SCAMMER on the private sales forum. @jens0125 1996 Rolex submariner 16040 “for sale”

Hey Folks. Just wanted to update everyone on a situation that happened recently.

I noticed a sales post from @jens0125’s account.

A 1996 14060 with both boxes. Fantastic looking example. T25 dial with creamy delicious patina. Asking $5500ish. Knew the username looked familiar. Good post count. Good “like” count. Etc.

I reached out to the “seller” via private message on the forums.

He responded back requesting I email him. Same email as the sale post. Thought nothing of it.

We emailed back and forth. Agreed on a price. He sent me his transfer info. Different first name but same last name. Said it was his son.

I used transferwise and sent the money.

In the meantime I showed pics of the sub to several watch friends. Everyone thought it looked incredible.

Several hours later I get a message from a watch buddy saying he hopes the sub I just bought wasn’t the one from the omega forums. He says it looks like it was a scam.

Got his message. Felt sick. Clicked back on the sale thread here and saw the updated “SCAMMER” headline. Read on to see @jens0125 stating that someone hacked his account. The listing isn’t real, and that it must be a scammer.

Immediately I went to tranferwise and cancelled the transfer. I reached out to their customer support (multiple times) to ensure the transfer was canceled and explained I was scammed.

They assured me that I stopped the transfer early enough in the process so the money would be refunded back to my account. Thank goodness. The money has indeed been refunded back to my account.

I have the email conversations between myself and the scammer.

I have the wire info and name that was given to me by the scammer.

The scammer has my home address.

I have not attempted to reach out to them. They have not reached out to me.

This is a first (thankfully). I’m not sure how to move forward.

Be thankful that I‘m not out $5k (I am!)? Call the police (can they do anything?)? I thought I’d let you folks know of the incident and see what your thoughts are.

After all this, I googled the sellers email and found previous watches for sale, etc.. I found him on Instagram.

Turns out it’s someone I know and have met.

I reached out to his IG and sure enough he was hacked. He reached out the next morning saying that someone had completely taken over his account. The scammer had changed his previous posts and started new threads, etc. He asked that I reach out to the moderators and have his account shut down. I did. The moderators, in turn, locked his account down.

He’s since changed all passwords to all his accounts.

What do you guys think I should do? I appreciate any feedback.

Thanks,
Brian

Glad you were able to avoid the trap in the end. It’s very scary because it means there are now scammers who have the technical capability to hack legitimate accounts and to do so on Instagram and forums at the same time.
This doesn’t look like your run of the mill type scammer who’s just taking advantage of people being trusting of strangers in foreign places.
Wow.
Just letting people know if can happen is helpful. How does one I protect against that I wonder.

I don’t know, maybe count your lucky stars? Or say, “Lesson learned,” and wash up for dinner?

Posting here is a good first step.

Correct. Very scary.

Just to clarify, his Instagram wasn’t hacked.

I always wonder what could have been for the individual/s who carry out this type of scam.
I’m by no means an expert but it appears to take a significant amount of research, time and effort to attempt such a thing.
Had they used this intelligence and ability in legal endeavours would they be so much worse off than the odd potential c$5k?
Perhaps I’m naive but seems like lots of effort for the chance of circa usd 5k...and a criminal record (which seems to have failed anyway).

I don't know any particulars about the accounts noted in this thread, but when accounts like this are "hacked", it usually means their passwords weren't the best. occurences of "real hacking" are quite rare and usually go after much higher value targets -- and us little people usually don't hear much about them.

be sure that there are people (usually using automated tools) looking for weak passwords on any sort of popular site/service on the Internet. If you use a single password on multiple sites, you are likely at risk, especially if your password is weak. Use a password manager, use very long complex passwords, use a different password on each site. A good password manager makes sure that you don't have to remember the passwords yourself, often makes changing a password for a compromised site easy and can usually notify you when a site has been breached, often before the story hits the news.

Be safe out there

“1996 14060 with both boxes. Fantastic looking example. T25 dial with creamy delicious patina. Asking $5500ish. Knew the username looked familiar. Good post count. Good “like” count. Etc”

Glad you were spared but in October 2019 to get a great condition sub with boxes for $5,000 is a very bright red flag for me. I hate scammers and hope you’re able to get what you’re looking for although it might cost a little more. 😀

What I've started doing recently is after contacting someone on a forum, I search the username on another forum, send the seller a DM on that other forum, and confirm he's actually selling the watch.

Yes, someone could've hacked both forums, but the chances of that are far lower.

A friend and fellow collector just picked a similar sub up for $5k.

Every so often FANTASTIC deals pop up you just have to be quick. $1k - 1500k below current dealer price, coming from a respectable collector on this forum, didn’t seem too far fetched.

In hindsight, yes of course, there’s a handful of things I’d change.

I like what @Braindrain touched on. It’s 2019. Most of us are on other social media platforms. Searching around the net for a sellers online “profile” is a definite must from here on out.

Lesson learned.

And here’s a great reminder to all of us to change our passwords for the forum once in a while!

And don’t use anything simple and personal.

Although it won’t solve the problem 100%, our admins might consider implementing Multi-factor Authentication. This would make account takeover much harder and more unlikely, as in addition to the password (even if weak) it would also require to own its owners smartphone, for example.

Scammers will rather spend their time on a platform where it is easier to impersonate.

I don't know the particulars of what happened in this case, but usually acount takeovers happen becuse either:
1) The user has a weak password as @oddboy suggest
2) The user has used the same password and email for multiple sites and one of those sites have had a data breach.

This happens very frequently as can be seen here: https://en.wikipedia.org/wiki/List_of_data_breaches
Usually if your credentials have been breached they are easily accessible for scammers and bandits.

If you want to see if your email has been registered in a breach you can use this service https://haveibeenpwned.com/. My email has been involved in 14 (FOURTEEN!!!) breaches, which is insane. Best advice is to have a seperate password for all your online service and use an online password manager like 1password.

It is hard to close all doors, but with some simple steps you can make it quite unlikely that this will happen to you.

I think this is a really good idea. Getting 2FA (A non SMS version) enabled for login to the forum would make it much harder for scammers to take over peoples accounts. In fact, if it was not too difficult to do to, having users enter in a 2FA code when they create a thread in the sales section would secure it even more.

I think we should do a "special" word every month for private sale sub forum. An idea behind it, to have a piece of paper with"special" word printed on it on the picture with an item for sale. Also we could add a time, that we want to see set on the watch. Something like that will help to avoid scams, I think.

While that may help to some degree (ignoring the fact that images can be doctored) all it proves is that the person making the post has the watch at a certain point in time. It doesn't fix the issue that the person posting may not be the accounts original owner/creator.

The issue, I think, is best fixed further up the chain and to make it as hard as possible for to accounts to be taken over by scammers.