Pages:
Author

Topic: Escrow Partner got tricked - page 6. (Read 4984 times)

copper member
Activity: 2996
Merit: 2374
March 04, 2016, 12:28:31 PM
#57
So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?
That is up to you, however it is really the OP's word against rainbot's.

If I were selling a physical coin to someone and I agree to send first, then my trading partner says the coin has not yet been received but sends me the BTC anyway I really cannot question that if I actually sent the coin (I would of course attempt to resolve the issue).

If rainbot wants to claim that he fulfilled his end of the trade then maybe he can provide some kind of tracking number.

Maybe the admins can look into the IP that was used when the PM to Seb was sent, this won't necessarily prove guilt but if the hacker was lazy then maybe he used the same IP.
legendary
Activity: 1120
Merit: 1000
March 04, 2016, 12:20:53 PM
#56
So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

Should be tagged for selling carding methods anyway. Follow the payivy link and you'll see what I'm talking about.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
March 04, 2016, 12:20:48 PM
#55
So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?
xetsr aswell.
Interestingly, he got a negative feedback from ndnhc dating back several months about an unresolved scam accusation.



Should be tagged for selling carding methods. Follow the payivy link and you'll see what I'm talking about.
Agreed.
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
March 04, 2016, 12:17:41 PM
#54
So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?
member
Activity: 70
Merit: 10
March 04, 2016, 11:43:19 AM
#53
how do I encrypt my pass anyway ?
member
Activity: 70
Merit: 10
March 04, 2016, 11:41:20 AM
#52
no I have some LONG passwords generated by robo forum
some times when im feeling lazy I copy that but leaving out a few letters so as to make it different
when I did a scan of my passwords I found that's where I did here
and used the same pass when joining a couple other things
these other 2 things are large unrelated companies
no way they where fishing sites

encrypting my pass sounds like a good idea

having the forum use SMS confirmation every time our IP changes would be better

legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
March 04, 2016, 11:20:14 AM
#51
Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk


Well, one thing you should consider is not using the same password on different sites. That already lead to many damages.

Instead better use a password manager like keepass 2. You only need one really strong password you remember and don't user elsewhere. All other passwords can be get from that database and there is a plugin for firefox to fill out password information automatically.

Otherwise I would do a malware scan. But I wonder if he really compromised your pc or got your pass elsewhere and your pc is free.

Did you create the pass with a strange site?
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
March 04, 2016, 11:20:14 AM
#50
I just need to find a way to guard against this risk
Including signed messages (like the escrow does it in PMs to you) in your PMs would be an idea.
member
Activity: 70
Merit: 10
March 04, 2016, 11:19:21 AM
#49
Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk


Download anything lately? Dice bots, mining software and etc for example.
just this
https://codeload.github.com/jackjack-jj/pywallet/zip/master
it was sapost to help me clear out  my unconfirmed trades in BTC core
I looked at it but didn't use it
went with the altered icon route instead

well I got to get ready for work
maybe be back before going but got to get ready
legendary
Activity: 1120
Merit: 1000
March 04, 2016, 11:14:11 AM
#48
Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk


Download anything lately? Dice bots, mining software and etc for example.
member
Activity: 70
Merit: 10
March 04, 2016, 11:11:54 AM
#47
Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
March 04, 2016, 11:11:03 AM
#46
I reported all three pm's after checking that the User-ID of the buyer is the same in all PM's.

And I negrepped the scammer, which must be the seller then: https://bitcointalk.org/index.php?action=trust;u=561660

I already was wondering why the seller was a bit aggressive in wanting that deal to happen. Like "you wasted our time, sebastianju might negrep you" or so. It sounded scammy and since the trade already was done I asked the buyer if he wants to trade anyway. He wanted so the deal went through after I mentioned that the buyer only should proceed when he is aware of chargeback possibilities of PM. Well, it might be that PM is not chargebackable since the buyer wrote me so so I told him that I can't tell for sure and that he should inform himself and only proceed when he is aware that my protection ability only can go as far as the actual deal, it ends after I release the bitcoin.

Well, so far the deal was normal as buyer and seller were unique persons negotiating a deal. The real buyer sent the money and the hacker sent a fake email from buyers account.

I wonder how it happened that the account was compromised and it is a first for me that a hacker shares the account with a bitcointalk member. But thinking about how he wanted to deal I assume that he already had hacked the account at that time. Maybe he approached him because of that.



amartin99


Yes, the transaction is confirmed since some time already. :/ Though probably it would have gone through anyway.

I really would like to know how your account was compromised. The password of the forum should be sent encrypted with ssl, so even an VPN should not be able to read it. Must be more near your pc since it should not be the BCT-Server. Otherwise bigger victims would have been chosen.



Quickseller


The scammer wrote:

Quote
I received my PM escrow Please release BTC to ralobot.com.

Thank you.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
March 04, 2016, 11:02:18 AM
#45
and what to do now
I'd do what xetsr proposed to do.

