Dear BST Users (and other concerned parties)!!!!!
SurfinxHI
Posts: 2,575 ✭✭✭✭✭
Today marks the second time a rip-off was conducted on BST and appears to have relieved at least two folks of their money. The first time, ON A WEEKEND, was when Bajjerfan's account was hacked. Today it was PROMETHIUS88 (ON A WEEKEND). Both of these members have high post counts, outstanding track records, and were well respected (and in the circle of trust, some might say). Both offered gold and silver for sale. Pricing on the first one was largely suspicious, but not so on the second one. Further, the con-artist types well (or AI does) and seems to know a lot about the hacked accounts.
I suspect that multiple accounts on CU are hacked in some way, likely by a data leak or some other penetration. I say this b/c the attacks were similar, and a "hacking" incident to just get 1 account does not seem likely. I don't know if PCGS even knows they've been hacked, or maybe its an inside job. I DON'T think that the hackers are being stupid. In fact, it is pretty smart and adaptive what they are doing.
It takes a bit of courage to admit you were conned, and today I was. I'll freely admit it. I also thought I took precautions in the process. Feel free to sharpshoot me, all you want, but it is not constructive. This post is to raise awareness and get you all to change your passwords ASAP.
Here's a timeline for me.
I contacted PROMETHIUS88 about 2 hours after his initial post. I had JUST completed a transaction with him 2 weeks ago, so this seemed on the up and up to begin with. Pricing was not extraordinarily low, but was on the low side (what I would have considered wholesale, or 1% below, which is not uncommon).
I asked him for verification of who he was. He offered to facetime to show the coins, etc. I declined (I didn't want to give out that information, but also, if it was a scam, not sure if that was/is a back-door into an account). I asked for a picture of a piece of junk mail SENT to his address. 20 min later I was provided with a copy (fuzzy) of a Verizon bill with the name, address, and phone number of PROMETHIUS88. That matched. I did not see a spelling error on the billing (wasn't looking hard, and was on a cell phone at the time). That was a huge miss on my part. The phone number went to voice mail with the appropriate name.
Second miss was when I said payment inbound, he replied with, I've reached a limit, can you please send to my wife's account. That was the second red flag. But, being that the billing was right, my brain said, oh, yeah, I can do that for you. Transaction went through, no issues. 3 hours later, I see the BST post says "not mine"/Cancelled, or something to that effect.
I have opened a request with Paypal to negate the transaction, but not sure if that will fly. But that is a different story.
At this point, I would speculate that your information here is compromised. Or these hackers have a magnificent way of linking coin collectors to this board from other leaked data on the dark web (my guess is that is possible). Again, I recommend changing your passwords immediately.
If you ever get an email from me, wondering if you'd like to buy something, please reach out to others to confirm with me that it is from me. ASK for verification that I'm me. Something. I don't typically send those types of emails, but given that this is the MO for this hacker, I would not be surprised if I'm targeted. So, feel free to buy stuff from me (and I hope you do!), but just please make sure its me.
Thanks,
Surf
ps. I'll probably think of more later, but that is enough for now.
pss. Here's an image of the billing from Verizon. While yes, I thought it was weird to see numbers, again, since I just did a deal with him.
Image removed, as education has been served.
Comments
Maybe do not post his name and address and phone number if it matches the legitimate users personal info.
That said, thanks for the warning. I am probably not in many/any current users circle of trust but I will it be NOT be selling any bullion any time on this forum.
Good luck.
https://www.autismforums.com/media/albums/acrylic-colors-by-rocco.291/
Dude! I am sorry that happened. Thanks for sharing the warning. I got hit by the Baj scam. It wasn't too painful but still feels terrible.
There are obvious scams when you ask yourself "who still falls for that?" and then there are newer, more believable types like these to remind us nobody is immune these days.
Click on this link to see my ebay listings.
In the document it looks like a typo?
Quck Bill Summary?
Sorry this happened to you.
My Ebay Store
Looks like there are websites where you can buy a fake Verizon bill with the desired address info. And some might be able to make it themselves. The address info the hacker likely got from looking at messages. This is scary that whoever is doing this has become a lot more creative than before.
Also, like @Aspie_Rocco said, please hide the address info as it's best not to share that of the actual person who was hacked.
It is called Doxxing and it is dangerous for those whose information is shared and against the rules here
https://www.autismforums.com/media/albums/acrylic-colors-by-rocco.291/
As others have noted, if the personal information is correct in the fabricated (looks like AI generated) Verizon bill then take the entire image down. We don't need to see it and you don't need to victimize the person whose account was compromised. I realize you did not think about it, but everyone should be careful about posting any personal information regarding others on a public site.
In honor of the memory of Cpl. Michael E. Thompson
Unfortunate. It is the reason why you should never use PayPal FF or similar cash payments.
Definitely sucks this is going on. Seems the best option for trading bullion is locally or buying from the big guys.
I know you didn't look at the verizon bill closely but Definitely poor English there.
This is concerning......
Sorry you got hit, especially after such due diligence.
Im not sure how we can remedy this. Computer hackers are extremely "talented". Some do it for bad while others do it for good.
I think out host must have and IT person who will deal with this if possible.
Student of numismatics and collector of Morgan dollars
Successful BST transactions with: Namvet Justindan Mattniss RWW olah_in_MA
Dantheman984 Toyz4geo SurfinxHI greencopper RWW bigjpst bretsan MWallace logger7
The level of the scam is quite impressive. Interesting that the scammer offered to FaceTime with you and show you the coins.
I never knew that one could buy a fake utility bill over the internet. I learned something new today. I guess the only way to be totally safe is to pay by credit card or PayPal goods and services rather than friends and family. If both the buyer and seller are part of the circle of trust, I guess the buyer stipulating that the payment will be sent after the coin has been received would protect the buyer but I doubt many sellers would go along with this though.
Worry is the interest you pay on a debt you may not owe.
"Paper money eventually returns to its intrinsic value---zero."----Voltaire
"Everything you say should be true, but not everything true should be said."----Voltaire
I'm very sorry to hear of another rip-off; hopefully you'll get the money back from paypal and the perpetrator gets nailed.
Very sorry to hear of the incident. We all appreciate the heads up . . . .
Drunner
You could just as easily have a hacked buyer account.
This stinks, I trusted people on BST with long tenure and high message counts, now I will need to question it due to the actions of a few.
When I said "circle of trust" I was implying numerous prior transactions. As a buyer, the seller would already have my contact information including my phone number so it would be fairly safe to send a coin to that same address.
Worry is the interest you pay on a debt you may not owe.
"Paper money eventually returns to its intrinsic value---zero."----Voltaire
"Everything you say should be true, but not everything true should be said."----Voltaire
Check out this message I received (BST) from the other day. I couldn't tell if he's legit or not but I smelled a rat because he couldn't remember is acct. name from before and so I just told him the coins already sold. His handle is Ronman52 in case anyone could vouch for him.
Hi Coinscratch,
I'm interested in the 74-D Kennedy you listed on the buy, sell, trade forum if it's still available. I'd like to offer you $240 shipped. I currently only have a couple ways to send $$. Paypal or Zelle. Hope one of those works if we can work out a deal.
Now to why I'm messaging you from a very new account. I've actually been a member of the PCGS site a LONG time but with my original account I could log in and see my profile but when I went to any forum it would ask me to log in again and it would say my info was not correct. PCGS has not been able to fix it yet so I made a new account just to message you.
As I said I've been on here a long time but had very few posts over the years. Not even sure what my forum name was but was maybe RonMan or rschmidt3. Anyway, this coin would fit in my Circulation Kennedy registry set that is currently #8 as RonMan's Collection.
Let me know what you think,
Ron Schmidt
That message looks believable to me.
He was attempting to buy, not sell, so if he would first pay by a satisfactory method, what risk did you see?
Also, instead of lying about the coin already having been sold, why not just tell the truth regarding your concerns and the reasons for them?
Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.
What is the risk to you? If he's paying by Zelle, the transaction is irreversible.
@MFeld With all of the scams going on I got paranoid and didn't want to just hand out my PP or cell info.
Afraid they hack into my accounts.
If I recall correctly as a very reliable member here and buyer and seller you send a check as others have in the mail. Slow but probably the way to go these days or the E-check method as a major dealer here uses. A regular member here wanted to buy a multi-thousand dollar coin based on references on memo; nice offer but what recourse would I have if I sent a coin without prior payment and communication ceased?
