The Rolex Forums   The Rolex Watch

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX


Go Back   Rolex Forums - Rolex Watch Forum > Classifieds > WatchOut!!!

Reply
 
Thread Tools Display Modes
Old 17 May 2018, 06:02 AM   #1
donsidhu
"TRF" Member
 
Join Date: Oct 2012
Real Name: Donald
Location: Toronto
Watch: Red Sub
Posts: 592
Someone has hacked my account and is posting a 5513

Someone has hacked into my account and has listed a 5513 for sale. I don't own this watch and have no idea how someone got into my account. It is a scam. Someone is pretending to be me. I've notified TRF admin and waiting to hear from them. I keep bumping it and explaining how someone hacked my account, but the hacker keeps editing my bump and deleting what I’m writing. I've tried changing my password but they are still able to access my account. Has this ever happened to any other forum members? Thanks
donsidhu is offline   Reply With Quote
Old 17 May 2018, 06:12 AM   #2
Cryten
"TRF" Member
 
Cryten's Avatar
 
Join Date: Feb 2015
Location: Terrafirma
Posts: 2,655
It happens only too often.

Changing your password only works if they sign out, which they clearly won't.

Your account will be banned, but you might get it back if you can prove you aren't the scammer.
Cryten is offline   Reply With Quote
Old 17 May 2018, 06:24 AM   #3
digitalcrocodile
"TRF" Member
 
Join Date: Jan 2018
Location: Tennessee
Posts: 155
Quote:
Originally Posted by donsidhu View Post
Someone has hacked into my account and has listed a 5513 for sale. I don't own this watch and have no idea how someone got into my account. It is a scam. Someone is pretending to be me. I've notified TRF admin and waiting to hear from them. I keep bumping it and explaining how someone hacked my account, but the hacker keeps editing my bump and deleting what I’m writing. I've tried changing my password but they are still able to access my account. Has this ever happened to any other forum members? Thanks
Not if your password is something like [09840qba[we9ur]AWE-0
Not if you never left your account open on a public venue
Not if you turn off BlueTooth when you are logging in and out on an unsecured network
digitalcrocodile is offline   Reply With Quote
Old 17 May 2018, 06:27 AM   #4
Cryten
"TRF" Member
 
Cryten's Avatar
 
Join Date: Feb 2015
Location: Terrafirma
Posts: 2,655
Quote:
Originally Posted by digitalcrocodile View Post
Not if your password is something like [09840qba[we9ur]AWE-0
Is that your password?
Cryten is offline   Reply With Quote
Old 17 May 2018, 07:06 AM   #5
123Blueface
"TRF" Member
 
123Blueface's Avatar
 
Join Date: Jun 2015
Location: USA
Watch: All
Posts: 4,936
Quote:
Originally Posted by digitalcrocodile View Post
Not if your password is something like [09840qba[we9ur]AWE-0
Not if you never left your account open on a public venue
Not if you turn off BlueTooth when you are logging in and out on an unsecured network
Or just use a VPN
123Blueface is offline   Reply With Quote
Old 17 May 2018, 07:24 AM   #6
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,565
I’m guessing OP’s alert to Mods has worked. There doesn’t seem to be a 5513 listed under his ID.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 17 May 2018, 07:32 AM   #7
cop414
TRF Moderator & 2024 Patron
 
cop414's Avatar
 
Join Date: Apr 2012
Real Name: Tim
Location: Pennsylvania
Watch: 14060M
Posts: 71,815
Correct Paul.
__________________

Rolex Submariner 14060M
Omega Seamaster 2254.50
DOXA Professional 1200T

Card carrying member of TRF's Global Association of Retro-Grouch-Curmudgeons
TRF's "After Dark" Bar & NightClub Patron
P Club Member #17
2 FA ENABLED
cop414 is offline   Reply With Quote
Old 17 May 2018, 10:18 AM   #8
Andrejb
2024 Pledge Member
 
Andrejb's Avatar
 
Join Date: May 2016
Real Name: Dre
Location: Canada
Posts: 1,687
Someone has hacked my account and is posting a 5513

Poor guy. Don was a personal friend and really stand up guy. Hope he gets his acc back