Next step for you should be finding out how your account was compromised. Go through a list of sites and pages you recently visited and check for malware on your PC. I'm still pretty certain you were phished by the member you were dealing with.

it's been many hours so I assume your send of the BTC has been confirmed
No need to asume, just check the blockchain, the outgoing transaction has 39 confirmations.
Those coins are gone for good.
copper member
Activity: 2996
Merit: 2374
March 04, 2016, 11:01:45 AM
#44
If what Seb says is true then he would not be at fault as it is his job to ensure that the terms of the trade are followed out and if the OP wants to release escrow prior to receiving the goods (or in this case fiat) that is his choice.

Unless Seb had previously agreed to only release escrow upon a signed message from the OP then there is no reason why he should be required to ask for one.
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
March 04, 2016, 11:01:05 AM
#43
in the end I have made 9-10 trades on this forum
gotten feedback for only one and lost $310
it's been a discouraging first week

Welcome to bitcointalk.  Do everything you can to protect yourself here, or else you'll end up losing everything. There are so many scammers on this forum it's unreal.
member
Activity: 70
Merit: 10
March 04, 2016, 10:59:46 AM
#42
I did not read all messages in this thread to be able to answer fast. amartin99 first asked me about a trade some days ago. I answered a bit late and he wrote that he already dealt with another user. Well in the meanwhile I already had sent out the escrow details and after hearing that I cleared the address.

Then the other trading partner got back and wanted the deal to happen. I asked amartin99 if he still wants to deal and he said yes. After negotiating the deal I sent a new escrow address. Though he sent to the old escrow address. I said it's fine, no problem should appear from that.

After a while I received a pm from him claiming that the trading partner had sent him the goods and that I should release the coins. After that I received a pm of the trading partner telling me his bitcoin address to release to.

Well, I released the coins of course since both parties were ok with it.

Now I received a pm of amartin99 that he got a pm from me that I released the coins even though he had not received anything. Well, first scare went over when I checked my inbox and found that exactly the same user amartin99 had send me the pm telling me to release the coins. I answered on his complain pm and found that only the trading partner received this answer because the forum told me that amartin99 has blocked me for receiving pm's from  me.

This sounds like a strange situation. I will read the thread now.

Of course admins and staff can check my pm's.
I scanned up my received PM's looking for the box where you gave the BTC address
you use code boxes to give them so they rather stand out
don't know how I could have made a mistake and sent to your older address but since that wasn't a problem (whatever)

I never sent that PM saying to release the funds but then again I also never set my account to ignore you
I have now found and removed that setting
I also changed my pass about 20 min ago
clearly someone else was accessing my account
the question is HOW
and what to do now
it's been many hours so I assume your send of the BTC has been confirmed

copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
March 04, 2016, 10:53:20 AM
#41
what the hell  http://prntscr.com/ab4q3y
id say that confirms someone got in my account here
why the hell would I set to ignore him ?
think I saw where to undo that yesterday  but I sure didn't set it
You can just click the "unignore" under his trust rating.
You will also find SebastianJu in this list: https://bitcointalksearch.org/user/lutpin-520313
The user being ignored by your account in PM and messages, PMs being deleted, basic settings being changed without your knowledge,
face it, your account is compromised.

Next step for you should be finding out how your account was compromised. Go through a list of sites and pages you recently visited and check for malware on your PC. I'm still pretty certain you were phished by the member you were dealing with.
He would be the only one with a certain gain from this.
legendary
Activity: 1120
Merit: 1000
March 04, 2016, 10:53:15 AM
#40
I do not use an RDP for this
I sell RDP
I have only connected to the forum threw my home computer

what the hell  http://prntscr.com/ab4q3y
id say that confirms someone got in my account here
why the hell would I set to ignore him ?

think I saw where to undo that yesterday  but I sure didn't set it


Next step for you should be finding out how your account was compromised. Go through a list of sites and pages you recently visited and check for malware on your PC. I'm still pretty certain you were phished by the member you were dealing with. Why would the hacker not take your coin themselves? Makes no sense.
member
Activity: 70
Merit: 10
March 04, 2016, 10:49:37 AM
#39
I do not use an RDP for this
I sell RDP
I have only connected to the forum threw my home computer

what the hell  http://prntscr.com/ab4q3y
id say that confirms someone got in my account here
why the hell would I set to ignore him ?

think I saw where to undo that yesterday  but I sure didn't set it
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
March 04, 2016, 10:46:06 AM
#38
Of course admins and staff can check my pm's.
You could report the PM from amartin99 confirming he received the funds and ask for the mod handling the report to confirm it in this thread.

I answered on his complain pm and found that only the trading partner received this answer because the forum told me that amartin99 has blocked me for receiving pm's from  me.
Sounds like something the potential hacker did, trying to obstruct any further contact between the two of you.



Can you report the PM to grue or Cyrus(preferred) , along with this thread link for them to confirm
mexxer beats me to it.
Pages:
Jump to: