The Rolex Forums   The Rolex Watch

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX


Go Back   Rolex Forums - Rolex Forum > Rolex & Tudor Watch Topics > Rolex General Discussion

Reply
 
Thread Tools Display Modes
Old 12 May 2024, 10:10 PM   #1
Tony1T
"TRF" Member
 
Join Date: Sep 2018
Real Name: Tony
Location: Scotland
Watch: Rolex & Seiko
Posts: 282
Potential scam

Got and email yesterday asking this. It’s a scam share the word

Hello,

How are you doing? I am about to purchase a Rolex Daytona from a member on TRF. He gave me your username as a reference, He said you would vouch for him. Kindly find his listing and details below for your perusal.
__________________
♛ Rolex GMT II 116710LN
♛ Rolex SUB 116610LN
♛ Rolex EXP II 226570
♛ Rolex DJ 178240
Tony1T is offline   Reply With Quote
Old 12 May 2024, 11:09 PM   #2
Kevin of Larchmont
2024 Pledge Member
 
Kevin of Larchmont's Avatar
 
Join Date: Jul 2016
Location: The Ice House
Watch: Ingersoll Mickey
Posts: 3,393
I’ve received that before too.
Kevin of Larchmont is offline   Reply With Quote
Old 12 May 2024, 11:39 PM   #3
INC
2024 SubLV41 Pledge Member
 
INC's Avatar
 
Join Date: Jul 2022
Location: Budapest, HU
Watch: 17000B, B+W
Posts: 2,368
The usual scam: Report it, bur never share a phishing link...
INC is offline   Reply With Quote
Old 12 May 2024, 11:40 PM   #4
Calatrava r
2024 SubLV41 Pledge Member
 
Join Date: Mar 2017
Location: United States
Watch: Rolex and Patek
Posts: 11,420
Only deal with people you know. If a friend or person you know is selling a watch, they will reach out to you first and ask if you will agree to be a reference.
Calatrava r is offline   Reply With Quote
Old 13 May 2024, 12:19 AM   #5
996marty
"TRF" Member
 
996marty's Avatar
 
Join Date: May 2019
Location: Uk
Watch: RolexGMT/Tudor7928
Posts: 4,182
Unfortunately these things happen you just have to be careful at all times
996marty is offline   Reply With Quote
Old 13 May 2024, 12:34 AM   #6
NachoNeal
"TRF" Member
 
NachoNeal's Avatar
 
Join Date: Oct 2019
Real Name: Neal
Location: Point Loma
Watch: ing the river flow
Posts: 2,856
Quote:
Originally Posted by INC View Post
The usual scam: Report it, bur never share a phishing link...
Correct.
__________________
.
Sub No Date (14060); Tudor Ranger; Explorer (124270); Day Date (18238) stolen by wife; CasiOak.
NachoNeal is offline   Reply With Quote
Old 13 May 2024, 01:12 AM   #7
Rolexken
"TRF" Member
 
Join Date: Apr 2019
Location: England
Posts: 821
Obviously dodgy but I don’t know what the scammer hopes to get if you click on the link ? Help please for the ignorant??
Rolexken is offline   Reply With Quote
Old 13 May 2024, 01:37 AM   #8
Kevin of Larchmont
2024 Pledge Member
 
Kevin of Larchmont's Avatar
 
Join Date: Jul 2016
Location: The Ice House
Watch: Ingersoll Mickey
Posts: 3,393
Quote:
Originally Posted by Rolexken View Post
Obviously dodgy but I don’t know what the scammer hopes to get if you click on the link ? Help please for the ignorant??
Welp, there’s only one way to find out….
Kevin of Larchmont is offline   Reply With Quote
Old 13 May 2024, 01:37 AM   #9
Tools
TRF Moderator & 2024 SubLV41 Patron
 
Tools's Avatar
 
Join Date: May 2007
Real Name: Larry
Location: Mojave Desert
Watch: GMT's
Posts: 43,514
Quote:
Originally Posted by Rolexken View Post
Obviously dodgy but I don’t know what the scammer hopes to get if you click on the link ? Help please for the ignorant??
Phishing links redirect you to a false Forum page. If you sign in on this false page your sign-in information is captured, corrupting your personal account.

Many of these phished accounts end up on the Sales Boards to con folks out of their hare earned money.
__________________
(Chill ... It's just a watch Forum.....)
NAWCC Member
Tools is offline   Reply With Quote
Old 13 May 2024, 02:21 AM   #10
Zach69SS
"TRF" Member
 
Zach69SS's Avatar
 
Join Date: May 2020
Location: Sector 001
Posts: 664
Wow , unbelievable even here. Thanks good looking out.
Zach69SS is online now   Reply With Quote
Old 13 May 2024, 02:38 AM   #11
Ninja Master
Banned
 
Join Date: Feb 2024
Location: Hong Kong
Posts: 144
Quote:
Originally Posted by Tony1T View Post
Got and email yesterday asking this. It’s a scam share the word

Hello,

How are you doing? I am about to purchase a Rolex Daytona from a member on TRF. He gave me your username as a reference, He said you would vouch for him. Kindly find his listing and details below for your perusal.
Can you PM the link to me?

