trix4ever
Well-known
I would never buy or sell on here.
Why else would I need a secure account?
All I do is post photos and shoot the breeze.
It has zero to do with you buying or selling.
It has to do with your account potentially being compromised by a scammer, which could happen, you have 501 posts here, that's a desirable account to a scammer.
It has to do with your account potentially being compromised by a scammer, which could happen, you have 501 posts here, that's a desirable account to a scammer.
trix4ever
Well-known
If I'm at home I never have to log in to RFF on my phone or computer, when I am using another computer say at the library I use my password. Are you saying that is inadequate?
I speak as an old naive photographer...
I speak as an old naive photographer...
If they get your login, they get to pretend to be you in order to scam people.
They can get your login in many ways, I won't go into all that here.
But let's say they get your login, the first thing they will do is change the account email and password.
That's what happened with the kingtimur account here:
Once that is done, they have hijacked an account and can start scamming.
With two-step verification, it's exceedingly more difficult for them to hijack an account, even if they get your login password, as that won't be enough.
They can get your login in many ways, I won't go into all that here.
But let's say they get your login, the first thing they will do is change the account email and password.
That's what happened with the kingtimur account here:
Once that is done, they have hijacked an account and can start scamming.
With two-step verification, it's exceedingly more difficult for them to hijack an account, even if they get your login password, as that won't be enough.
TenEleven
Well-known
Nothing bad ever happened to me for not wearing seatbelts therefore seatbelts are a useless invention
Joking aside, I need to enable 2FA as well. So - mea culpa!
The things, splitimageview mentioned aside, they might also be able to use your RFF account to either socially engineer access to other accounts or do whatever with the information they find about you on RFF (address, email addresses, real name, etc.). The less attack surface you offer the better - regardless of where that is
Note that account millus1974 also used the same IP address as account kingtimur.
millus1974 was also recently banned after posting a scam ad.
Almost certainly the same scammer behind both these account hijacks.
The real owner of millus1974 (whoever that was) hadn't posted here since 2013...
millus1974 was also recently banned after posting a scam ad.
Almost certainly the same scammer behind both these account hijacks.
The real owner of millus1974 (whoever that was) hadn't posted here since 2013...
Richard G
Veteran
Just now set up 2FA authentication to avoid being implicated in a scam. I’ve used Google Authenticator. The process was clunky and did not confirm success. I was offered to confirm the ‘secret’ but that was from left field so I didn’t. Still, logging in again required the Google Authenticator code.
Mr_Flibble
In Tabulas Argenteas Refero
Did you use your Credit Card to pay with PayPal? Then I would suggest contacting your CC company. They generally don't take no gaff from PayPal concerning theft and refunds.
trix4ever
Well-known
Thank you for the explanation, I now appreciate the problem.
I tried to set up 2 step authentication but it required me to be logged in to Google. Which I will never do. Hmfff. Annoying.
coelacanth
Ride, dive, shoot.
"millus1974" (the hacker who got into this account) got close to scamming me but I sensed things were off and called off. He went "Oh PayPal won't let me cancel the invoice so please pay me and I'll refund right back" by the end. I hope you can get protection from your credit card benefits.
AntonioC
Established
Done via the authenticator app, thanks for the tip.
I suggest to make the wider RFF community aware with a dedicated sticky post by the admins, as not everyone interested might read this thread.
sara
Well-known
Paypal will help refund your money.
Had a similar situation when I bought a phone off ebay. I paid via Paypal, seller didn't respond.
Paypal contacts seller. If no response from them, seller will refund money.
But have the evidence.
Had a similar situation when I bought a phone off ebay. I paid via Paypal, seller didn't respond.
Paypal contacts seller. If no response from them, seller will refund money.
But have the evidence.
sara
Well-known
Two-step verification messed me up when I was abroad and lost my phone. Wanted to log in to my accounts to "find my phone", but could not have access because they sent the code to my phone which was stolen....
In the end had to get someone to help buy a new phone, to get a new SIM card and send me my verification codes...took some time though which by then I could not track my phone.
..helpful but sometimes it's not
See above regarding backup codes.Two-step verification messed me up when I was abroad and lost my phone. Wanted to log in to my accounts to "find my phone", but could not have access because they sent the code to my phone which was stolen....
In the end had to get someone to help buy a new phone, to get a new SIM card and send me my verification codes...took some time though which by then I could not track my phone.
..helpful but sometimes it's not
Did you try the email option?
vitaly66
slightly tilted
Regarding the two-factor identification, agreed with @trix4ever that is unnecessarily cumbersome and annoying, just to occasionally peruse, chat, and post photos in the forum sections.
Perhaps two-factor identification could be implemented (and required) for posting activity in the classified section? That's where the scamming happens. It makes sense to have more stringent security measures there, while the rest of the forum could be left as is now.
Perhaps two-factor identification could be implemented (and required) for posting activity in the classified section? That's where the scamming happens. It makes sense to have more stringent security measures there, while the rest of the forum could be left as is now.
Again:
Two-factor exists to significantly reduce the chance of accounts being hijacked.
This has NOTHING whatsoever to do with an account that doesn't participate in buying or selling.
Just because an account doesn't participate in buying/selling does not mean that the account can't be hijacked and used to scam.
Hope this clarifies things!
Two-factor exists to significantly reduce the chance of accounts being hijacked.
This has NOTHING whatsoever to do with an account that doesn't participate in buying or selling.
Just because an account doesn't participate in buying/selling does not mean that the account can't be hijacked and used to scam.
Hope this clarifies things!
Dogman
Veteran
This is all beyond my level of comprehension. Making something so secure it's a PITA to use makes it useless to me. I'm old, barely computer literate and life is becoming so damn complex I'm almost glad I'll die soon. I have to remember multiple passwords and user names on multiple accounts, each with multiple letters, numbers and symbols so I save these in my iPhone but I expect someone will eventually hack into that system and eff it up, requiring more levels of security. I'm willing to roll the dice and keep my fingers crossed. I can't live in a locked-in world.
.....................
.....................
It's really not a PITA, just give it a try.
There is an option to remember the code for 30 days. So you'd only have to enter a code once a month:
There is an option to remember the code for 30 days. So you'd only have to enter a code once a month:
Two-factor is pretty standard all over the internet today.
For example: Amazon.
You certainly don't have to activate it here if you don't want to, but it almost certainly would prevent accounts from being hijacked for sales scam purposes.
For example: Amazon.
You certainly don't have to activate it here if you don't want to, but it almost certainly would prevent accounts from being hijacked for sales scam purposes.