• Welcome to Photrio!
    Registration is fast and free. Join today to unlock search, see fewer ads, and access all forum features.
    Click here to sign up

For Sale Beware, Buyers - Account Takeover?

Trader history for peoplemerge (0)

Thanks Brian So in effect using the 2 factor authentication on Photrio changes the format of logging in so it gives you an extra box in the login such that the code sent to your mobile has to be replicated there in order to gain access? This aspect seemed t be somewhat glossed over in the very slick( when are they never?) auty video

The system breaks down if you lose your phone or as in your case or at best creates a delay while you have to get your new phone to which I presume you have to register with Photrio or auty

Do you or anyone else have the answer to my earlier question, namely, if you never logout so you do not use your password does this make it easier for someone to highjack you account or make no difference?

pentaxuser
 
BrianShaw said:
Vaughn is probably correct that if PayPal knew money was sent to a “friend” in exchange for merchandise advertised for sale then it would be viewed very differently than, say, sending money to a friend who is splitting a bar tab with you.
Click to expand...

.
Fair enough.

Thanks for your kind words @BrianShaw @jnantz. I’ll let you all know what comes out of this.
 
[QUOTE"Ah so we blame victims now?"
peoplemerge,
I also am not blaming you the victim either. Hackers/scammers are a blight in the world today and I'm sorry they hit you.
Your original thread here has sort of drifted into 2-3 different threads at this point. My comments here were to counter the notion that Paypal customer service is inept when that has not been my experience. Also to address the idea that paying for a selling/purchase transaction via friends/family is IMO not ethical.
I'm still sincerely sorry that you got hit by the scammers and I hope you recover in the best way possible.
 
I haven't read every post but someone started a conversation with me about buying a camera I don't even own and when I checked the sales forum sure enough there was an ad with my name on it. I immediately replied that this is not my ad and I don't have this camera. I sent Sean a message and didn't hear from him for days. I ended up deleting that post which I didn't think I would be able to do, but it worked. I still don't know how this happened.
 
I hope you've also changed your password, you might also want to implement two-factor login. I personally hate having to do that, but it seems we're about to forced to it.
 
Yes - change your password.
Also, instead of or in addition to sending a message to Sean, use the Report function on any post or message - that will be drawn to the attention of Sean and the moderators.
I've taken steps to draw Sean's attention to this post.
 
I never use Friends and Family on PayPal because that takes away all protections for me. As soon as I detect any seller deviating from the so called best practices, I report immediately and "walk away".
 
Wow, Google asks me to remember passwords. I've said Yes without thinking. I'm going to spend the afternoon cleaning out Google and changing passwords, such is the modern world.
 
mshchem said:
Wow, Google asks me to remember passwords. I've said Yes without thinking. I'm going to spend the afternoon cleaning out Google and changing passwords, such is the modern world.
Click to expand...
Google asks, or your computer/phone (Windows/iOS) or an anti-virus function like Norton? That totally perplexes me WHO is remembering my password so I didn't use the feature until recently... and now starting to regret using it. I might delete all of that and go back to writing them in a notebook!
 
Two-factor authentication has become common in the U.S. with online banking and financial transactions and apps where you can access medical records. It seems like a nuisance at first, but once you get used to it, it’s fairly routine. I suppose it’s like when phone numbers changed from four to seven digits in the U.S., and people were up in arms about how difficult it would be for ordinary people to remember seven-digit sequences.

Not everyone is using the classifieds on Photrio, but if that’s an area where you’re active, or if you would just like an extra measure of security on the forum, then two-factor authentication seems like a good idea.
 
Yeah, just took me 15 minutes to find my Google password to allow me to delete saved passwords. Holy!!!
 
mshchem said:
Wow, Google asks me to remember passwords. I've said Yes without thinking. I'm going to spend the afternoon cleaning out Google and changing passwords, such is the modern world.
Click to expand...

Actually, to use Google for passwords is a pretty good practice. Don't let me stop you from changing passwords so they are pretty strong. Others on this thread suggested different passwords per site, and picking 3 random words each https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words put together, you're pretty safe. That leaves your google account itself being hacked to worry about. Use a supremely strong password for that (protect it like you would cash), and whatever two-factor is doable for you personally.

