discussion Free Buyer Beware Pt 2

[sswilson]

Just as a general best practice, I would recommend using unique passwords across all your various accounts and using 2FA/MFA where possible. At the very least, protect your email as that's typically the recovery method for most other accounts you have.

This is the main way these kinds of "attacks" work. They find a breach on one site and then try the username/password combinations on different sites assuming that the user had the same username/password on all of their accounts. If they find one that works they go from there.

 

[Lysrin]

This is the main way these kinds of "attacks" work. They find a breach on one site and then try the username/password combinations on different sites assuming that the user had the same username/password on all of their accounts. If they find one that works they go from there.

And it is amazing how many people I run into who still have only at best a small set of passwords they recycle for everything, including things like their banking or other sensitive material!

I mean you can't protect yourself from companies like Nova Scotia Power having a data breach of information such as personal emails, addresses, even SIN numbers, seemingly stored in their databases unencrypted (grrrr...) but we should at least control what we have control over.

 

[FreeKnight]

My apologies, I'm so used to being able to look up the IP addresses that I forgot not everyone can do that. When someone posts a BST thread with an IP address in Morocco it's a red flag for us to dig further. I guess just be wary on something priced way under market and know that the moderators are reviewing new BST threads with an eye to protecting the public from scammers.

I for one sell my best gear when I'm sitting in a cafe in Casablanca so I resent your comment!

 

[sswilson]

I for one sell my best gear when I'm sitting in a cafe in Casablanca so I resent your comment!

The argument against using geolocation of IPs for vetting BST threads is that it could very well be a VPN. I dunno if anybody in North America uses a European VPN end point by default, but it's possible I suppose.

 

[Izerous]

geo-locations are horribly in accurate in the first place even without a VPN. But as a vetting process seems 100%. Realistically a legitimate user is likely to just ping someone anyways and say hey what happened to my listing, where a bot or scammer I feel less likely to ever follow up.

 

[sswilson]

geo-locations are horribly in accurate in the first place even without a VPN. But as a vetting process seems 100%. Realistically a legitimate user is likely to just ping someone anyways and say hey what happened to my listing, where a bot or scammer I feel less likely to ever follow up.

In the most recent attempt the user DM'd me asking if I was going to approve it.......

 

[Shadowmeph]

The argument against using geolocation of IPs for vetting BST threads is that it could very well be a VPN. I dunno if anybody in North America uses a European VPN end point by default, but it's possible I suppose.

I use the simple free opera one for my gmail accounts which all my Gmail accounts are for various things like forums that I dont use often or gaming sire which tend to have more younger people that hack and of course face book when I rarely go on it maybe just to message my mother, but it shows I am in Denmark which then I seemed to get a lot of Porn stuff from around that area especially that gmail account that was hacked I never go to porn sites but the gmail that gets the most is the one that was hacked that spam folder always has at least 10 in it also it was the first Gmail I started to use which also was at all my gaming forum sites.
anyway the rule of thumb I have always used is if the deals seems to be to good then well it probably is, I have bought many things from people on this site and I have never been burned but I also kind of virtually know these people through the posts t hey have made in parts of the forum.
that said I have also replied to an apparent bot on this site a few years back someone had posted something about having issues withe their PC and me being the helpful person I am replied I was later informed again from admin that it was very possibly a bot which actually fooled me so yes now I am careful even on this site .
I am more aware pay much more attention but I am still pretty sure i have been fooled more then once

 

[CMetaphor]

The argument against using geolocation of IPs for vetting BST threads is that it could very well be a VPN. I dunno if anybody in North America uses a European VPN end point by default, but it's possible I suppose.

geo-locations are horribly in accurate in the first place even without a VPN. But as a vetting process seems 100%. Realistically a legitimate user is likely to just ping someone anyways and say hey what happened to my listing, where a bot or scammer I feel less likely to ever follow up.

Yeah using a VPN to get your Netflix in the UK is fine, but why does your regular PC need a VPN to browse HWC? Unless you've got a big VPN rerouting all your traffic from your router, I dont see why you'd need to set your VPN elsewhere to browse here.

 

[JD]

geo-locations are horribly in accurate in the first place even without a VPN. But as a vetting process seems 100%. Realistically a legitimate user is likely to just ping someone anyways and say hey what happened to my listing, where a bot or scammer I feel less likely to ever follow up.

One of the attempts the person went as far as getting what looked like legitimate residential IP addresses to post from instead (I think it was a mix of Telus, Shaw, Distributel) but the original "takeover" was from some European IP.

These feel far more sophisticated than simple "bots" as they also respond to messages... so it's either some AI-driven code or it's a ring of people running similar scams on social media platforms.