Help some brothers out.. scammer content

OilCityPickups

mankytom said:

@OilCityPickups that is flabbergasting, and the police are probably in no position to investigate all of that adequately..

up to 150 on the fundraiser by the way.. link in OP for anyone in a position to donate, I’m sure anything appreciated!!

Not only are the police understaffed ... but also a staggering amount of fraud is not actually reported! People are often too embarrassed to admit they've been 'had' and so keep quiet ... therefore the amount of actual fraud is actually likely to be a lot higher. 
Because of the low risk of getting caught and the lack of having to - so to speak - get their hands dirty as they'd have to if they held up a post office or mugged a little old lady, it's seen as 'white collar crime'. If you don't see the victim you don't have to see them as a person.   

Bod

My mother-in-law was scammed for around £100k at the start of the year.  Action Fraud have done absolutely nothing.  Not even contacted her back.

mankytom

That’s outrageous.. all reward, no risk by the sounds of it. Disgraceful. 

And all of the public discourse is about Rwanda, and partygate, and which of the royal family are racist.. 

OilCityPickups

Kittyfrisk said:

digitalscream said:

mankytom said:

@OilCityPickups that is flabbergasting, and the police are probably in no position to investigate all of that adequately..

up to 150 on the fundraiser by the way.. link in OP for anyone in a position to donate, I’m sure anything appreciated!!

It's not the job of the police to deal with it - it's up to Action Fraud.

And, on the basis of their previous performance dealing with scammers on here, after we provided them with more than enough evidence to take it to court...they're woefully inadequate at it.

^ Yep, Inaction Fraud would have been more accurate.
Enjoy your evening out, you deserve it.

Yep Action Fraud is the privatised system used by police forces across the UK for fraud reporting ... I believe this bunch are one of the 'service providers'. 

Oh brave new world that has such creatures in it ...  as Will Shakespeare said. 

Mike58

Action Fraud are utterly and completely not fit for purpose. They are a disgrace, but no one cares or takes responsibility for that.
Btw I clicked on https://haveibeenpwned.com/ and it said I was a victim of one breach… this site? what do I do about that, I have no idea?

nero1701

Mike58 said:

Action Fraud are utterly and completely not fit for purpose. They are a disgrace, but no one cares or takes responsibility for that.
Btw I clicked on https://haveibeenpwned.com/ and it said I was a victim of one breach… this site? what do I do about that, I have no idea?

I was 16 breaches, but nothing since 2018. I have adopted a far stricter policy for myself in recent years.

Fishboy7

What a nightmare.  What is wrong with these people?

Mike58

Mike58 

Btw I clicked on https://haveibeenpwned.com/ and it said I was a victim of one breach… this site? what do I do about that, I have no idea?

 Ok, I looked at the result again on that site and the breach detail was further down. It said the breach was from Live Auctioneers in June 2020.
so nothing to do with this site.

prlgmnr

Mike58 said:

Action Fraud are utterly and completely not fit for purpose. They are a disgrace, but no one cares or takes responsibility for that.
Btw I clicked on https://haveibeenpwned.com/ and it said I was a victim of one breach… this site? what do I do about that, I have no idea?

change your password, and while you're at it make sure you don't use the same password for more than one site

digitalscream

For anyone considering what to do about personal online security...another option is what I do - I bought a domain, and I don't just use a different password on every site, I use a different email address (all are forwarded to my main email address, which is never used as a signup address). So my email addresses for online accounts would be:

tfb@mydomain.com
amz@mydomain.com
ggl@mydomain.com
...etc etc

That guarantees that if I'm part of a breach, no part of the credentials are remotely useful for gaining access to any of my other accounts anywhere else.

DefaultM

On the stickies/announcements topic, I've been on forums for over 20 years and it's always a thing where people don't read them.
Like "that's just boring stuff I'm here to read about guitars" and scroll straight past them.

