Pages:
Author

Topic: [HELP]help me to get back my money from scammer (Read 1046 times)

copper member
Activity: 269
Merit: 12
November 09, 2021, 11:16:31 PM
#71
Once again, sorry about your lost eseayan.

Based photos/proof, you account it's hacked through link phishing. It's almost same of the date I got some PM here and sharing to other members here : https://bitcointalksearch.org/topic/m.57746225  not with some virus(maybe).

member
Activity: 65
Merit: 10
You should NEVER reuse your passwords for anything again, and I hope you learned a lesson about that.
Use some password manager like KeyPass for storing and generating new strong password for each website.
I had found some virus when I used windows defender to scan my computer some months ago.
Switching to Linux may also be a good idea so you won't need to use any antiviruses, and offline computer is much better for dealing with crypto.
Good ideas. I will try to do that now.
If you start using Keepass: don't forget to make regular backups of your password database.

As for the virus you found: I would never trust a once infected computer again without wiping it and doing a clean installation.
Yeah, I have bought a new computer to do things about cryptocurrencies. And the old one will be formatted and newly installed.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You should NEVER reuse your passwords for anything again, and I hope you learned a lesson about that.
Use some password manager like KeyPass for storing and generating new strong password for each website.
I had found some virus when I used windows defender to scan my computer some months ago.
Switching to Linux may also be a good idea so you won't need to use any antiviruses, and offline computer is much better for dealing with crypto.
Good ideas. I will try to do that now.
If you start using Keepass: don't forget to make regular backups of your password database.

As for the virus you found: I would never trust a once infected computer again without wiping it and doing a clean installation.
member
Activity: 65
Merit: 10
Maybe the hacker hacked my email, and my bitcointalk account password is same as that of my email account(I have changed them different passwords and applied F2A in my email account.).
You should NEVER reuse your passwords for anything again, and I hope you learned a lesson about that.
Use some password manager like KeyPass for storing and generating new strong password for each website.

Maybe the hacker instructed Trojan virus in my computer, because I had found some virus when I used windows defender to scan my computer some months ago.
It could be a false positive, but it's possible that you have some clipboard malware that could collect your passwords and any keys related with crypto.
Switching to Linux may also be a good idea so you won't need to use any antiviruses, and offline computer is much better for dealing with crypto.

Good ideas. I will try to do that now.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
agreed - there is no point in escrow for an in person exchange unless the escrow is there.

the deal does appear to have been a transaction where the items would be shipped.

I am not sure of the body of the dm's that "came" from both parties that suddenly changed it to an "in person" exchange.

Perhaps it would have been better to have returned the funds to the buyer and allow them to pay the seller direct.

If that had occurred the scammer would have been the only loser here.


in further review of the dm's - several were restored by Theymos - with a disclaimer, if one party still retains the dm, then it can be restored but if all parties on the dm have deleted it then the message is gone. So there is possibility of further messages that cannot be restored if all parties deleted them.

that being said, I can see where I believe eseayan's account was compromised. The sending account should be flagged.

the incoming dm


inspection of the link


close up of the link


also - in the restored dm's were dm's to mj from eseayan stating it would be an in person transaction and then a followup stating the transaction was concluded.

notice to minerjones that this would be an in-person transaction


notice to minerjones to release funds and that coins were in eseayans possession


and a dm to eseayan and minerjones from raj thanking both for a smooth transaction.


then the dm from minerjones stating funds were released


this does not help eseayan recover his funds but it does show it was some elaborate scheme/scam on the part of raj and the "mtowfiq" account. Worth noting is that the mtowfiq account had been actually identified as an account being used to impersonate other forum members and was actually left negative feedback by minerjones about a week before the dm to eseayan was sent.

copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
I would not have agreed to escrow a transaction that involved in person delivery. What if for example, the OPs account had not been hacked, and there was simply a dispute as to if the physical coin was actually delivered? There would be no way to resolve the dispute as it would be one persons word against the others.
Agreed on this. It's as if the escrow is useless if the transaction is delivered in person.

On the other note, I guess this can be prevented if the involve party used a different messaging app for faster communication or the escrow has other means of way to communicate, obviously to ping on what had happened to the buyer/seller.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
how can you delay funds transfer if there has not been any notification that  the account was compromised and no indication of it either?
Any last-minute change to the deal should be considered a big red flag, which justifies a delay.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
I would not have agreed to escrow a transaction that involved in person delivery. What if for example, the OPs account had not been hacked, and there was simply a dispute as to if the physical coin was actually delivered? There would be no way to resolve the dispute as it would be one persons word against the others.

Notwithstanding the above, if the terms of the trade changed, I think it would be prudent to delay the release of the money. This would allow for the buyer to flag something as being wrong.

I dont argue against your points.

