Verified Member Status Requirements

Discussion in 'Ham Radio Gear For Sale' started by AA7BQ, May 19, 2019.

ad: L-HROutlet
ad: l-rl
ad: Left-2
ad: Subscribe
ad: MessiPaoloni-1
ad: L-MFJ
ad: Left-3
  1. KY1K

    KY1K Ham Member QRZ Page

    This is a silly little website for a hobby. Not online banking or anything like that. Why should everyone be forced to use 2FA??
    I have no interest in having to wait for a passcode or install a program on my computer just to login. If that becomes a requirement, I'll simply move on to another website.
    N3FAA, KB9KQU, KG6BRG and 3 others like this.
  2. AH7I

    AH7I Ham Member QRZ Page


    I don't get the need for a govt. ID. All one has to do to verify a ham's address is check the FCC database and not ship or send money to another address unless satisfied with a reason t. You're not going to protect people from scammers. You're not going to protect them from unpleasant dealings with verified users. People who are afraid of "parts swappers" are still going to think parts are being swapped. People who are not happy because all the original packing is not in a box when an original box was not offered are not going to be made happy.

    I use 2 factor authentication with my bank. They did not require a copy of my govt. ID.

    I tell you what. If a govt. picture ID with my name and address with the ID numbers obliterated is acceptable... I can do that. No bar codes, no passport number, no drivers license number, no SSN, no user specific holograms.

    Will that work?

    Thanks, -Bob
    W4RAV, N3FAA, W1BR and 1 other person like this.
  3. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Hi Bob - I'm sure Fred @AA7BQ will be along to answer some of these questions.

    But the time has surely come - over the weekend we had a flurry of Nigerian scammers almost steal THOUSANDS of dollars from QRZ subscribers by hacking accounts that were not "Identity Verified". For them to steal when 2FA is in place, they would need not only your account name and password, but would also have to have your cell phone and need to know it's password. There are computer apps that eliminate the need for a cell phone that work the same way - the thief would still need to know username and password of both devices.

    QRZ Swap Meet and thousands of other such "for sale" forums have become HUGE targets for fraud like this.

    It's just stupid IMO to not take the time to "figure it out" before listing an item for sale ANYWHERE that offers 2FA security.

    But again, Fred I'm sure will chime back into this thread as the questions arise and the discussion evolves.

    K1OIK and WD4IGX like this.
  4. WR2E

    WR2E Ham Member QRZ Page

    Only 'forced' if you're selling.

    It's not QRZ that's doing the forcing anyway, it's the damn blood sucking nest of scammosquitos that are swarming and doing the forcing.

    Sadly, this is what the world is coming to.

    Unless you have a solution to rid the world of organized crime rings, I'm afraid we'll just have to learn to accept it. :(
    N0CEL, N0TZU, N3AB and 1 other person like this.
  5. KO6WB

    KO6WB Premium Subscriber QRZ Page


    Have fun
    73 Gary
    WM3X likes this.
  6. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Forthcoming I'm sure. There are a number of 2FA apps out there. I do not know which ones are being used but Fred will and probably provide links for the "computer app version" that doesn't require a cell phone to use.

  7. KY1K

    KY1K Ham Member QRZ Page

    I was replying to someone who wants EVERYONE to use 2FA.
  8. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    There is, however, a very valid argument for EVERYONE to use 2FA.

    Just like happened Friday/Saturday, the chap in Nigeria hacked a user's account. He then created FAKE ADS - very nicely faked, I might add. I in fact rejected one "report" thinking the call sign in the photo looked fine. Only to then see more "reports" about this same "seller" and upon closer scrutiny, sure enough it was a very cleverly faked call sign in the image.

    The "seller" had NO IDEA his account had been hacked! In fact, QRZ Admin closed his account to prevent the Nigerian scammers from doing more listings. It's possible the "seller" is still not even aware all this happened (he was emailed)

    But if his account had in fact been protected by 2FA, he never could have been hacked in the first place, and the fake ads never posted

    W3ESE, K1OIK, WD4IGX and 2 others like this.
  9. AH7I

    AH7I Ham Member QRZ Page

    2FA does not require that QRZ or a third party verification company have any information other than my call, address, and phone number.

    How did the scammers propose to collect their funds?
    Friends and family? People should know better by now.
    Camp out at the hacked ham's address and intercept the goods or funds?
    If a postal money order a photo ID with matching name is required to cash...even if sent to the wring address. Or are people still ignorant enough to send it to the friend or relative in their name?

    I can tell you how these scams work. The person collecting the money is always a dupe (someone who is being conned in a different way and on a different level). In order for this to work the funds have to be transferred in the name of the dupe.
    He forwards the money he collects to the scammer via prepaid VISA. If Nigerian it's usually a BOA card.
    Once the money gets to does not go directly to the "kingpin". There in an additional layer of dupes.
    It's a well organized bureaucracy that only works if:

    The person being scammed allows his greed for a good deal to overcome his common sense.
    The person being scammed believes he is special, "wow, that prince picked me to hold his $millions".

    I am very familiar with these scams. I worked for a year with county police and encountered a number of people who had been scammed into believing they had a job that involved collecting money for legitimate companies. These people, not too bright or mentally ill, are as much victim as the person who sends them money. The BOA prepaid VISA was quite popular and likely still is. It's the next step in moving the money. The fellow posting the add was likely given the password and told he was "working" for a company that helps people sell things. It's part of the scam. Remember, the scammers goal is to maximize return with minimum investment.

    People need to be aware that there are larger scams.

    I watched two happen that involved tens of millions of dollars. The people were scammed because they believed they were special. It blinded them to the scam even when told that things did not look right and asked "why you?". One was a variation on check kiting that attacked small businesses with good credit by having them "sweep" their accounts through a network of other small companies to take advantage of time zone differences and increase their "interest rate". It was so good that the greedier company owners leveraged their credit lines to maximize the funds in their "sweep".

    The other was a purchase of a business that stole a years GROSS revenue by squeezing receivables and extending payables. It put some associate folks out of business too when the scammed business failed and could not pay them...along with putting a bunch of people out of work.

    2FA will not protect people from being scammed. They'll just fall for it somewhere else or the scammer will figure a way around. I suspect they'll have someone "working" for them who will scan all QRZ postings looking for anyone who has expressed an interest in buying anything and send them email. The verification for swap only will not stop these folks.

    N3FAA likes this.
  10. W4PG

    W4PG Super Moderator Lifetime Member 279 Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    You are missing the point.

    The lock on your front door will not stop someone from getting in IF THEY REALLY WANT TO. 2FA is another means to make scams more difficult. One way around that is to get your friendly local phone company employee to provide a SIM card with the phone number of the fellow you want to scam so you can get by the 2FA. That, of course, is a fraud and will get the employee in hot water, which has already happened. So should we do away with 2FA all-together? Hardly.

    A heavy dose of common sense with reasonable security cautions are always good. That's what we intend to do.

    KK4CCA likes this.

Share This Page