• Welcome to Photrio!
    Registration is fast and free. Join today to unlock search, see fewer ads, and access all forum features.
    Click here to sign up

For Sale Beware, Buyers - Account Takeover?

Toby's Bar

H
Toby's Bar

  • Tel
  • Apr 25, 2026
  • 0
  • 0
  • 16
Barber

A
Barber

  • 0
  • 0
  • 34

Recent Classifieds

Forum statistics

Threads
203,486
Messages
2,855,472
Members
101,866
Latest member
Afadjato
Recent bookmarks
0
Trader history for peoplemerge (0)

peoplemerge

Subscriber
Allowing Ads
Joined
Jun 15, 2014
Messages
406
Location
Hollywood, CA
Format
Medium Format
Hi All,

What's the process for notifying suspicious activity? I've PM'd Sean. Posting here in case that's not enough or other people are going down that hole before Sean gets back to me. I'm not naming names or being that obvious because I could be in error, or worse slander.

However, I reached out to a seller who posted a rangefinder an hour ago offering it at a great price. The seller insisted in being paid PayPal Friends & Family. Well, for a decades-old member, maybe that's ok.

I paid him, but then, the F&F bothered me. It got weirder from there. He said the PayPal account (under a different name) is blocked, and asked to send to another place. He got even more pushy and nervous. I got a few messages with "and send ship adress please." "Are you kidding me?" or just "???".

But the red flag is he stopped being able to speak english like a native person. The account has years of posts from a legit English speaker, but that's not the person writing me in this thread.

"Are you kidding me!

I am not selling the product to you.

I will give you new paypal for payment.

If the payment doesn't come within 5 minutes, I will sell it to someone else.

You're making fun of my language.
Paypal address is my daughter's.

I am an old person."
 
🛡️ Classifieds Safety Reminder: Please stay safe when buying and selling. Scams via hacked accounts are on the rise globally.

Best Practices: Always use a verified payment method with buyer protection (avoid "PayPal Friends & Family"). Services like Escrow.com are highly secure. Be suspicious of random unsolicited contact via Private Message. If you see suspicious behavior, please use the Report link on the post immediately.
Use the Report this Post function - your report will be drawn to the attention of all the Moderators, including Sean.
 
This is the second report of this kind of activity we've had today, so everyone, please be vigilant. Someone is spoofing or hacking into existing user accounts. If you get a PM about any kind of transaction that seems a bit off or that tries to convince you to send a payment a second time to a different account, don't fall for it, but do report it to the moderation team using the "Report this post" button under the message, and it will notify all the moderators as Matt says. If the possible scam is happening in your PM box, we won't know about it unless it is reported, and these kinds of scammers may not post in the open forums. I know Sean has been cleaning up after the case we learned about this morning.

If something seems strange, you can ask to contact the other party by phone or another means of communication as a backup to see who they are and if their persona matches up with the person you know from their posts on the forum--do they have a phone number that is local to the location in their profile (bearing in mind that not all of us do in the age of cellphones where we move around and keep our old numbers), and do they live in the time zone that corresponds to their location? Do they seem knowledgeable about photography in general and about the item they are selling or buying? Is their accent believable, based on what you know about them? These are things you can check--and I do check myself--any time you are a bit unsure about a transaction, like when you are dealing with someone who doesn't have much of a record.
 
I, for one, am surprised that you can’t really dispute a PayPal payment sent as Friends & Family. At least PayPal has sided with the fraudsters up to this point.
 
I, for one, am surprised that you can’t really dispute a PayPal payment sent as Friends & Family. At least PayPal has sided with the fraudsters up to this point.
It's against Paypal's terms of service for a seller to require payment via F&F. F&F is for transfer of funds between, well, friends and family. If the transaction were truly between friends and family, there would presumably be little cause for a dispute.
 
I have not heard of this Paypal feature, but of course if someone alien to you wants to be regarded as friend, one should reject such.

David made a good point. If you want to make business with someone wellknown here, it should be easy to ask some questions a frauder, even with photography knowledge, could not answer. Unless being an Apugger himself...
 
Aside from disallowing disputes, with F&F there are no fees for the seller, hence the popularity. However if you want the protection from Paypal anyway, you always have the option of sending the money as a business transaction and covering the fee if the seller is insistent on F&F.
 
