Quote:
Originally Posted by ronson
Unfortunately, there is little hope any money will be recovered. Hope at least the perpetrator doesn't go away unpunished.
With this type of online transactions, there is always a risk. Given this is a small community, we are probably not a prime target compared to say Gumtree or FB Marketplace, but still random incidents like this happen and will keep happening.
In terms of protection, IP addresses are disposable, so blocking them has very little to no effect.
Having Captcha or another technology to prevent bot registrations is a good thing.
Having the restrictions on new accounts is a good way to make it harder for people to misuse.
It's good, if for inactive accounts (say more than 12 moths since last login), the user is requested to reactivate via email link before being allowed to use them again.
A big issues for this, and other forums, is hijacking genuine/established accounts where the user has used a weak password or reused passwords that have subsequently leaked in other compromises. This will really affect the credibility of doing any business as everyone will be paranoid if the person they communicate with is genuine or a scammer, regardless of how old the account is or the number of their posts. To counter this, mandatory multi-factor authentication is a very effective security control. Some might think it's pain in the rear, but once setup, it makes it very hard for an attacker to get access and they usually just move to the next easier target.
Worst case scenario is if the database of this forum is compromised and all our credentials leaked, and some decrypted, and all the personal info exchanged via direct messages is leaked, then this would be a big issue, which I have flagged a while ago as a risk ISS using a very old outdated forum version with known vulnerabilities and unfortunately it seems this is not being rectified anytime soon.
What this means for me personally, is that from now one, if I am buying anything on this forum, I will have to scrutinise people a lot more before sending any money. Possibly using a middle man platform such as PayPal as an extra protection. Apology to everyone in advance, and I realise this might deter some from doing business with me, but this is the reality, and I will also understand if you scrutinise me if I am selling something.
|
All valid points Ronson.
I don't think Mike and Terry will be updating the forum atm.
Guys, please exercise extreme caution when dealing with others.
Personally, I couldn't hand over money for an item simply because I'm dealing with another IIS member.
Unless it's face-to-face or I'm 100% sure who I'm dealing with then no way will I purchase.
Further investigations into dikman's account indicate to me that the original account was hijacked.
A reminder to check the strength of your passwords and change them now and then.
Also, I'll repeat myself here, I can't understand why other members who delt with dikman and had problems, didn't alert us so we could've acted sooner.
Well, there it is.
RB