I'm a cybersecurity guy and I will have a look to see what's going on.

Thanks.
Ninja Master is offline   Reply With Quote
Old 13 May 2024, 05:36 AM   #12
Rolexken
"TRF" Member
 
Join Date: Apr 2019
Location: England
Posts: 821
Quote:
Originally Posted by Tools View Post
Phishing links redirect you to a false Forum page. If you sign in on this false page your sign-in information is captured, corrupting your personal account.

Many of these phished accounts end up on the Sales Boards to con folks out of their hare earned money.
I guess that’s my query - worst case scenario is they get my email address - still don’t see how that can be used to con people - I appreciate I just don’t get it (my ignorance).
Rolexken is offline   Reply With Quote
Old 13 May 2024, 05:46 AM   #13
jb335
2024 Pledge Member
 
jb335's Avatar
 
Join Date: Jan 2017
Location: The States
Watch: Cosmograph Daytona
Posts: 7,464
Potential scam

Quote:
Originally Posted by Rolexken View Post
I guess that’s my query - worst case scenario is they get my email address - still don’t see how that can be used to con people - I appreciate I just don’t get it (my ignorance).

No, that’s not the worst case scenario.

It’s a phony phishing link that takes you to a website that looks to be the official TRF login page but it’s not. The goal of the scammer is for you to type in your real TRF username and password, then they have access to your TRF account where they will immediately change the password to lock you out. They will then use your legitimate TRF account to try and con people in who knows how many ways. Likely with phony watch sales. Hopefully doing that before you realize what’s happened and can communicate with a mod. And they try your same TRF password on other sites including your email account since many people foolishly use the same password in multiple places. If they get into your email they have a chance at your online banking etc .

This is the classic example of phishing.

Very amateurish and basic and they probably have to attempt a couple hundred times before they are successful. But it does work and that is why you always see warnings about being careful what links to follow and ensuring they are legit.


Sent from my iPhone using Tapatalk
jb335 is offline   Reply With Quote
Old 13 May 2024, 06:09 AM   #14
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 42,016
Quote:
Originally Posted by jb335 View Post
No, that’s not the worst case scenario.

It’s a phony phishing link that takes you to a website that looks to be the official TRF login page but it’s not. The goal of the scammer is for you to type in your real TRF username and password, then they have access to your TRF account where they will immediately change the password to lock you out. They will then use your legitimate TRF account to try and con people in who knows how many ways. Likely with phony watch sales.
Correct
Some of our members with good reputations are not very savvy about these scams.

They tend to think "What, me worry?"

But that attitude leaves unsuspecting TRF members at risk.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is online now   Reply With Quote
Old 13 May 2024, 04:55 PM   #15
Rolexken
"TRF" Member
 
Join Date: Apr 2019
Location: England
Posts: 821
Quote:
Originally Posted by jb335 View Post
No, that’s not the worst case scenario.

It’s a phony phishing link that takes you to a website that looks to be the official TRF login page but it’s not. The goal of the scammer is for you to type in your real TRF username and password, then they have access to your TRF account where they will immediately change the password to lock you out. They will then use your legitimate TRF account to try and con people in who knows how many ways. Likely with phony watch sales. Hopefully doing that before you realize what’s happened and can communicate with a mod. And they try your same TRF password on other sites including your email account since many people foolishly use the same password in multiple places. If they get into your email they have a chance at your online banking etc .

This is the classic example of phishing.

Very amateurish and basic and they probably have to attempt a couple hundred times before they are successful. But it does work and that is why you always see warnings about being careful what links to follow and ensuring they are legit.


Sent from my iPhone using Tapatalk

Thanks I understand now.
Rolexken is offline   Reply With Quote
Old 13 May 2024, 05:37 PM   #16
Smurf_75
"TRF" Member
 
Join Date: Aug 2021
Location: UK
Posts: 230
I had that too... ignored it.....
Smurf_75 is offline   Reply With Quote
Old 13 May 2024, 05:55 PM   #17
JSCP
"TRF" Member
 
Join Date: Apr 2010
Location: USA
Watch: RolexPatekCartier
Posts: 2,414
The text of the email OP mentions would alert me, as wouldn’t be a reference to any body. Yet one can be distracted and hit link by mistake or other.
__________________
PP5167r; PP5153r; PPNautilus 7118r; PP3733-YG;
DD40 RG/Sundust; DD40YG/White/Roman;DD40 WG/Olive;Daytona RG;Sub Black YG; Daytona Panda; Celebration 41; GMT-II’s: Left VTNR; GRNR; Batman; SkyDweller SSJubilee/Black; SUB no-date; Oysterquartz SS; DJ SS 36mm’87; Cartier-Roadster YG;Santos YG; Panther YG; Tank’73 YG,
Tank Must ‘23;BulgariBB38mm/YG
JSCP is offline   Reply With Quote
Old 13 May 2024, 08:14 PM   #18
Ninja Master
Banned
 
Join Date: Feb 2024
Location: Hong Kong
Posts: 144
Quote:
Originally Posted by Ninja Master View Post
Can you PM the link to me?