I just dont see what alternative minerjones could have had if both buyer and seller appeared to agree to an in person exchange and then both parties appeared to express satisfaction with the deal.

how can you delay funds transfer if there has not been any notification that  the account was compromised and no indication of it either?
The point of delaying the release of the money is to wait for someone to potentially say that something is wrong. If he already knows something is wrong, there is a dispute and he should mediate accordingly.

at the time he was told there was a physical exchange, there had been no indication of any issues. at least that is how it seems to me - that it was not until the next day that an alarm was issued when the account was identified as compromised.
copper member
Activity: 2996
Merit: 2374
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
I would not have agreed to escrow a transaction that involved in person delivery. What if for example, the OPs account had not been hacked, and there was simply a dispute as to if the physical coin was actually delivered? There would be no way to resolve the dispute as it would be one persons word against the others.

Notwithstanding the above, if the terms of the trade changed, I think it would be prudent to delay the release of the money. This would allow for the buyer to flag something as being wrong.

I dont argue against your points.

I just dont see what alternative minerjones could have had if both buyer and seller appeared to agree to an in person exchange and then both parties appeared to express satisfaction with the deal.

how can you delay funds transfer if there has not been any notification that  the account was compromised and no indication of it either?
The point of delaying the release of the money is to wait for someone to potentially say that something is wrong. If he already knows something is wrong, there is a dispute and he should mediate accordingly.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
I would not have agreed to escrow a transaction that involved in person delivery. What if for example, the OPs account had not been hacked, and there was simply a dispute as to if the physical coin was actually delivered? There would be no way to resolve the dispute as it would be one persons word against the others.

Notwithstanding the above, if the terms of the trade changed, I think it would be prudent to delay the release of the money. This would allow for the buyer to flag something as being wrong.

I dont argue against your points.

I just dont see what alternative minerjones could have had if both buyer and seller appeared to agree to an in person exchange and then both parties appeared to express satisfaction with the deal.

how can you delay funds transfer if there has not been any notification that  the account was compromised and no indication of it either?
copper member
Activity: 2996
Merit: 2374
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
I would not have agreed to escrow a transaction that involved in person delivery. What if for example, the OPs account had not been hacked, and there was simply a dispute as to if the physical coin was actually delivered? There would be no way to resolve the dispute as it would be one persons word against the others.

Notwithstanding the above, if the terms of the trade changed, I think it would be prudent to delay the release of the money. This would allow for the buyer to flag something as being wrong.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
I would have preferred this:
I'd say: "Rule One: Never change the deal." applies (quote taken from The Transporter movie). If anything changes, a good default would be to delay the release of escrowed funds quite a bit.
Maybe a better solution would have been to refund the buyer if anything changes. If they agree to meet in person instead of shipping, that requires a new agreement in which buyer has to fund escrow again to a new address. But that requires strict rules from the escrow, known upfront, which wasn't the case here.

It looks like the scammer has at least one more account:
Facebook profile =https://www.facebook.com/profile.php?id=100027050231408
Twitter profile =https://twitter.com/ShitaNeupan
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?
copper member
Activity: 2996
Merit: 2374
Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person
Was this part of the escrow deal? Even if the delivery would have happened, you would have no way to confirm this if either party says the other one didn't show up.
According to what appears to be the escrow agreement, the coins were to be shipped to the buyer.

This was not long after eseayan's password was changed, and should have set off red flags.

I am interested to see what MJ plans to do about the situation.
legendary
Activity: 2212
Merit: 7064
Maybe the hacker hacked my email, and my bitcointalk account password is same as that of my email account(I have changed them different passwords and applied F2A in my email account.).
You should NEVER reuse your passwords for anything again, and I hope you learned a lesson about that.
Use some password manager like KeyPass for storing and generating new strong password for each website.

Maybe the hacker instructed Trojan virus in my computer, because I had found some virus when I used windows defender to scan my computer some months ago.
It could be a false positive, but it's possible that you have some clipboard malware that could collect your passwords and any keys related with crypto.
Switching to Linux may also be a good idea so you won't need to use any antiviruses, and offline computer is much better for dealing with crypto.
member
Activity: 65
Merit: 10
rajubhusal asked djjacket to put his (raj) name on the image. he then used that image as "proof" to eseayan of "ownership"
Really sorry this happened to you eseayan.
I remember a case in which someone signed a message with someone else's name, that was also used to scam. This is just as bad: it's common practice on the Collectibles board to ask for a photo with a handwritten username and the current date as proof of ownership.
You have single-handedly made this entire concept useless by doing this:
Image loading...
(screenshot taken by LoyceV from this link)

Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person
Was this part of the escrow deal? Even if the delivery would have happened, you would have no way to confirm this if either party says the other one didn't show up.

Minerjones said he doesn't have the coins:
I've verified this PM through OP's account. It's real:
Quote
« Sent to: eseayan on: September 17, 2021, 11:08:01 AM »

I must say I'm quite disappointed that 2 veteran Collectibles traders let themselves be used by a scammer!

edit - is there any way to retrieve deleted dm's?
Admin can restore deleted posts, I assume the same applies to PMs. But eseayan should ask for that, either by sending a PM to theymos, or by opening a topic in Meta. Admin may also be able to connect the account to other accounts.