I didn't realize this. I know I can look at my digital currency on my phone and like I said got paranoid.
I just saw the Kennedy set on PCGS and his 74d does need an upgrade
And I messaged him there to double check.
Thanks for the input.
Understood - thanks.
Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.
@PCGS_Moderator, can someone from PCGS post and offer some information on this disturbing trend, please?
Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.
And besides, what was I supposed to say? You sound like a scam and therefore quit messaging me.?
Interesting thing about this thread to me is: Who in the hell pays a $783 Verizon bill? That would've triggered me.
No. But instead, something like “There have been some recent hacks of accounts here and some forum members have been scammed.” Out of caution, I prefer not to engage in any transactions until it appears this has been resolved.”
Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.
My daughter once gave someone her cell number so they could pay her some money via zelle! When she did, they scammed her out of $600. I wouldn't trust Zelle either.
My Original Song Written to my late wife-"Plus other original music by me"
https://youtube.com/playlist?list=PL8A11CC8CC6093D80
https://n1m.com/bobbysmith1
I have sent dozens of such messages over the years. I think you just need to be honest and apologetic. If the recipient gets angry, you probably have your answer.
How did they scam her out of $600 using only her cell phone number?
Not sure how, but they did. I had someone on FB marketplace ask for my Zelle info once to send me money to hold an item I had for sale. Found out it was a scam to withdraw money. I had called my bank and was told it could be done, so I don't use it anymore.
My Original Song Written to my late wife-"Plus other original music by me"
https://youtube.com/playlist?list=PL8A11CC8CC6093D80
https://n1m.com/bobbysmith1
Lol. If you read the details, no one. It has a large carry over balance.
I know someone who has a $3000+ utility bill every month. He went almost 2 years over Covid without paying and he's never caught up.
Was his service ever disconnected for such a high amount in arearers?
There were stipulations during covid where people didn’t have to pay rent. So it’s possible some utilities had the same happen and had to allow it or chose to allow it.
Yes. That's what happened. As long as he makes the minimum payment every month, they let him carry the balance. He also owes $300+ to the water company.
Sorry to hear that happened to you. Like others have said, they are getting smarter with more believable prices.
Everyone needs to change their passwords to strengthen them and not match other sites. Would also be helpful if our hosts could add in a few features to enhance security like minimum characters and require special characters. In addition, it would also be good if emails could be sent out if any profile information was changed like passwords and emails.
I hope the mods can help solve this problem as the BST is a great place.
Collector
91 Positive BST transactions buying and selling with 56 members and counting!
instagram.com/klnumismatics
Does anyone know if the hacks are on CU website or are peoples' personal computers hacked and the hackers look at what the user has been viewing?
Don’t buy here
God comes first in everything I do. I’m dedicated to serving Him with my whole life. Coin collecting is just a hobby—but even in that, I seek to honor Him. ✝️
It's unclear at this point. The one person I spoke with via IG after his CoinTalk & NGC accounts were hacked said that it did not appear any banking or other platforms were impacted.
Given the high post counts, my guess is they are CU accounts that were hacked a while ago, and are just trickling through. Or, CU has a back-door open and they are picking people off one at a time. Does not look like random hackers figuring out the bullion game.
I highly recommend changing passwords!
I agree @SurfinxHI It sees like either they already have access to several accounts that we aren’t aware of, and are picking them off one at a time, or they have access to the forum software and are picking people’s accounts who are active in the BST one by one. MO for your transaction is similar to the couple other questionable hacks. They sell a few small items and make good on the deal, then go off the rails.
My Ebay Store
Beware @JimTyler 's account is now hacked. RGDS!
The scary thing is that he might have actually changed his password and it still happened. He started a thread about it not long ago:
https://forums.collectors.com/discussion/1114947/see-response-if-you-need-to-see-how-to-change-your-password#latest
how about 3 failed login attempts it locks your account until the next morning and sends an email to the user
It probably needs to start with an email when a password or email is changed. It does not look like these passwords are being guessed, so the 3 failed attempts might not catch the hacker (although it could still be a decent added feature).
@PCGS_Moderator I know 2FA isn’t perfect, but it’d probably stop a lot of the account hijackings we’ve been seeing lately. Might be worth looking into
In that case, makes me think this site has been compromised and remains compromised.