Scammed for $5000 for Omega Speedmaster watch

Jackee · Mar 8, 2018

rcs914
At one time this would have worked, but it no longer is good information. Password cracking based on dictionary words has progressed significantly, and the above password, or one similar to it, would probably take less than 2 minutes to break now.

https://www.pentestpartners.com/sec...batterystaple-isnt-a-good-password-heres-why/

Not completely true. The method is still great but you should just increase the sentence a bit. Around 10-12 words is a good length right now.

The most important part is still the use of unique and strong passwords for each site/service. Preferable with help of an password manager. But since I'm extra paranoid I don't keep my most important passwords in the password manager (working with IT-security).

I divided it like this:
Tier 1:
Email, Password manager, AppleID etc..

Tier 2:
Social media

Tier 3:
More important forums

Tier 4:
Shit sites

Tier 2-4 will be in the password manager.

Meme-Dweller
No, the password is just a hash.

The master password to your password manager will be the decryption key for unlocking the rest of the passwords.

micampe · Mar 8, 2018

Meme-Dweller
No, the password is just a hash.

This sentence is syntactically correct but meaningless. Strong opinions with little knowledge are dangerous, and scaring people away from solutions implemented by a large community of very experienced people who have been studying and working on the same problem for decades is actively harmful.

This is the start of what you are missing: https://en.wikipedia.org/wiki/Key_stretching

What is your better solution?

Meme-Dweller · Mar 8, 2018

micampe
This sentence is syntactically correct but meaningless. Strong opinions with little knowledge are dangerous, and scaring people away from solutions implemented by a large community of very experienced people who have been studying and working on the same problem for decades is actively harmful.

This is the start of what you are missing: https://en.wikipedia.org/wiki/Key_stretching

What is your better solution?

My dad is Satoshi Nakamoto, father of Bitcoin and blockchain. You owe me a 128-bit apology.

Reddy_Kilowatt · Mar 8, 2018

I'm no security expert, but work with some. Arguing against password managers because of the risk seems a bit like arguing against the use of seat belts because you might get trapped in the car. If you already keep your passwords carefully written down and keep the paper list in a safe, you're pretty damn secure and a password manager might not be an improvement for you. But for everyone else on the planet, use of unique and secure passwords is hard work that a password manager makes easier.

COYI · Mar 8, 2018

Very sad to read about this scam. I truly hope the OP can recover his funds.

bags1971 · Mar 8, 2018

COYI
Very sad to read about this scam. I truly hope the OP can recover his funds.

I agree its not nice happened to me a few years ago

ConElPueblo · Mar 8, 2018

As I've just posted a FS post here, I can tell you that now you'll need a mod's approval for posting, meaning that someone trustworthy will scan the advert and look for anything off before it goes live...

...Or it might just be something @dsio put into place so he could snag all the good stuff before anyone else 😁

Bill Sohne · Mar 8, 2018

ok @ConElPueblo

i will step forward

hehe

bill

Reddy_Kilowatt · Mar 8, 2018

It looks like the scam artist is at it on another site.

http://chronocentric.com/forums/chronotrader/index.cgi?page=1;md=read;id=86214

Tik-Tok of Oz · Mar 8, 2018

U ulackfocus
If that wasn't so damn funny I'd be pissed off right now. 😜

....and the Eagles won the SuperBowl which is something I never thought would happen in my lifetime, so maybe the Flyers are due after a 43 year drought.

We love the Flyers here...

Tik-Tok of Oz · Mar 8, 2018

COYI
Very sad to read about this scam. I truly hope the OP can recover his funds.

+1. This is a nice little community and this sort of thing is upsetting to read because of the inherent trust we have here.

Well, time to change the passwords....

sierra11b · Mar 8, 2018

For what it's worth given my limited exposure here, and while I tend to lurk -- which given the circumstances might mean nothing -- I do go by the same handle on a few other watch forums (Applicable MODs or vetted Omegaforums members, PM me if so desired to confirm), and trust Mike immensely. He's the type of guy I would feel comfortable accepting payment upon his in-hand trade inspection.

Although I've never met Mike in person over the years of reading his substantial posts, he's a eloquent writer who would come in conservative on a overall condition of a watch and NOT be hasty in order to strike a deal. Although the punctuation of the scammer is legit, it's a tad bit brazen, so let this be a lesson to all where multiple watch forum handle accounts (myself included) might exist in vetting for overall writing tone.

Reddy_Kilowatt · Mar 8, 2018

Reddy_Kilowatt
It looks like the scam artist is at it on another site.

http://chronocentric.com/forums/chronotrader/index.cgi?page=1;md=read;id=86214

Looks like that thread has been deleted. The poster used the following email address, though probably has others: [email protected]. Watch out!

Odat · Mar 8, 2018

jetkins
Nosir. Services like LastPass (my personal favorite) encrypt your password vault at the endpoint (your PC, Mac, or smartphone) using AES-256 and a passphrase known only to you, before pushing it to their cloud servers. So if they were hacked, all the attackers would get would be the email address you used to sign up, and your encrypted password vault. Heck, even if the gummint demanded that they hand over your data, all they could provide would be the encrypted vault since they do not know - nor want to know - your master password.

