Topic: Escrow Partner got tricked (Read 4918 times)

yea I don't see anything missing

Thats when you know he's desperate for even a few more satoshi. He's lying

yea I know that didn't happen because "SebastianJu" is threw out this thread saying he did get the BTC and pass it on

Maybe you are the one to blame for this issue. You might have been talking to a fake and then sent the Bitcoin to a fake address. You never know.

Ralobot.com is persistently PMing me trying to convince me he has access to my home PC
but everything he shows me is outdated info likely gathered from a fishing site (faking this forum)

if you had access to my computer then why bother with a trick/trade at all ?
why not just use the access to send yourself my money and avoid getting your account wrecked here ?

don't think I have seen an account so far into the red before hehehe

well it shows me changing my pass on February 27
must have been the day that thread was made

im pretty careful when changing passwords but anything is possible
he got in my account somehow

The url's you posted actually ARE the same. They all lead to this forum here.

You should have been cautious for having to login again. You should have been even more cautious when your firefox password was not autofilled. It surely wasn't and you had to manually login.

It was harder to see that the L in bitcointalk was replaced with an I. The little L looks very similar. And still it is a completely different URL and domain.

So the http is not a real problem. That the domain name was different, that was the problem. That domain had nothing to do with this forum except that it copied the contents from here and caught your password.

Though I surely don't know how he still could access it after you changed pass. Does your password change show up here: https://bitcointalk.org/seclog.php

Maybe you forgot to change or changed it to the old ony by mistake.

Theymos might put that domain name in autocorrect so that it automatically gets corrected.

wish that thread was still around so I could take another look at it
but as I recall the thread was on http://bitcointalk.org
and his link was on https://bitcointalk.org

at the time I thought I was being perinoid suspecting it was a fishing site cause the main domain was the same as the forum
I don't fully understand how these little changes in domain names work
http://bitcointalk.org
http://www.bitcointalk.org
https://www.bitcointalk.org
they should all be the same place but im not 100% sure
and that was the only dif I saw in his URL
I accused it of being a fishing site only cause I had to keep logging in

now im wondering about some other things I used to tinker with a few year back
dono if they can still be done
but there used to be a way to set a webpage coding so it would alter the URL being displayed in your address box
changing the real address of a link in the forum is easy if the forum is not set to prevent that

in the end the only reason I had to suspect the link was to a fishing site was the fact that I had to login
but that was enough for me to decide to change my pass just encase
I should have been safe

I changed my pass after clicking that link

Not at all. Don't stupidly click any link that any random stranger sends you and you are going to be alright

honestly my mind was on the accusation that I was a scammer
I looked back and forth several times trying o make sense of it since I didn't know the user and the link was to another users feedback not mine
I did suspect the link was a fishing site and changed my pass (then stopped visiting it)
then the hole thread vanished and I figured the staff agreed with me
didn't give it more thought till making that last reply trying to think of any possible breach in my own security
but I did change my pass that day and this all happened several days later

with this loss and another $40 to another guy
and payza not getting around to send the $140 they owe me to BTC as requested
im a bit set back in my plans here
I have more $ but I think it is better used securing my RDP business which is bringing me a consent profit
ill invest more here again when im back stable
I still plan to get into currency trading big time
but it will take longer then id planned

martin

i am sorry to hear that you lost some usd
 i have traded with martin for 150 usd btc for skrill
and he is legit


how come your account was compromised and the timming was perfect


i ask the forum guys is there something we all should be worried about

because i see this as a new method

and indeed its very dangerous of all method scammers use 

Well, so all his non matching stories had a reason.

Amartin99, at least your password manager should have warned about it. No autofill of passwords would happen on the phising site.

Knew it, amartin99 didn't want to listen but there you have it.

Someone needs to look more into how phishing sites work or expect their info to get stolen again and again.

Domain was registered back in January. Could have gone unnoticed for awhile because the phisher never changes password, deletes PMs and a few other things.

Seems Ralobot.com is a scammer using fake links to the forum to harvest usernames and passwords :

https://bitcointalksearch.org/topic/beaware-ralobotcom-is-a-scammer-trying-to-steal-my-account-password-1389494

Even though it was different with you it might be an idea to simply ask the seller if I either really should send to the address the seller sent, so that it is correct and quote the message. And quote the message from the buyer to release the coins.

Though there would still be the risk that the hacker reads the pm first, answers and deletes the pm.

IIRC this sort of thing happened to me a long time ago when I asked for a loan..
Hacker sent message with a new address. Good thing the lender quoted the message and I asked him not to send the BTC.

Close call.
Sad this happened to you :/

Ralobot.com



You say that you don't have the time to take a simple screenshot and post it. That is the work of maximum 2 minutes. Though in turn you post around, stories about you being the hacker, trying to get something for revealing the trick then suddenly change your story back because you don't receive the money.

You waisted hours posting and reading this and you still try to convince us that you don't have time to post a screenshot? Seriously... would you believe yourself?

Regarding new rules... well, it sounds hard to find a rule. I think maybe a warning to check the trading partners trust first and only proceed then. And an offer to the seller and buyer to give me an address of theirs before the trade and ask me to release the bitcoins only to an address that is in a message signed with the address of the seller and only release the bitcoins when it is in a message signed with the address of the buyer.

