Discussion in 'Ham Radio Discussions' started by WR6G, Jul 11, 2019.

ad: L-HROutlet
ad: l-rl
ad: Subscribe
ad: Left-3
ad: Left-2
ad: L-MFJ
ad: abrind-2
  1. WZ7U

    WZ7U Ham Member QRZ Page

    If that is the case, I am most certainly defective. Would someone please take me back for service or a refund?
    KD8DEY and W7UUU like this.
  2. WB5THT

    WB5THT XML Subscriber QRZ Page

    And this begs the question of how do they keep hacking into your QRZ page?
    KF5FEI, WZ7U and N0TZU like this.
  3. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    By all accounts and indications, 100% of the recent QRZ hacks were from Phishing schemes. At least in this last round, it appears that a group of scammers in Nigeria working with a partner in the US, crafted a very well done "Please verify your QRZ login username and password" email that was sent to as many addresses as the scammers could glean from the internet. Note that non-members CANNOT view email addresses here - that's the whole reason of the "move mouse to view email" - you have to be logged in to do that.

    The scammers got emails from all sorts of locations - many web sites. Or from QRZ posts where people were dumb enough to put their email "in the open"

    Members not aware of the concept of "Phishing" just blindly sent their username and password right into hands of the scammers. Their next step was to log into those accounts most seldom used - i.e., low post counts... far less likely those users would realize they were hacked - in many cases not even remotely aware.

    They then set about deleting the "real" email address on the page - and in many cases replacing it with something they were using for the scam.

    Moral: NEVER EVER EVER EVER respond to an email asking for a username and password to ANY site - not just QRZ! NO real web site ever would ask that - certainly not QRZ!

    The system of "ID Verification" at QRZ has essentially eliminated that vulnerability. The likelihood of scammers successfully completing the steps to get ID Verified here is so low that they will simply move on to other ham radio sites that have no such security measures in place.

    QRZ is now the most secure online ham radio swapmeet out there, hands down. Is it perfect? Nothing ever is. But it's better than any other site going by far.

    KU4X likes this.
  4. K2CAJ

    K2CAJ XML Subscriber QRZ Page

    This afternoon we got scam emails from a coworker, the sort of "urgent request" emails that say "I'm trapped outside of the country can you send me a google play card."

    At first we called our coworker to warn her that she was hacked, but on closer inspection we saw that it was just a gmail account resembling her work email. The "hackers" didn't hack anything at all, they just took information they could easily find from our web page to make a lookalike email account with her photo, and send boilerplate emails with her job title, phone and office #.

    I guess we'll see a raft of those in the next few weeks, because once a scammer gets an idea like that, you see a million others try the same thing until diminishing returns kick in.
  5. WZ7U

    WZ7U Ham Member QRZ Page

    Kinda like these phone calls in robo-voice saying that my social security number is being blocked until I call some number and give them my banking info. BS!
  6. KA8NCR

    KA8NCR Ham Member QRZ Page

    How do you feel about an all expense paid trip to the southeastern shores of Cuba?
    KD4MOJ likes this.
  7. KA8NCR

    KA8NCR Ham Member QRZ Page

    They won't get through the ID verification, but they can still take someone's ID through phishing, especially if they elected SMS 2FA. SIM-swaps are a real threat, and using SMS as a 2FA should be an absolute last resort or backup.
  8. WJ4U

    WJ4U Ham Member QRZ Page

    "IRS is filing lawsuit against me" according to multiple voicemails left on my unlisted phone. I called the IRS directly (800-908-4490) to see if there is any problem and they confirmed it's a nationwide scam, delete the messages and never call the bogus phone numbers.
  9. WZ7U

    WZ7U Ham Member QRZ Page

  10. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Anything is possible. But QRZ paid staff (not moderators) "hand verify" whatever is submitted for ID. It better be a DAMN GOOD FAKE on any ID verifications.... 2FA with cheap cell phones? - sure that's pretty doable, for a VERY motivated Nigerian or other scammer (most have been from Nigeria so far, until the change in security). But the ID part is going to be pretty dang hard to achieve for them. The ID submitted (and promptly destroyed after confirmation) has to pass a pretty tight scrutiny.

    Can someone bust the system? I'm sure they could. But why bother? Why not just go after a thousand other swapmeet sites and do it the easy way?

    Bottom line: if you're dumb enough to fall for a phishing scheme, and send your personal information, login, password, SSN, whatever - to some site you have no idea from an email you just received.... well, I guess you're pretty much on your own.

    Last edited: Jul 12, 2019
    KU4X and W5INC like this.

Share This Page