Sent from my iPhone using Tapatalk
Andrejb is offline   Reply With Quote
Old 17 May 2018, 10:47 AM   #9
red1108nyc
2024 Pledge Member
 
red1108nyc's Avatar
 
Join Date: Apr 2011
Real Name: Fred
Location: NYC/NJ Metro Area
Watch: Rolex
Posts: 8,484
Don is a good guy. Glad our great Mods jumped in quickly to prevent damage.
red1108nyc is offline   Reply With Quote
Old 17 May 2018, 11:43 AM   #10
GLADIATOR
"TRF" Member
 
GLADIATOR's Avatar
 
Join Date: Mar 2010
Real Name: Adam
Location: Costa Blanca,
Watch: YMII,GMTII,DAYTONA
Posts: 5,288
Quote:
Originally Posted by Andrejb View Post
Poor guy. Don was a personal friend and really stand up guy. Hope he gets his acc back


Sent from my iPhone using Tapatalk
The ban his account to stop anyone being scammed, but if contacts admin, they will allow him a new account.
__________________
The truth is incontrovertible. Malice may attack it, ignorance may deride it, but in the end, there it is. Winston Churchill
"We judge ourselves by what we feel capable of doing, while others judge us by what we have already done."
GLADIATOR is offline   Reply With Quote
Old 17 May 2018, 11:54 AM   #11
Andrejb
2024 Pledge Member
 
Andrejb's Avatar
 
Join Date: May 2016
Real Name: Dre
Location: Canada
Posts: 1,687
Quote:
Originally Posted by GLADIATOR View Post
The ban his account to stop anyone being scammed, but if contacts admin, they will allow him a new account.


Fair enough.

He has told me he has attempted to contact mods but hasn’t heard back. What is the best way to contact so I can relay the message?


Sent from my iPhone using Tapatalk
Andrejb is offline   Reply With Quote
Old 17 May 2018, 11:58 AM   #12
GLADIATOR
"TRF" Member
 
GLADIATOR's Avatar
 
Join Date: Mar 2010
Real Name: Adam
Location: Costa Blanca,
Watch: YMII,GMTII,DAYTONA
Posts: 5,288
Quote:
Originally Posted by Andrejb View Post
Fair enough.

He has told me he has attempted to contact mods but hasn’t heard back. What is the best way to contact so I can relay the message?


Sent from my iPhone using Tapatalk
Click the little triangle at the bottom left of each post. That does go to each moderator, but I think only Admin can help, and they may take a few days depending where/what they are doing
A
__________________
The truth is incontrovertible. Malice may attack it, ignorance may deride it, but in the end, there it is. Winston Churchill
"We judge ourselves by what we feel capable of doing, while others judge us by what we have already done."
GLADIATOR is offline   Reply With Quote
Old 17 May 2018, 09:06 PM   #13
cop414
TRF Moderator & 2024 Patron
 
cop414's Avatar
 
Join Date: Apr 2012
Real Name: Tim
Location: Pennsylvania
Watch: 14060M
Posts: 71,815
Quote:
Originally Posted by GLADIATOR View Post
Click the little triangle at the bottom left of each post. That does go to each moderator, but I think only Admin can help, and they may take a few days depending where/what they are doing
A
This is correct, the process has begun.
Remember guys, be very careful about links that you open, especially ones that brings you back to TRF look alike page and requests that you log back in. Do this just one time and your account is hacked.
__________________

Rolex Submariner 14060M
Omega Seamaster 2254.50
DOXA Professional 1200T

Card carrying member of TRF's Global Association of Retro-Grouch-Curmudgeons
TRF's "After Dark" Bar & NightClub Patron
P Club Member #17
2 FA ENABLED
cop414 is offline   Reply With Quote
Old 17 May 2018, 10:49 PM   #14
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,565
Someone has hacked my account and is posting a 5513

Tim is right about “man in the middle” types of redirects where hackers use mirroring.

One other thing to be careful about is this: TapaTalk App suddenly requesting that you log in again. Especially if you are on an insecure WiFi network. If that happens to you, it is very likely someone is piggybacking your TapaTalk session on TRF. They may be at a table next to you or across the ocean in a foreign country - IP is global and you don’t know what exploit is being used.