Together with a link to shorena's thread.

But seriously. I already know this will become a big mess. I already see the huge amount of questions I will receive then.

Well done sir...


How would you bypass it? I only imagine faking it though of course a message makes only sense when checked.

---

Indianacoin



Yes I know this thread and it is quite usefull though I can ensure you if you try to explain it with a link to a newbie... that is not all. It will be a big mess.

A base fee is fine and all but what should I do with 0.01 Bitcoin? That's $4 for the whole deal and believe me deals take alot of time often enough. With problems it will be many hours, and so on. Though ok, I have many deals where I don't receive anything. Maybe I really should value my time more and think about that.

I will see how I can deal with that. First I will ask other escrows what they think.

---

amartin99



If you would come over a phising website then your browser password would not show up. As well when you use a password database with browser extension. Such things can help preventing to go to phishing sites. As long as you don't put in the password per hand.

Did you do somewhere?

If a hacker gets a number of passwords then he really might be hacking bitcoinrelated. Maybe searching for wallets on VPS or something. Passwords he would most probably put in his password database though the forum has a 5 minute ban for logins into the same account. He could try it out on bitcointalk though he would have to know your username. Did you somewhere use the same username so that he could have checked if such a user exists on BCT?

It would have taken a bit but he would have been able to login.

Exactly... why telling me to send the coins to the address ralobot sent me? I mean ralobot wrote that he received his coins. That would mean the hacker would only have been interested in the PM. Then his scam was over after he received it. Sending this pm would only stir shit, like it happened when you got involved.

So seriously, this makes only sense when ralobot would be the hacker since he would then have both. His pm and his coins. And surely he never sent pm which is why he can't give a screenshot.

I don't know about the github script. Surely they will host all kind of code stuff and not controlling it.

You mentioned somewhere that you had to relogin into BCT every time visiting a link. Did you login manually or autofill? It might have been a phising link. Surely the hacker would have changed the link by now or deleted the pm.

If you changed the pass afterwards then I wonder how he should be notified. No email is sent out when sending pass. And when he was logged in on another pc at that time then he would be logged out after the change.

Otherwise, I'm not sure, it might be that the session of bitcointalk failed when the hacker logged in. He did not set to stay logged in and so your account was logged out after some time. Then you would have to relogin even though you do it with staying logged in enabled.

I don't know about skype but I think I heard about risks of skype besides privacy issues.

You should stop blaming the forum because it makes no sense that it is the forums fault. You are a small new user. Don't you think a hacker would hack another account on here then? There are users with huge piles of cash, unfortunately Iam not one of them even as escrow , and you surely would not have been the target.

Did you have set up recover account by hidden question?

---

Quickseller


Thanks for your opinion!

Yes, I think it is unlikely that he can't even spend the 2 minutes to make a screenshot and post it but instead posting on here for hours, telling stories of he being the hacker, trying to get money for the trick and then back out as being not the hacker anymore. Makes no sense.

It makes even less sense that, when the hacker received his PM, he would send a pm to me so that I pay ralobot. I mean it would be useless for the hacker. In fact dangerous. Drawing attention on the case.

The hacker would only do this when he would gain something from it.

In my opinion that shows pretty well that ralobot was the scammer. He has coins and pm now and he surely didn't bother sending the PM fiat out. That's the only reason he can't provide the screenshot.

The below is ignoring the fact there is apparently evidence that Ralobot.com is an alt of a scammer.

It looks like that Ralobot.com is claiming that he received a PM from amartin99 requesting that fiat be sent to a different PM address/account, however he is also claiming that he has deleted this PM. Depending on how long the alleged PM was in either amartin99 or Ralobot.com's inbox, the deleted PM may be recoverable by theymos (or anyone else with access to the forum's backups), although it is a fair amount of trouble to restore PMs that have been deleted by both the sender and the recipient so theymos may not be willing to go through the trouble of doing this.

As it stands now, it appears that Ralobot.com has not disputed the fact that he received BTC to the address that he requested BTC to be sent to. Ralobot.com could dispute this fact in the future, however this potential dispute could be refuted by providing PM logs showing evidence that Ralobot.com requested BTC to be related to a specific address as well as the txid of the btc being sent to such address.

Additionally, it looks like both parties agreed that Ralobot.com was to receive ~.64BTC in exchange for $279.93 sent to amartin99 via either PM or skrill. Ralobot.com also does not appear to dispute this fact, however if he did choose to dispute this, either amartin99 or your could show PM logs in which Ralobot.com agreed to these terms.

From what I can gather, it looks like Ralobot.com is not able to provide any kind of evidence that he sent any amount of PM/skrill to amartin99 at an address provided by amartin99.

Based on the above, it looks like amartin99 has carried out his side of the agreement, but Ralobot.com has not. Based on this fact, I would say that negative trust would be warranted for Ralobot.com. If however Ralobot.com is able to provide some kind of evidence that he received instructions to send PM/skrill to a certain address by amartin99 and that he did in fact send the appropriate amount of PM/skrill to such address, then depending on how believable such evidence is, I would consider removing such negative feedback. I would not however simply take his word for it.