The benefit of Google for passwords is not having to remember them all, especially when they're all different! Adding convenience means you will not get frustrated at remembering dozens of site passwords.
 
David A. Goldfarb said:
Two-factor authentication has become common in the U.S. ... It seems like a nuisance at first,
Click to expand...

It's a nuisance, no question about it. I can look at my own purchase history on eBay all day long, even bid, but try to track a package and I have to not only supply my password, I then have to wait (inside the Faraday cage that's my workplace) for my phone to receive a text that might or might not come through before the code expires. And companies that sell password storage services are shocked that so many people use their browser to store passwords -- well they should be, those people aren't paying them for the exact same service! "But anyone with access to your computer can get all your data." Security types have always considered physical access to the machine as "game over."

Oh, and I need to have long passwords that are different on every web site and machine, and change them frequently. What does the world think I am, a computer?

The only solution to all this, of course, is to do a better job of tracking down and nuking the people who hack into the accounts of others. Okay, nuking is probably overkill -- just shoot them. Six times should be sufficient.
 
I don’t even use Friends and Family with, well, my friends and family, unless I actually speak with them and confirm. A few year ago my father and his wife were visiting Egypt. My dad contacted me out of the blue by email saying his wallet was stolen and he needed me to wire him money. It turns out he had used an Internet cafe in Luxor, which was probably running a key logger, and got hacked. I didn’t send any money because it was pretty obvious—bad grammar, no mention of his wife and why she couldn’t use her account, excessive money request, etc.. But sending $1000 based on an email (or forum post) without protection is never a good idea (never mind that I didn’t have $1000, and my father knew I didn’t have that kind of money.)
 
Just as a matter of interest: Is the 2FA system that Photrio offers which seems to be provided by auty, free at the point of use for we Photrio members? I assume that somehow auty charges for its service, otherwise how does it provide the service?

Thanks

pentaxuser
 

After reading this I set up the 2FA with authy and it’s free, also I use an encrypted app to store my passwords, all are different now.
 
campy51 said:
I did change my password.
Click to expand...
Sorry campy, not sure how I missed this. I've checked through logs and can see some european ips accessed your account. These ips had no access to any other accounts here, so it seems to be specific to your account. I run bitdefender on pc and mobile devices, so far never any issues.
 
Open wifi is the biggest security risk most of us take, these days. We don't even think about logging in somewhere (here, our bank, our personal e-mail, our work e-mail or web access!) on "Joe's Phishing Net 5G" as long as it has good connectivity and doesn't ask for a password. And your phone will "help" -- mine has a setting to "automatically connect to open wifi" (which I should turn off, I suppose).
 
alexvaras said:
After reading this I set up the 2FA with authy and it’s free, also I use an encrypted app to store my passwords, all are different now.
Click to expand...
Thanks I assume that auty makes money somehow but how in this case? Is it as simple that you are now known to auty so a potential paying customer for its other "wares" that it provides at a charge?

pentaxuser
 
pentaxuser said:
Thanks I assume that auty makes money somehow but how in this case? Is it as simple that you are now known to auty so a potential paying customer for its other "wares" that it provides at a charge?
pentaxuser
Click to expand...

Authy is advertised is written in web and app as “Twilio Authy” and Twilio is a cloud service operating from USA and that’s the one who charges the customer as I see, the 2FA it’s just a tool they developed for their own cloud service, also a way to attract customers from Google services to theirs so this 2FA would be the hook used for that purpose.
 
alexvaras said:
so this 2FA would be the hook
Click to expand...

Beware. This sounds a lot like the "hook" Photobucket used. Free storage -- and then suddenly $400/year to have any of the (in some cases hundreds of) images you had linked from anywhere else not show as "blocked image." Expect your passwords to be held hostage at some point when they figure out they've got ten thousand 2FA users for every paying cloud storage user.
 
Sadly, this is likely. History has shown over and over again.
 
You must log in or register to reply here.
Menu
Log in
Register