Topic: Password changed / Woke up recently. Good signals to know potential scammers (Read 656 times)

Yeah maybe no visible indicator, but we can check from security log pages to check every member who woke up or change his password. Or, you can visit BPIP website to see when the last change made by that members. Here an example from BPIP




Since the recently woke up and password/email change have a limit to shown on Trust Page, the BPIP page will help you to know security log history for every user.

It is exactly being mention all the details and possibilities of the just woke up account. Who knows that you might be dealing with hack accounts and scammer offering you something which is really good. I know there are sold accounts here and some of them are being tagged already good for them. For now,  there is no visible indicator that the account shows just woke up unless you will going to check the user profile. As if one is not careful checking these details might not be able to aware who is he was dealing with. So a good practice is to watch always users profile account.

The message container in OP is obviously a vital and need to know one as far as security is concerned. It signals that your account has been tampered with which probably implies that your email maybe watched or is within the reach of a scammer.
For the rest of the users in the forum, it serves as a warning in contrast to the trust system as well. Though, we all love to think that we remain anonymous to each other but then, I'm sure a few users most have got to make true friendship and conducted a few successful businesses with each other hence, earning the trust of the other person. Hence, this signals the other party that, this might not be the regular user as the account portrays therefore, the user is warned by the system to apply caution in dealing with such account.
It's a good one @OP. I'm sure a lot of users don't know this.

It is normal if one reactivate their accounts after more than 6 months. Many people tend to abandon their accounts (not only account on the forum, but also account on exchange) when market is bearish for months; and reactivate their accounts when market turns to bullish. On the other hand, it is very abnormal if one user reactivate after months and instantly want to run a company, want to trade with the others. The same goes for passwords changed or reset.
Without trading, reactivate account does not harm the others but sometimes, the forum has seen some massive accounts woke up and spammed.

I don't think I've got one of those, but I will take on board what you just said about trading.

Thanks for the information.

I do not consider the case of changing the password or recently waking up as suspicious activity from profile account (like your account). However, in trading and lending they avoid your account because of potential fraud problems but if you can verify the old BTC address then avoid these accusations.

You may find at the moment with the world situation that people are returning to the Bitcoin forum (such as myself) or, they may have simply lost track of certain things such as their password for this forum and have needed to change their passwords, or reactivate their accounts.

If they woke up and don't do anything else, making new posts or running business or making offers with the others; it is not correct to take woke-up accounts. There are thousands of woke up accounts, and not all of them are scammers or bad ones.
The topic title is clear, bro.
"Good signals to know potential scammers".

I havent realized what the main goal of the OP was before, but you explained it well to me. Thanks
But action can be taken when the account is proven to have been hacked and sold or changed ownership when someone has investigated. Maybe as has been done by Veleor, https://bitcointalksearch.org/topic/m.52678334.

What the OP explains are simply features to watch out for when dealing with an account, especially if the dealing is related to trade, following a link, or interacting with them on a private basis. It is by no means cause for immediate call to action by means of Trust (with the ignore, one can do as they wish, since it is a private matter).

It is merely a caution one should have, and Trust should not enter the equation just because an account has woken-up and/or changed his password. Imagine doing that automatically to the account who’s Id=3, just because it woke-up … That would put us on alert to see what the account does, and act according to the account’s actions from there on.

I have read your thread from the first to the last reply but havent found what to do with the account when someone gets it?
Give them redtrust or ignore them ?

Thank you, @SRF10. I added those details in OP.
Of course, I will change my password if I find out strange activities with my account (log-in IP, and strange PMs in my Outbox).

For one who don't know how to check your log-in IPs (for the last 30 days), visit that page after logging in your account: https://bitcointalk.org/myips.php
Make sure you choose the option: Limit your IP retentionn (Profile --- Account Related Settings --- Choose that option)

Here you go: Direct link

---

Correct...
- The following highlights, might come in handy:

---

Even if there's strange activity on your account while you were away? What will be your first step if the person that used your account, didn't change anything?

Password change is normal but it will turn to be a potential issue if one user is inactive for months (more than 6) or years, then woke-up, reactive and instantly changes password.

If I come back to the forum after months, I don't see why do I  have to change my password, if I don't lose it. I guess most of you do it too. The most common reason of password change is forget password from initial account owners or hacked/ stolen accounts.

Combinations of two or three things aforementioned are issues.

If you want to change your password for security reason but someone reporting you did something wrong (such as, hacked account, sell account) to bounty manager and makes you banned from campaign, you can create a clarification signature message with your staked Bitcoin address on this thread .