This message should be sent by the hacker through my hacked account before I recognized my account is hacked.
Do you have any idea how your account got hacked?

Quote
Admin can restore deleted posts, I assume the same applies to PMs. But eseayan should ask for that, either by sending a PM to theymos, or by opening a topic in Meta.
sent a PM to theymos, copied to LoyceV

Quote
Do you have any idea how your account got hacked?
1.Maybe the hacker hacked my email, and my bitcointalk account password is same as that of my email account(I have changed them different passwords and applied F2A in my email account.).
2.Maybe the hacker instructed Trojan virus in my computer, because I had found some virus when I used windows defender to scan my computer some months ago.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
rajubhusal asked djjacket to put his (raj) name on the image. he then used that image as "proof" to eseayan of "ownership"
Really sorry this happened to you eseayan.
I remember a case in which someone signed a message with someone else's name, that was also used to scam. This is just as bad: it's common practice on the Collectibles board to ask for a photo with a handwritten username and the current date as proof of ownership.
You have single-handedly made this entire concept useless by doing this:
Image loading...
(screenshot taken by LoyceV from this link)

Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person
Was this part of the escrow deal? Even if the delivery would have happened, you would have no way to confirm this if either party says the other one didn't show up.

Minerjones said he doesn't have the coins:
I've verified this PM through OP's account. It's real:
Quote
« Sent to: eseayan on: September 17, 2021, 11:08:01 AM »

I must say I'm quite disappointed that 2 veteran Collectibles traders let themselves be used by a scammer!

edit - is there any way to retrieve deleted dm's?
Admin can restore deleted posts, I assume the same applies to PMs. But eseayan should ask for that, either by sending a PM to theymos, or by opening a topic in Meta. Admin may also be able to connect the account to other accounts.

This message should be sent by the hacker through my hacked account before I recognized my account is hacked.
Do you have any idea how your account got hacked?
member
Activity: 65
Merit: 10
Going off of times from my PMs:

Aug 28 2021 073933AM: eseayan contact about escrow

Aug 28 2021 084554AM: Rajubhusal contact confirming escrow with release address of 43Xf5BWzcdbdhDeHnj6cF1dG4fGnasQEUHyn2F92LK9VbyvP96nbhkdGZuEJKHd2X9eYhhbKQn4C6E1 V2h8EHSSvVjGs1rZ

Aug 28 2021 045333PM: eseayan paid escrow

Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person

Aug 29 2021 113837AM: minerjones confirms payment

Aug 29 2021 120243PM: eseayan send PM saying the coins were received

Aug 29 2021 012253PM: Rajubhusal confirms, saying to release to given address previously (see above)

Aug 29 2021 014725PM: minerjones releases funds.

Aug 30 2021 045711PM: from new/alt account "aseayan" asking to stop the deal because account "eseayan" was hacked.

Funds were received and sent out:

I am glad to know the full process. I believe what MJ said is ture. But it is so bad to hear the xmr is funded.

No matter that I can afford the loss. It is a big lesson that I should learn from. Here I will not blame anyone. I appreciate to get timely help from nutildah, MoparMiningLLC, LoyceV, owlcatz, etc. Guys, you make me still believe bitcointalk is the best forum on cryptocurrencies.

Thanks again.

 
EDIT:
Quote
Aug 29 2021 120243PM: eseayan send PM saying the coins were received
This message should be sent by the hacker through my hacked account before I recognized my account is hacked. What i wanna buy is physical coins, which need some days to be shipped to me from USA to China. I will not send message to confirm I have received them after the second escrow day.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
so my guess is raj sent the dm's from eseayan's account saying it would be an "in person delivery" and then that it had happened.

some may wish to see those DM's as they are not actually in eseayan's account. and in none of the DM's presented was it stated it would be hand delivered.


edit - is there any way to retrieve deleted dm's?
legendary
Activity: 3206
Merit: 3596
Going off of times from my PMs:

Aug 28 2021 073933AM: eseayan contact about escrow

Aug 28 2021 084554AM: Rajubhusal contact confirming escrow with release address of 43Xf5BWzcdbdhDeHnj6cF1dG4fGnasQEUHyn2F92LK9VbyvP96nbhkdGZuEJKHd2X9eYhhbKQn4C6E1 V2h8EHSSvVjGs1rZ

Aug 28 2021 045333PM: eseayan paid escrow

Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person

Aug 29 2021 113837AM: minerjones confirms payment

Aug 29 2021 120243PM: eseayan send PM saying the coins were received

Aug 29 2021 012253PM: Rajubhusal confirms, saying to release to given address previously (see above)

Aug 29 2021 014725PM: minerjones releases funds.

Aug 30 2021 045711PM: from new/alt account "aseayan" asking to stop the deal because account "eseayan" was hacked.

Funds were received and sent out:
Pages:
Jump to: