QRZ needs your help - LETS CATCH THIS GUY!

Discussion in 'Stolen Radios, Scams and Rip-Offs' started by AA7BQ, Mar 29, 2013.

Thread Status:
Not open for further replies.
ad: L-HROutlet
ad: l-rl
ad: L-rfparts
ad: K3QNTad-1
ad: Subscribe
ad: l-gcopper
  1. N6PAT

    N6PAT Platinum Subscriber Platinum Subscriber QRZ Page

    Two solutions to your problems:

    1) Create a PIN number system to be used when posting ads. Allow a poster three attempts to enter their valid PIN when posting an ad. If they fail three times revoke the PIN and require that the user request a new PIN with positive ID being supplied (copy of ham license, drivers license, etc.)

    Now unless someone is dumb enough to give out their PIN , you can have a high degree of assurance that the ads are not phony ads.

    2) As for entering your password on a phoney web page: I have my QRZ page set so that I am always logged on. In the event I am logged off my Firefox browser is set to remember my password and will only fill in the user id and password for the correct web page url. If I inadvertently landed on a phony QRZ look-a-like page and was prompted for my password my browser would not auto fill it as it would know this was not my QRZ url address. Simple solution
     
  2. WH6DQU

    WH6DQU Ham Member QRZ Page

    Something like this happened to me as well. But, I didn't have a link to click on. It was an add on QRZ after I had logged in. It did tell me to click on a link to send an email. That email address was **@yahoo.com

    Then the address to sent paypal payment was different. I called the police and paypal. They stopped payment, so I was lucky. THis just happended on 4/16...
     
  3. K9XR

    K9XR Ham Member QRZ Page

    Yep, You were not the only one who almost got scammed by that guy. I have posted about that one and others and for some reason someone feels the need to delete the posts. I guess they don't want to hurt the Crooks feelings. Some of the mods used to move the warning posts to the Scam forum once the ads were deleted, but most of the time they are deleted. Atfer a while I get tired of knocking my head against the wall when I try to help. I think I have finally gotten the message. And I don't want to hear about sending the Mods PMs either because most of them go unanswered also.



     
  4. KK4CUL

    KK4CUL Ham Member QRZ Page

    I think considering that the phishing site has been SHUT DOWN by the hosting company that there is no reason to delete the posts with the faulty links. These are a great example of what to look for in a scam so you can be prepared. I mean, if you go to the site now, it just times out because the server has nothing to deliver to the user (impossible to get your credentials!). So for those who missed the important stuff, basically DO NOT CLICK LINKS FROM STRANGERS AND THEN ENTER IN YOUR UN / PW. Also, if you do feel the need to do so, CHECK THE URL (web address) because anyone with a bit of awareness would have noticed that the address from the phishing site was completely different than qrz.com's adress. The ONLY thing in common were 3 letters: QRZ. The rest was bogus.
     
  5. KD3NE

    KD3NE Ham Member QRZ Page

    Call me paranoid but before I open any email I ..... READ ALL THE HEADER INFORMATION

    Call me paranoid but before I click on any link ..... I "right click" on the link. " Copy " the link. " Paste " the link in a blank document and see what the link contains.

    Call me paranoid but before I never click on any links that come from sites that shorten links such as " tinyurl "

    Call me paranoid but I have never been the victim of any scam or fraud, not have I had any computer virus episodes.


    People need to learn just a few basic steps and they too can avoid being ripped off!
     
  6. N9ZN

    N9ZN Ham Member QRZ Page

    I have not been very active but did notice QRZ has an ongoing issue with someone posting fraudulent for sale / trade adds on QRZ.
    I wanted to let you know I do a fair amount of online purchases at a number of web sites, some of which are for large dollar sales. I HAVE NEVER RUN INTO A PROBLEM. The reason my luck has been so good is attributed to a requirement that posters of items for sale must include a photo with a hand written note showing their user login name and date of the posting hand written and legible in at minimum one of the item listing photos. We also use a separate URL to leave buyer and seller feedback for multiple sites which I purchase from. All sales are strongly suggested to use PayPal as the method of payment which also provides some relief in the event of fraud and other specific reasons.
    Requiring a hand written name and date be included in the photo(s) of For Sale Items will STOP THIS PERSON FROM PULLING PHOTOS FROM OTHER SOURCES AND POSTING THEM ON QRZ FOR ITEMS THEY DO NOT HAVE POSESSION OF. Even photo shopping those off site photos to include a hand written note is difficult and very detectable to prospective buyers.
    If you want to stop the foolishness on QRZ I would strongly suggest putting those rules into effect at QRZ. Since buyers usually want to see a photo in For Sale Ads, writing a name, date, and including the readable written info in the item photo is not a lot of extra effort. Establishment of a separate URL for all NON EBay sales can be used by hams without regard to the website where the item was advertised (other ham websites). The reporting site I use http://www.heatware.com would more than likely be available for such purposes free of charge to QRZ upon asking the owner, users must register there but the fee is user established, normally a dollar and the service is widely used.
    Hope you found this useful.
    73 de N9ZN
    Monty Howard, Tampa Florida
     