---

There are some factors to consider potential scammers.
The title is "Password changed / Woke up recently." More exactly, it should be password change and/or woke up recently. If you want to add more email changed recently. In previous posts, people mentioned about BPIP, that I know too. Unfortunately, the site is in updating progress and we might see a totally new version of BPIP soon.

You can combine all three factors:
- Password changed
- Woke up
- Email changed
All done recently. However, in my opinion, only the first two factors are enough to be more cautious with such accounts.

I don't think the "password changed" message is something meaningful. That is the widespread practice in password changing on regular basis to increase security of the account. Some services even force you to do that from time to time, IMO.

The recently woke up or password changed warning can disappear after sometime from the profile's trust page making it hard to know if the account is now under control of someone else, therefore, I just wanted to add that Vod's Bitcointalk Public Information Project can also be a good tool in tracking and finding out if an account woke up and it's password was changed in the past [from mid 2018 when the BPIP was launched] even when seclog no longer has such information

Email change is one of the strongest proofs that an account probably changed hands. But some scammers and account hackers are starting to become smarter. They don't change the password or email of the hacked account and then they will post scam ads around the forum or send scam PM to other members when the owner of the account is not aware( i have seen this kind of thing happen at-least a half a dozen times though at this time, am not able to retrieve at-least one thread to show some victims complaining about it.)

So bottom line is, one has to be very careful when trading with anyone round the forum whether the password or email was changed recently or not. Hackers/scammers sometimes hide in plain sight.

Email change too could be added to the OP, I believe it could be a sign that the account has either been hacked, or sold(generally changed hands). Once you click on a users trust page, you can see if the user changed email recently.

All these does not make such users scammers, but it's an indicator, a sign, most especially when all three are present, password changed, woke up recently and email changed, you must be careful with that user, and report them to the admin if you receive a pm from them.

I had a quick look at the security log and found these:


Strong signals as mentioned in the OP.

If we want to get a measure of just how many accounts go around one of these procedures, we can take a look at the SecLog. It displays these circumstances nominally for the past 30 days (there are a few other circumstances for appearing on the Seclog, mostly related to the account recovery procedure and the related status queue).

Surprisingly enough, whilst the average for the last month entails entries for 51 users/day, deploying the Newbies account link moves that figure to 410 user/day. That means that there are eight times more Newbie accounts doing these procedures that non-Newbie accounts …


Some semantics:

Click on the trust page, under the avatar of user or at the very bottom in profile page. You will see all of what I mentioned in OP.

Woke up means a user is inactively (not logs in account) for at least 6 months, then suddenly woke up and logged in account. What kind of purposes of suck woke-up accounts? Not all, but some of them are scammers.

That is why I give you two: woke up and password changed. If you see one account has both of the two, the risk is higher.

Those warnings added as consequence of community suggestions. Before that, and now too, you can manually check it in the page: https://bitcointalk.org/seclog.php (but there is limited time data saved on that page).

This is in the forum right? Hmmm, its a rather interesting idea to add on to other social media sites or forums. This could potentially be a warning sign for most users that the account might have been hacked, that is the idea behind it right? Question though, how do you get the Woke up thingy? And what does it exactly imply?
Still, that idea was great. Might use it when I make my own forum or something of the sort next time.

I read many topics created last two weeks, on phishing, passwords, emails but I don't see anyone discussed or gave information on the available and important signals of very potential scammers.

Password changed!

I knew it by myself when I changed my password (directly after logging in my account), then mis-wrote it down and I have to changed it again through my emails.
Different displayed signals of password change/ reset. (I did it in August this year).

There are two types of signal for password change.


The first one (first line, in Orange) is for: password changed through email.
The second one (second line, in Black, and smaller fontsize) is for:  password changed after logging in account.

The first one is a stronger early signal of potential scammers because scammers or hackers can buy or use hacked accounts (with emails too) to reset passwords.

There is another important signal: Woke up.

If you see one account (in Trust page) shows both of:
- "This user's password was reset recently."
- This user recently woke up from a long period of inactivity (Thanks @SFR10).


I warn you to be highly careful to deal with those types of accounts.

You will rarely see accounts with two lines in the attached image. In contrast, you will usually see accounts with two lines above, in Red and in Orange.

---

They are very basic things but newbies don't know it and easily get scammed.

They don't have to hack your accounts to steal your money if you blindly give them your money.

---

Q & A:
1. How to see Trust page?

2. What does woke-up mean?


3. What are meanings of different things I see in Trust page (+ / = / - trusts; flags; feedback)?
They are more addtional details so if you are curious to know more, please read that one: LoyceV's Beginners guide to correct use of the Trust system

4. How long those warnings will be displayed?

---

I am thankful to all of the users who contributed valuable information and details; some of their contributions help me to improve OP.