fake apps, all designed to create a sense of urgency and prompt immediate action. Always verify if the message is from a valid Tryst email address, that URLs are legitimate Tryst.link addresses, and never share sensitive details like passwords or authentication codes as the Tryst team will never ask for them. Most importantly, don’t rush, slow down and take the time to assess if what you’re being asked to do is really from us. Consult Tryst’s knowledge base article about phishing if you have any doubts.

Over the years we’ve published on this very blog, many great resources about phishing and internet security in general that are aimed specifically at sex workers. Check them out and defend yourself from all the bastards trying to rip you off online!

Got a tech question for Ada? She wants to hear from you!

Ada answers all your questions about tech, the online world, and staying safe in it. No question is too silly, no hypothetical is too far-fetched! Learn to leverage devices, systems, and platforms to your benefit.

Ask Ada

Ada Hamilton

I'm your shoulder to cry on when technology gets you down. No question too silly, no hypothetical too far fetched! Together we will learn to leverage devices, systems and platforms to your benefit.

Recent Posts

Whoreview: Come by Rita Therese

What is an Erotic Massage?

Say Hello To The “Find Out Phase” of Internet Age Verification In The UK

How To Make A Zine

Sex Workers, Queers, and an Obsession with Astrology

Tags

A Tryst About Town A Tryst With... Allyship Resources Articles Ask Ada BDSM BIPOC Black Liberation Client Resources Community Updates Culture Disability Discrimination Editors Note Events Feminism Gender History Hobby Whores Hoe's Odes Interviews Labour Rights LGBTQIA+ Migration News Old Pros Opinion Parenthood Personal Essay Poetry Politics Porn Recipes Relationships Reviews Scarlet Letters Series Sex Education Sex Industry Book Club Sex Work In The City Sex Worker Saturday Site Updates Sluts for Security Tech The Bottom Line The Moment I Knew Trans Whore and Tell Worker Resources