  7. KB3VWG

    KB3VWG Ham Member QRZ Page

    Having survived a Nigerian scam may years ago on 'gBay' motors (because I used my brain regarding everything I was being asked to do to complete the deal, the form of payment I received, where I received payment from and what I was going through to protect myself), and assiting others (or trying to convince them that the propisition/job/deal are actually scams) via my private IT firm, I've learned a few things:

    - the Secret Service is the orgnization that best deals with such scams, especially if a Bank Transfer (wire), Westen Union or a Bank Draft (check) was requested as payment, they are the "protectors" of our currency. Over time, I've come to meet a local S. Svc. task force member; these Internet Scams are so prevlant, they hardly involve themselves unless the victim has already lost money, has physically seen the Criminal, or cannot reverse the funds/transactions themselves.

    - NEVER NEVER receive or send payments greater than the listed asking price. I worked with one victim who was told to accept a payment into thier PayPal account, but they were totally unaware of what the payment was for, they did not learn until a fraud report was made to PayPal, that an email address similar to thier real email was used to arrainge the purchase of a Segway Scooter on eBay, to which they had no clue about; they simply thought they had been hired as an accountant and this was the first transaction to place on thier employer's books. It wasnt revealed to my client until the buyer copied and pasted the PayPal email address to forward all the email communications from the fake email address, which of course, the receiver never worte.

    - the domain name "example.com.mn" only indicates under what Registry the criminal registerd the domain (as .com .org and .net and others are under US jurisdiction, they use a Top Level Domain that is not controlled by US law), they can then specify any authorative DNS server to answer on the Internet for that domain name - most people who register a domain name use the DNS servers provided by the Registrar. It is also possible to have many domain names answer for the same web server, so the one listed may not be the only domain name used in this scam.

    - after specifying an authorative DNS server, an A Record (Address record, defined by RFC 1035) is created to specify the server that will answer for the Domain Name (called a Host), that IP address reveals the TRUE location of the Scammer's web server; so in order to track down the TRUE location of the server holding the fake QRZ Login Page, a Lookup of the A Record will need to be done.

    - NEVER take the communication off of QRZ, meaning, complete the transction VIA Private Messages, being refered to an email address to continue the conversation is another dead giveaway

    - if you have taken the bait and provided your email address, rest assured it's harvested and sold amongst e-criminals as being gulible and prone to accepting various scams, they feel they have to put in less work for you to fall victim for a futute scam. Your identity IS harvested and the data aggregated for use in future scams

    - I agree with a post from another Station regarding VoIP, all gmail accounts come with a FREE VoIP number and can be setup on Robo Call machines as well as people using them as legitimate phone numbers, in any case, they do not reveal the TRUE location or holder of the phone number. There is a scam going around now where a random number local to your calling area start asking you questions that can compromise your Identity to theives, the person on the other end of the call is computerized and simply recording your response for later processing.

    - the person named as the account holder, PayPal reciepient, Western Union pickup contact, etc. is (more times than not) PROBALLY the victim of another scam, and is usually clueless as to the real reason the sender has delivered payment; the goal fpr the crminal is for the receiver to send the money onward before any victim becomes the wiser. I have had clients come to me saying they responded to (for example) a Job add for a Bookeeper or Accountant, and were told to open a seperate bank account, or use thier own accounts for receipt of thier compensation or any funds thier "employer" would entrust with them.

    - this leads me to another point, you may not be dealing directly with the scammer, you may actually be dealing with an unwitting victim who is the Criminal's middle-man recurited from another scam operation, in fact, you could even be dealing with a criminal using a completly stolen identity (e.g. identity stolen to register a doman name and pay for web services). I've had victims come to me who were asked to fill out 1099 or W-4 forms and/or underwent a 'job interview' with the Criminal via instant Messaging (to obtain thier social security number, address and other information that could be asked on an online credit check questioniare)
     
  8. VK4TI

    VK4TI Ham Member QRZ Page

    I always use a real email from the business , don't accept anything but a traceable email account and do some homework if there is any doubt , I even rang a guy once from Australia just to prove I was real
    B
     
  9. N6PAT

    N6PAT Platinum Subscriber Platinum Subscriber QRZ Page

    You do realize that with Adobe Photoshop, Fireworks, etc. that you can manipulate a photo to include just about anything? I could send you a photo of me signing the Declaration Of Independence at Tranquility Base on the Moon and it would look real.
     
  10. AB3QL

    AB3QL Ham Member QRZ Page

    I remember when I first joined this web site I mentioned a security risk. I was ignored by whoever administers this site. I deal with network security all of the time. I also trace people and transactions. Someone said to display an IP address. Well, that's good, except there is a loophole which I will not publicly reveal. I read how people are being ripped off. Most are far too trusting.
     
Thread Status:
Not open for further replies.

Share This Page