I presume that if someone hijacks your account to send PM's for nefarious purposes this does not show up on your account at all? In other words there is no way by which the legitimate holder will ever get to know about this hijack unless he sees his name mentioned in a thread such as this?

In short I am trying to find out what if any safeguards there are that alerts a user to a a "hijack".

Secondly if a scammer/fraudster joins for this very purpose is there any pattern of behaviour he has to adopt to gain access or is likely to try and adopt to gain access?

Thanks

pentaxuser
 
But the red flag is he stopped being able to speak english like a native person. The account has years of posts from a legit English speaker, but that's not the person writing me in this thread.
I noticed this as well. The original ad was fairly well-written, possibly taken from a legit sale that happened on another site. I made sure to reverse image search the pictures of the camera that were in the ad. The search yielded no results, giving me a bit of confidence that the listing was real.
After I made the payment, the sellers English degraded noticably. They started referring to PayPal as "He":
"Hello, your payment has been successfully received.
But it is said to be kept for 24 hours.
Because there is a restriction on my account.
I also returned it, but he wrote that it will be returned within 24 hours.
If I ask you, give you another paypal, would you send him the payment again?"

Of course by this point it is obvious that somebody other than KwM was PMing me.
I asked for screenshot proof of the supposed refund from the first account, at which point the scammer said they'd need 20 to 30 minutes to upload it.

They also (rightly) started getting more agitated because at this point I was openly toying with them. They used strange phrases like "cut the wave".
I commented that their English was quite bad for somebody from New Mexico. Their response was as follows:
"No, I am a person of ancient origin. I didn't grow up in the city."

I then asked what their name was, and they responded "Kristen Welker Mullet". Good thing Kristen isn't a popular boy's name... and Kevin had his name in his profile info.

Based on the scammer not knowing even the slightest information about the account they hacked, my theory is that the takeover was a slapdash deal. Maybe KwM used the same password for a couple of websites and one of those other sites was hacked or part of a data breach. While reusing passwords is extremely bad from a security practice standpoint, it is not at all uncommon. Without enforcing two-factor authentication, this method of hacking accounts will always be a vulnerability for the site.
 
Unless I'm missing something, I'd think the person with the 'hijacked account' would know as soon as he or she tries to log on to Phototrio because their password would have been changed. If the hijacker did not change the password, one should see the alerts for the new emails you did not initiate and could then easily just change the password to lock out the hijacker.
 
That doesn't work for those of us who stay logged in though. The internet being what it is, if people can hack into state utilities and stuff, they can easily hack into a forum account. Probably the best thing to do is never send money through paypal in the manner the hacker wants. Always send it the safe way (for goods and services) and the fees are what they are, cheap insurance. Always use a credit card on the transaction too for more protection.
 
Unless I'm missing something, I'd think the person with the 'hijacked account' would know as soon as he or she tries to log on to Phototrio because their password would have been changed. If the hijacker did not change the password, one should see the alerts for the new emails you did not initiate and could then easily just change the password to lock out the hijacker.

I'm assuming they pick accounts that have a long posting history but havent posted recently.

Use the 2-step/stage verification log-in that is available thru this forum.
 
I have read all the above messages and my take (please correct me if wrong) is:
1-Never pay by friends unless the person is know to you, the conversation is flawless and in his/hers style.
2-If seller is not well know to you, do not pay F&F, use credit card and use Pay Pal protection.
3-Do not use same password for more than 2 sites.
Life sucks since, like Sartre said; "Hell are the others"
 
I could simplify those rules further:

1. Don’t use F&F for purchases… ever.

As mentioned earlier, it violates PayPal rules and always make YOU accept the risk so some tightwad can save a few dollars. And it’s never more than just a few dollars. Pay via goods-and-services and pay the fees yourself!

To me, the request to use F&F for purchaser make the seller immediately suspicious, whether I “know” their internet activities or personalities or not.
 
The seller may be known to you... I have made a few friends on Apug. My mistake and I think the key takeaway is not asking enough details and condition questions about the item to reveal a problem. Initial exchanges were good enough English for me to not notice.
 