TTony

digitalscream said:

For anyone considering what to do about personal online security...another option is what I do - I bought a domain, and I don't just use a different password on every site, I use a different email address (all are forwarded to my main email address, which is never used as a signup address). So my email addresses for online accounts would be:

tfb@mydomain.com
amz@mydomain.com
ggl@mydomain.com
...etc etc

That guarantees that if I'm part of a breach, no part of the credentials are remotely useful for gaining access to any of my other accounts anywhere else.

But your password is still “Password” for all of them, right?

digitalscream

TTony said:

digitalscream said:

For anyone considering what to do about personal online security...another option is what I do - I bought a domain, and I don't just use a different password on every site, I use a different email address (all are forwarded to my main email address, which is never used as a signup address). So my email addresses for online accounts would be:

tfb@mydomain.com
amz@mydomain.com
ggl@mydomain.com
...etc etc

That guarantees that if I'm part of a breach, no part of the credentials are remotely useful for gaining access to any of my other accounts anywhere else.

But your password is still “Password” for all of them, right?

Of course. I'm getting on a bit, can't be expected to remember too much.

CavemanGrogg

digitalscream said:

TTony said:

digitalscream said:

For anyone considering what to do about personal online security...another option is what I do - I bought a domain, and I don't just use a different password on every site, I use a different email address (all are forwarded to my main email address, which is never used as a signup address). So my email addresses for online accounts would be:

tfb@mydomain.com
amz@mydomain.com
ggl@mydomain.com
...etc etc

That guarantees that if I'm part of a breach, no part of the credentials are remotely useful for gaining access to any of my other accounts anywhere else.

But your password is still “Password” for all of them, right?

Of course. I'm getting on a bit, can't be expected to remember too much.

At least I'm the only person who uses ''12345'' as their password for everything, nobody will ever be able to work that one out, as it's so unique and difficult to guess.

topdog91

digitalscream said:

TTony said:

But your password is still “Password” for all of them, right?

Of course. I'm getting on a bit, can't be expected to remember too much.

I like that you capitalized the "P". That should ward them off.

Lebarque

digitalscream said:

UPDATE: Some incredibly useful and timely information from @danishbacon (and some cross-referencing previous compromised accounts) has pointed us directly to the source of these account compromises - I'm 99% confident that's where it came from. I'm going to do some more digging to see if I can get hold of the breach file itself so I can compare it to our member list, but for now...I would strongly suggest that everybody checks their email address(es) here:

https://haveibeenpwned.com/

My email address comes up on there. What should I do about it?

topdog91

Lebarque said:

digitalscream said:

UPDATE: Some incredibly useful and timely information from @danishbacon (and some cross-referencing previous compromised accounts) has pointed us directly to the source of these account compromises - I'm 99% confident that's where it came from. I'm going to do some more digging to see if I can get hold of the breach file itself so I can compare it to our member list, but for now...I would strongly suggest that everybody checks their email address(es) here:

https://haveibeenpwned.com/

My email address comes up on there. What should I do about it?

Same as mentioned ^^^:https://www.thefretboard.co.uk/discussion/comment/3765028/#Comment_3765028

Change your passwords to unique secure ones, preferably using a password manager like Bitwarden which handles generating unique secure passwords and "remembering" them so you don't have to. And use MFA on your Bitwarden account. 

donbot

@digitalscream ;
Just a quick thought; would it be possible to pop a link to the Justgiving fund on the front page? 

The thought of getting scammed by this vile bastard is awful so the more members see this thread the more we should be able to recover for the two victims. 

digitalscream

Lebarque said:

digitalscream said:

UPDATE: Some incredibly useful and timely information from @danishbacon (and some cross-referencing previous compromised accounts) has pointed us directly to the source of these account compromises - I'm 99% confident that's where it came from. I'm going to do some more digging to see if I can get hold of the breach file itself so I can compare it to our member list, but for now...I would strongly suggest that everybody checks their email address(es) here:

https://haveibeenpwned.com/

My email address comes up on there. What should I do about it?

Change your password to something you've never used before.

DefaultM

I've apparently been part of a hack of Truefire that revealed pretty much every single personal detail about me.
 Full name, address, email, password, DoB, phone number. That’s not great is it!