drrich2
Contributor
Some of you know my SB account got hacked and the hacker tried to make a fraudulent sell in my name. The Chairman got my account fixed. I'm posting to let you guys know and explain the course of events from my perspective. Most of this was written 'as it happened,' so my anxiety flavors the narrative quite a bit.
My Scuba Board account got hacked and the hacker tried to make a fraudulent sale via a Classifieds posting using my account. He (?) changed the e-mail address and log in credentials so I couldn’t access the account. No one in my home would’ve done such a thing, and I don’t know who did or how they got the info. I figure it could happen to someone else so it’s worth exploring this incident. I may have overlooked some obvious thing I should’ve done. I’m not sure what can be done to prevent this going forward (other than stronger passwords, though mine wasn’t something one could guess). Scuba Board relies on the unpaid labor of a dedicated team of staff and runs well for the most part.
Saturday morning 5-1-21 I was online debating someone in another forum when my computer popped up notice of an e-mail from Scuba Board.
“drrich2,
Your email at ScubaBoard was recently changed to seqecyxa@thichanthit.com. If you made this change, you may ignore this message.
If you did not request this change, please log in and change your password and email address. If you are unable to do this, please contact an administrator.
Your email was changed by the IP 181.215.176.103.
Thanks.
ScubaBoard”
Oh, crap! That’s not me. I went to Scuba Board, which my computer automatically logs onto for me…and it didn’t. So not only has my account been hacked, the hacker has changed the log in credentials and I’m locked out of my own account.
I look for contact info. and see a Contact Use option, which I use to report the situation. I didn’t see a phone #.
Then I see my e-mail inbox got a couple of earlier e-mails. One from a friend on the forum:
“Hi Richard,
That's a great price on the BC, especially with the Air 2 and the accessories. You should have no problem selling it.
I think you meant the waist straps to use without the weight pockets”
And from another member:
“Hey Rich, does this have the bungee upgrade?”
and
“Whats your paypal address?”
Oh, crap!!! Someone’s committing fraud through my account. Ah, what to do, what to do?!?!? I found the thread where the fraudster was trying to sell something through my account.
If memory serves, I reported it again through Contact Us.
I set up a new Scuba Board account (new username and password), got and answered the e-mail to confirm it, and saw that my account has to be approved. Okay. I subsequently could read threads as a logged in person, but it was noted I had insufficient privileges to post, and I didn’t see any Report This Post button (I’m guessing because my account wasn’t approved yet?).
I searched in my e-mail program to see if I could find any old e-mails directly from Scuba Board members; I got a group e-mail from Cardzard way back so I sent him an e-mail explaining some of this.
Thankfully some other members figured out it wasn’t me. The thread subsequently got locked. I still couldn’t post, such as in Site Support.
Subsequent milling around, I saw a Staff Online Now option. 2 People - Lorenzoid and Capt Jim Wyatt. Great! But can I message one of them? I clicked on Lorenzoid. I can view the profile, but I don’t see an option to Start A Conversation. I went to ScubaDada’s post in a thread and tried to get find a way to start a conversation; saw none. He’s a staff.
As of 6 p.m., still no e-mails, no message to my new SB account, and I went to post a reply to a thread in a Basic Scuba thread…and it still says I have insufficient privileges to reply here. I sent another ‘Contact Us’ hoping to get a response.
Sunday 5-2-21. 7:06 a.m. Got an e-mail from The Chairman (he hadn't been able to get to me faster because my account no longer had my correct e-mail address), responded, got another with log in info. at 10:51 a.m.
———————
Talking Points:
1.) If hacked, you may be locked out of your own account before you know it.
2.) Your account can be quickly used for fraudulent sales. I think of SB as a social media site, but people can do financial transactions. I've bought a few things on but never sold anything through SB.
3.) The hacker tried to get someone to pay through Zelle - which doesn’t offer some of the protection PayPal does. This seems to be a common ploy of fraudsters; last year my wife and I lost our $100 deposit on a pug puppy to a scammer in just this way.
4.) I see no way to quickly alert staff or the forum community, or to post in a thread to challenge a fraudulent post. If this happens to you and you use 'Contact Us,' make sure you include contact info. since they may not be able to pull it from your account.
5.) It seems very new members (or accounts) lack fast contact capability we older members take for granted.
6.) I didn’t know how much more to try to do (not that I could think of anything more to do), or what my responsibility might be.
I still figuring out what to make of all this, but it seemed a good topic for discussion.
P.S.: Thanks to @The Chairman for sorting this out of me.
My Scuba Board account got hacked and the hacker tried to make a fraudulent sale via a Classifieds posting using my account. He (?) changed the e-mail address and log in credentials so I couldn’t access the account. No one in my home would’ve done such a thing, and I don’t know who did or how they got the info. I figure it could happen to someone else so it’s worth exploring this incident. I may have overlooked some obvious thing I should’ve done. I’m not sure what can be done to prevent this going forward (other than stronger passwords, though mine wasn’t something one could guess). Scuba Board relies on the unpaid labor of a dedicated team of staff and runs well for the most part.
Saturday morning 5-1-21 I was online debating someone in another forum when my computer popped up notice of an e-mail from Scuba Board.
“drrich2,
Your email at ScubaBoard was recently changed to seqecyxa@thichanthit.com. If you made this change, you may ignore this message.
If you did not request this change, please log in and change your password and email address. If you are unable to do this, please contact an administrator.
Your email was changed by the IP 181.215.176.103.
Thanks.
ScubaBoard”
Oh, crap! That’s not me. I went to Scuba Board, which my computer automatically logs onto for me…and it didn’t. So not only has my account been hacked, the hacker has changed the log in credentials and I’m locked out of my own account.
I look for contact info. and see a Contact Use option, which I use to report the situation. I didn’t see a phone #.
Then I see my e-mail inbox got a couple of earlier e-mails. One from a friend on the forum:
“Hi Richard,
That's a great price on the BC, especially with the Air 2 and the accessories. You should have no problem selling it.
I think you meant the waist straps to use without the weight pockets”
And from another member:
“Hey Rich, does this have the bungee upgrade?”
and
“Whats your paypal address?”
Oh, crap!!! Someone’s committing fraud through my account. Ah, what to do, what to do?!?!? I found the thread where the fraudster was trying to sell something through my account.
If memory serves, I reported it again through Contact Us.
I set up a new Scuba Board account (new username and password), got and answered the e-mail to confirm it, and saw that my account has to be approved. Okay. I subsequently could read threads as a logged in person, but it was noted I had insufficient privileges to post, and I didn’t see any Report This Post button (I’m guessing because my account wasn’t approved yet?).
I searched in my e-mail program to see if I could find any old e-mails directly from Scuba Board members; I got a group e-mail from Cardzard way back so I sent him an e-mail explaining some of this.
Thankfully some other members figured out it wasn’t me. The thread subsequently got locked. I still couldn’t post, such as in Site Support.
Subsequent milling around, I saw a Staff Online Now option. 2 People - Lorenzoid and Capt Jim Wyatt. Great! But can I message one of them? I clicked on Lorenzoid. I can view the profile, but I don’t see an option to Start A Conversation. I went to ScubaDada’s post in a thread and tried to get find a way to start a conversation; saw none. He’s a staff.
As of 6 p.m., still no e-mails, no message to my new SB account, and I went to post a reply to a thread in a Basic Scuba thread…and it still says I have insufficient privileges to reply here. I sent another ‘Contact Us’ hoping to get a response.
Sunday 5-2-21. 7:06 a.m. Got an e-mail from The Chairman (he hadn't been able to get to me faster because my account no longer had my correct e-mail address), responded, got another with log in info. at 10:51 a.m.
———————
Talking Points:
1.) If hacked, you may be locked out of your own account before you know it.
2.) Your account can be quickly used for fraudulent sales. I think of SB as a social media site, but people can do financial transactions. I've bought a few things on but never sold anything through SB.
3.) The hacker tried to get someone to pay through Zelle - which doesn’t offer some of the protection PayPal does. This seems to be a common ploy of fraudsters; last year my wife and I lost our $100 deposit on a pug puppy to a scammer in just this way.
4.) I see no way to quickly alert staff or the forum community, or to post in a thread to challenge a fraudulent post. If this happens to you and you use 'Contact Us,' make sure you include contact info. since they may not be able to pull it from your account.
5.) It seems very new members (or accounts) lack fast contact capability we older members take for granted.
6.) I didn’t know how much more to try to do (not that I could think of anything more to do), or what my responsibility might be.
I still figuring out what to make of all this, but it seemed a good topic for discussion.
P.S.: Thanks to @The Chairman for sorting this out of me.