The fix? Presume it is IP attack...
Step 1 - First close TapaTalk and then “force quit” it. (Yes, I know Apple said you don’t need to do that - but the context was regarding saving battery life - in an IP piggybacking exploit by a hacker, it is a good thing to force quit TapaTalk). The next steps are variable depending upon your network options and the urgency with which you need to get back on TRF. The goal here is to treat this issue like a “canary in the coal mine”.

If you are mobile and can leave the WiFi network, then sign out of it and find another WiFi. It is best to get off that original WiFi pronto - it is likely compromised. And to be safe, turn off Bluetooth if you aren’t leaving the place your sitting.

Step 2A - If your device has a dual LTE/4G network option, then open settings and turn off WiFi altogether. Now you can force quit all apps, restart your device, and open a browser window to reset your TapaTalk password. If you’re really concerned, you can reset your TRF password (along with the p/w’s of all forums that TapaTalk accesses for you). But remember why you were suspicious - TapaTalk was asking for your TRF password - it is unlikely the hacker has it. But a p/w reset is like belt & suspenders if you like to be doubly safe.

Step 2B - If neither leaving the Wifi nor using LTE is possible, force quit all Apps, turn off WiFi and restart your device later - you are done for a while. This step is to avoid the hacker’s ability to check on what you do next. In this case, once you leave the place where you’re getting WiFi - and can be on a secure network - perform Step 2A.

It goes without saying that you may have been compromised for other reasons. Out of date firmware, old OS or missing security patches are the easiest ways to be compromised.

Stay up to date...and...

Good luck!


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 20 May 2018, 06:36 AM   #15
donsidhu
"TRF" Member
 
Join Date: Oct 2012
Real Name: Donald
Location: Toronto
Watch: Red Sub
Posts: 592
Thanks for all the help and support

Hey guys thanks for all the support. Your comments and advice is greatly appreciated. I'm back up and running now, and will be sure to protect my password going forward. Thanks 77T for the elaborate response. Interesting that I added the tapatalk app to my phone a couple of days before this happened. And I signed up on TRF in 2012 and this has never happened. So I just deleted my tapatalk app and won't use tapatalk anymore. Thanks Gents!
donsidhu is offline   Reply With Quote
Old 20 May 2018, 07:25 AM   #16
cop414
TRF Moderator & 2024 Patron
 
cop414's Avatar
 
Join Date: Apr 2012
Real Name: Tim
Location: Pennsylvania
Watch: 14060M
Posts: 71,815
Happy that it’s all sorted out, sorry that I banned your account but, well you know.
__________________

Rolex Submariner 14060M
Omega Seamaster 2254.50
DOXA Professional 1200T

Card carrying member of TRF's Global Association of Retro-Grouch-Curmudgeons
TRF's "After Dark" Bar & NightClub Patron
P Club Member #17
2 FA ENABLED
cop414 is offline   Reply With Quote
Old 20 May 2018, 07:27 AM   #17
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,565
Glad it worked out. And good on OP for warning everyone once the hack was on.

Now it’s about keeping the account buttoned up methinks.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 20 May 2018, 07:30 AM   #18
pandrew6l
2024 Pledge Member
 
Join Date: Oct 2011
Location: California
Posts: 499
Quote:
Originally Posted by 77T View Post
I’m guessing OP’s alert to Mods has worked. There doesn’t seem to be a 5513 listed under his ID.


Sent from my iPhone using Tapatalk Pro
His 5513 is up again a few minutes ago under the " For Sale " section
pandrew6l is offline   Reply With Quote
Old 20 May 2018, 08:44 AM   #19
dng992
"TRF" Member
 
Join Date: May 2018
Location: London
Posts: 4
Quote:
Originally Posted by Pandrew6l View Post
His 5513 is up again a few minutes ago under the " For Sale " section
Should I be weary of this? or is it a scam. I had PM'd him also just inquiring about it...
dng992 is offline   Reply With Quote
Old 20 May 2018, 09:26 AM   #20
JayB
"TRF" Member
 
Join Date: Aug 2015
Location: UK
Watch: EXP, DJ, NF
Posts: 710
Quote:
Originally Posted by Pandrew6l View Post
His 5513 is up again a few minutes ago under the " For Sale " section
Probably should delete the For Sale advert seeing as the OP openly stated he doesn't own the watch