Unless I'm missing something, I'd think the person with the 'hijacked account' would know as soon as he or she tries to log on to Phototrio because their password would have been changed. If the hijacker did not change the password, one should see the alerts for the new emails you did not initiate and could then easily just change the password to lock out the hijacker.
In this particular case, it looks like the member whose account was hacked hadn't been active on Photrio for two years.
That leads me to the suggestion that if you are concerned, check the seller's recent activity.
In addition, and the rangefinder aficionados can correct me if I am wrong, the sale listing looked to me to be too good to be true.
And you know what they say about things that are too good to be true...
 
It was too good to be true.

Sseveral times I’ve bought things that were “too good to be true” and got exactly what I expected at a great price. Sometimes a risk is worth taking but with all risks there are risks.

I’m really sorry, though, that this turned out to be one of the bad deals.
 
Last edited:
Yeah, it was listed for ~1/3 the going rate, which is a stellar deal in my book, but not unheard of. Occassionally, sellers aren't aware of the modern going rates for equipment... Such as the Speed Graphic / Dagor combo listed for $100 a few months back.
 
Yeah, it was listed for ~1/3 the going rate, which is a stellar deal in my book, but not unheard of. Occassionally, sellers aren't aware of the modern going rates for equipment... Such as the Speed Graphic / Dagor combo listed for $100 a few months back.
I agree… if I was interested in another camera I would have gone for it also. Sometimes sellers don’t know; other times they want to sell quickly and incentivize the buyer with a good deal.
 
My account was hacked a month or two ago, first thing I knew about it was an email telling me my password had been changed. Sure enough I couldn't log in when I visited here.

I did two things, emailed Sean and then set up a new account with my user name plus '2' and then I reported the fraudulent classified ad and replied to say it was fake. I do think you need to be logged in to report a post - not easy if your account has been hacked!

I wanted to set up two-factor to secure my account but I think this site uses Google authenticator - useless for the non-smart phone user. A simple text message would be ideal.

I do wonder if we ought to place a hand written note with the date in the photos we take of our gear for sale.
 
I had to wait until today to reach an actual person at Paypal. They're not quite helpful yet, but did refer me to make a report at ic3.gov and go with law enforcement. That's probably the only way to pursue a paypal claim sent by Friends & Family. I suggest the same for anyone else who jumped on the Stellar Deal of the Month :smile:.

Worth $100 of my time? Maybe. Worth it if I can shaft these n'er-do-wells? Definitely!
 
Good luck if you use the law enforcement approach. Many years ago I tried that only to find out that LAPD (Los Angeles Police Department for readers in Germany who don’t watch TV) wouldn’t even take a report. Many different stories were offered: detectives too overworked to even think about a dead-end case; it’s a civil matter so take the person to small claims court; it’s not a crime against you but it’s a crime against PayPal and/or your credit card company so they need to file the complaint; bla bla bla.

It’s good that you are interested in being made whole yet realistic enough to know it might not happen. I hope you get some satisfaction in the end, though. Ultimately, karma or some other deity will rectify the situation with folks who intentionally shaft other folks!
 
Last edited:
I could simplify those rules further:

1. Don’t use F&F for purchases… ever.

As mentioned earlier, it violates PayPal rules and always make YOU accept the risk so some tightwad can save a few dollars. And it’s never more than just a few dollars. Pay via goods-and-services and pay the fees yourself!

To me, the request to use F&F for purchaser make the seller immediately suspicious, whether I “know” their internet activities or personalities or not.
Truth. Trying to go a L&E route when one has broken the rules in the first place seems iffy.
 
I've had no problem using the "Friends and Family" PayPal option with buyers and sellers who have been here for a long time and have established their credibility.
I've been here for about 20 years and have been a subscriber since 2006.
Gaston and I have had many dealings and I think his suggestions are excellent:

1-Never pay by F&F unless the person is known to you, the conversation is flawless and in his/her style.
2-If seller is not well known to you, do not pay with F&F; use a credit card with PayPal protection.
3-Do not use same password for more than 2 sites.
 
I saw this "deal" last night night, spoke with the scammer, and ended the conversation when he or she declared that they would only accept friends or family payment. I also posted on the listing that it seemed like a scammer.

I'm sorry to hear that they got you.
 
Photrio.com contains affiliate links to products. We may receive a commission for purchases made through these links.
To read our full affiliate disclosure statement please click Here.

PHOTRIO PARTNERS EQUALLY FUNDING OUR COMMUNITY:



Ilford ADOX Freestyle Photographic Stearman Press Weldon Color Lab Blue Moon Camera & Machine
Top Bottom