It was well organized and planned at least that's how it looked to me.
Agreed, someone saw an opportunity and took it with great skill.
If you send me a message and then another message from your account then another message from the same account I will obviously think it's you.
But if I say something completely different it doesn't hurt to be extra careful. That's what I meant with "the deal should not be changed anymore".
I would not have any idea that your account got hacked and someone else will send messages from your account.
Agreed again. That's what makes this scam so tricky, and I hope the community can learn from this and maybe prevent it in the future.
May be we can always add a signed message using either PGP or known bitcoin address. This way you have one more option to verify a message even if this come from an expected source. Like in MJ's case if there was a signed message using bitcoin address for every PM the sent to each others then verification could be stronger.
I find a Bitcoin signature much easier to verify than a PGP signature. In this case the victim didn't verify MJ's signature (even though it verified, so that wasn't the problem). But if the victim would have used signed messages too, hacking his account would no longer have been enough.
The sender can give a fake tracking ID or used tracking ID and the escrow would think it's real. Or even worse, the sender can send something else, may be a piece of brick and get a tracking ID for it. Send the tracking ID to the escrow and escrow will think the item was delivered LOL
Exactly. What's the point of using an escrow with those terms?