__________________
In 1953 they used Rolex Oysters and oxygen on Everest.
In 1978 they managed without the oxygen.

Rolex Explorer -- Rolex Datejust -- Tudor North Flag -- Omega De Ville Trésor -- Tudor Black Bay GMT -- Omega Speedmaster Professional -- Tudor Black Bay Fifty Eight
JayB is offline   Reply With Quote
Old 20 May 2018, 11:41 AM   #21
edweather
"TRF" Member
 
Join Date: Feb 2014
Real Name: Ed
Location: Georgia, USA
Watch: Casio Illuminator
Posts: 650
So is OP currently selling a 5513 or not? I PM'd the seller of that watch a few hours ago, and he responded. So is there a chance I was talking to the hacker? Seems odd the OPs account is reinstated, and now he really IS selling a 5513
__________________
An expert under pressure is a drip.
edweather is offline   Reply With Quote
Old 20 May 2018, 01:51 PM   #22
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,565
While it does Appear confusing, I noted that Steve himself (the Capo di tutti Capi) announces that the account was reinstated.

I did message a Mod to double check. Were it me looking at that 5513, I would hesitate wiring money until the bona fides are sorted one more time.

The real original OP is a stand up person methinks but the recent hijack raises the “be careful” factor.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 20 May 2018, 10:12 PM   #23
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,565
Apparently - and coincidentally - the OP did post an update to that 5513 FS listing to allay concerns.

https://www.rolexforums.com/showpost...82&postcount=3



Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 20 May 2018, 11:50 PM   #24
edweather
"TRF" Member
 
Join Date: Feb 2014
Real Name: Ed
Location: Georgia, USA
Watch: Casio Illuminator
Posts: 650
__________________
An expert under pressure is a drip.
edweather is offline   Reply With Quote
Old 21 May 2018, 04:41 AM   #25
donsidhu
"TRF" Member
 
Join Date: Oct 2012
Real Name: Donald
Location: Toronto
Watch: Red Sub
Posts: 592
Thanks for all the help and support

Hey guys, yes I realize the confusion because the hacker did post a 5513 (but for those who saw the ad, it was maxi dial 5513, and it looked like the person took the photos from a current or recent posting of a maxi 5513 from someones ad). But anyway the 5513 I posted yesterday was a meters first - which is a different watch than a 5513 maxi dial. I hope this will alleviate concerns, but if you go to timezone and see my listings (including my meters first) under my handle DonTO, you'll see pages of history. And all my postings have similar wristshots of my wrist and hands. I've been at this hobby for many years and have known and done deals with several TRF members over the years. I'm confident that my passion and knowledge of vintage Rolex will prove to be a net contributor to this forum. Thanks. Also, the meters first is now sold and the buyer has paid half the cash to me already. Cheers.
donsidhu is offline   Reply With Quote
Old 23 May 2018, 10:33 PM   #26
Dcormsby
Banned
 
Join Date: Oct 2008
Real Name: Damon
Location: Los Angeles
Watch: Seadweller 50th
Posts: 554
FYI, I just received an email from donsidhuh@gmail.com asking about a Seamaster I have listed on the forums. He asked about the watches history, and asked if I would be interested in a trade. He sent a link saying he had a listed of watches for trade on the Rolex Forum. I clicked on the link, and it was asking for my Rolex Forum log in info. Needless to say, I didn't sign in.

Just be careful out there! Never sign into your account from a link!
Dcormsby is offline   Reply With Quote
Old 24 May 2018, 11:31 PM   #27
donsidhu
"TRF" Member
 
Join Date: Oct 2012
Real Name: Donald
Location: Toronto
Watch: Red Sub
Posts: 592
Thanks for the heads up

Thanks for the heads up, Dcormsby. Much appreciated. That's definitely not my email, so yes, if anyone receives an email from that address, please do not reply to it. My true email address is my full name, donald.sidhu@gmail.com
donsidhu is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Takuya Watches

Bobs Watches

My Watch LLC

OCWatches

DavidSW Watches

Coronet


*Banners Of The Month*
This space is provided to horological resources.





Copyright ©2004-2024, The Rolex Forums. All Rights Reserved.

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Rolex is a registered trademark of ROLEX USA. The Rolex Forums is not affiliated with ROLEX USA in any way.