I'm a cybersecurity guy and I will have a look to see what's going on.

Thanks.
OK, I had a look at it.

It's a straightforward, and unsophisticated, phishing scam.

The scammer creates a copy of the Rolex Forums login page, puts it on a website using a generic domain, and hopes you'll try to log in. He'll then get your username and password which he can use to sell non-existant watches, etc.

He'll also hope you're using the same password on many websites, and try to log in to your various accounts. This is why you must never use the same password on different websites.

Your password should be something like wordNumberSpecialCharacterWord, for example, rolex9!Raining. These types of passwords are virtually uncrackable.

What's extra ridiculous about these scammers is they don't even make an effort with their fake websites. Instead of using something like rolexforurns.com (note I'm using forurns.com not forums.com) they use an obviously fake domain.
Ninja Master is offline   Reply With Quote
Old 13 May 2024, 08:18 PM   #19
Taylunatic
"TRF" Member
 
Join Date: Nov 2016
Location: Boston
Posts: 7
If they use the word “kindly”, it’s a scam.
Taylunatic is offline   Reply With Quote
Old 13 May 2024, 10:31 PM   #20
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 42,016
Potential scam

Quote:
Originally Posted by Ninja Master View Post
OK, I had a look at it.

It's a straightforward, and unsophisticated, phishing scam.

The scammer creates a copy of the Rolex Forums login page, puts it on a website using a generic domain, and hopes you'll try to log in. He'll then get your username and password which he can use to sell non-existant watches, etc.

He'll also hope you're using the same password on many websites, and try to log in to your various accounts. This is why you must never use the same password on different websites.

Your password should be something like wordNumberSpecialCharacterWord, for example, rolex9!Raining. These types of passwords are virtually uncrackable.

What's extra ridiculous about these scammers is they don't even make an effort with their fake websites. Instead of using something like rolexforurns.com (note I'm using forurns.com not forums.com) they use an obviously fake domain.

While a complex password is helpful for brute force efforts, this isn't the right advice for a phishing defense. No matter how complex a password is - if you willingly give it up in a lapse of awareness, you're compromised.

So, in the case of TRF and other sites that support it, 2FA is the key to not losing one's credentials to a phishing ploy. Don't you agree? I could give you my TRF password now and you'd never get in because I do use 2FA here.

I do agree one should not use same password for multiple sites for the reason you mention.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is online now   Reply With Quote
Old 13 May 2024, 11:29 PM   #21
Rolexken
"TRF" Member
 
Join Date: Apr 2019
Location: England
Posts: 821
Agree with all the above - I’m retired now but on cybersecurity courses I used to attend I was taught to have different passwords that were easy to remember but long eg. Mywatchisarolexdatejust1? and also to have a fake DOB for any non government websites.
Rolexken is offline   Reply With Quote
Old 14 May 2024, 12:47 AM   #22
Ninja Master
Banned
 
Join Date: Feb 2024
Location: Hong Kong
Posts: 144
Quote:
Originally Posted by 77T View Post
While a complex password is helpful for brute force efforts, this isn't the right advice for a phishing defense. No matter how complex a password is - if you willingly give it up in a lapse of awareness, you're compromised.

So, in the case of TRF and other sites that support it, 2FA is the key to not losing one's credentials to a phishing ploy. Don't you agree? I could give you my TRF password now and you'd never get in because I do use 2FA here.

I do agree one should not use same password for multiple sites for the reason you mention.


Sent from my iPhone using Tapatalk Pro
Sorry I wasn't saying a strong password will protect you from phishing, I was saying don't use the same password on different websites, otherwise a single compromise can mean the attacker has access to every account. I then gave general advice for choosing a strong password.

2FA is great protection against these sorts of phishing attacks.
Ninja Master is offline   Reply With Quote
Old 14 May 2024, 12:48 AM   #23
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 42,016



Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is online now   Reply With Quote
Old 14 May 2024, 06:12 AM   #24
2000-NJDEVILS
"TRF" Member
 
Join Date: Apr 2020
Location: NY, NY
Posts: 460
Quote:
Originally Posted by Ninja Master View Post
Sorry I wasn't saying a strong password will protect you from phishing, I was saying don't use the same password on different websites, otherwise a single compromise can mean the attacker has access to every account. I then gave general advice for choosing a strong password.

2FA is great protection against these sorts of phishing attacks.
Much obliged for your excellent information!
2000-NJDEVILS is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

My Watch LLC

WatchesOff5th

DavidSW Watches

Takuya Watches

OCWatches

Asset Appeal

Wrist Aficionado


*Banners Of The Month*
This space is provided to horological resources.





Copyright ©2004-2024, The Rolex Forums. All Rights Reserved.

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Rolex is a registered trademark of ROLEX USA. The Rolex Forums is not affiliated with ROLEX USA in any way.