AES-256 is approved by Uncle Sam for protection of documents classified up to and including TOP SECRET, so it's probably more than sufficient for plebs like us. At current state-of-the-art computation speeds, it would take longer than the universe has been in existence to exhaust the entire AES-256 keyspace in a brute force attack, and one would hope that you might have changed your passwords by then!

Odat · Mar 8, 2018

What makes it even worse is that the scammer is taunting me. I wrote him yesterday telling him I’ll be filing charges against him soon and that I’ll be talking a lawyer. He told me that he will be at his bank in 40 minutes and then ignored me for the whole day, Today after another few emails, he said that he reversed the wire at around 11am. I called the bank at 5pm and they said nothing is there. When the money didn’t show up, I wrote him and he ignored me again. I really think he’s having fun with me. What a loser!. I’m trying to forget it but $5000 hurts!. That’s a chunk of change no matter how much you make.

Tik-Tok of Oz · Mar 8, 2018

O Odat
What makes it even worse is that the scammer is taunting me. I wrote him yesterday telling him I’ll be filing charges against him soon and that I’ll be talking a lawyer. He told me that he will be at his bank in 40 minutes and then ignored me for the whole day, Today after another few emails, he said that he reversed the wire at around 11am. I called the bank at 5pm and they said nothing is there. When the money didn’t show up, I wrote him and he ignored me again. I really think he’s having fun with me. What a loser!. I’m trying to forget it but $5000 hurts!. That’s a chunk of change no matter how much you make.

It could have happened to any of us. Don’t let that $hit head ruin your day or weekend. It would hurt for any of us to lose $5000.

Screwbacks · Mar 8, 2018

O Odat
What makes it even worse is that the scammer is taunting me. I wrote him yesterday telling him I’ll be filing charges against him soon and that I’ll be talking a lawyer. He told me that he will be at his bank in 40 minutes and then ignored me for the whole day, Today after another few emails, he said that he reversed the wire at around 11am. I called the bank at 5pm and they said nothing is there. When the money didn’t show up, I wrote him and he ignored me again. I really think he’s having fun with me. What a loser!. I’m trying to forget it but $5000 hurts!. That’s a chunk of change no matter how much you make.

looks like the scammer is a professional fraudster. never stop running after him.
if only we can help in your situation. this is an honest forum, what's why we post
comments, reviews and even valuable criticisms for the good of the members and
viewers.

larryganz · Mar 8, 2018

nima0071
wow that is crazy. I am sorry what happened. I did send him "hacker" a message to buy the watch as well,

thank god he did not responded back.

Nice, you even lowballed his lowball 😝

I hope that more people didn't get hurt by that creep. You dodged a bullet, because you were next...

TDBK · Mar 8, 2018

rcs914
At one time this would have worked, but it no longer is good information. Password cracking based on dictionary words has progressed significantly, and the above password, or one similar to it, would probably take less than 2 minutes to break now.

https://www.pentestpartners.com/sec...batterystaple-isnt-a-good-password-heres-why/

This calculation is based on the ability to use something like hashcat, which requires you to have a cryptographic hash of the password. With something like an online login, the only way to test password correctness is to try a login. A forum site like this probably can't easily let you test more than 10 passwords per second or so, while with hashcat and multiple GPUs you can hack many thousands or millions of passwords per second. Bottom line is that you do not need high complexity to protect passwords for online services: instead just make sure you use a different password for each site. I would much much rather for you each to just use a single English word or two as a password, maybe with a digit, but with a different password for each site, than having a very complex password but using the same password for more than one site (or a very similar one such as putting the initials of the site at the end).

Odat · Mar 8, 2018

larryganz
Nice, you even lowballed his lowball 😝

I hope that more people didn't get hurt by that creep. You dodged a bullet, because you were next...

The price to me wasn’t really an indicator of anything as I have purchased watches before that were very good deals. The watch goes for $6000 and he was asking $5000 so it wasn’t too far off especially if the seller was desperate for money or trying to get another watch. Deals happen all the time. Does anyone know how I can get the bank to turnover his full information so I can file a case against him?.

Scammed for $5000 for Omega Speedmaster watch

Jackee

micampe

Meme-Dweller

Reddy_Kilowatt

COYI

bags1971

ConElPueblo

Bill Sohne

Reddy_Kilowatt

Tik-Tok of Oz

Tik-Tok of Oz

sierra11b

Reddy_Kilowatt

Odat

Odat

Tik-Tok of Oz

Screwbacks

larryganz

TDBK

Odat

Similar threads

Looking for Omega Speedmaster watch band 1964

1x pusher for Omega Speedmaster 105.012

Question about Crown for Omega Speedmaster Calendar - Ref No. 2849-1 SC

Forstner Flat Link Bracelet fully brushed finish for Omega Speedmaster FOIS/CK2998 (19mm end links)

20mm Forstner 1450 President Bracelet for Omega Speedmaster 3861

20 mm Artem Sailcloth for Omega Speedmaster and OEM Omega Buckle