• Welcome to the new Suggestion Box. Suggestions may be upvoted from the threadlist, or from the thread itself.
  • Welcome to TalkBass! Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.

Bogus Scams

#4
ardgedee said:
Spamming a site simply requires creating an account and posting.

I won't presume this site is invulnerable to attempts to exfiltrate personal information but that requires a far, far different skillset than spamming. The presence of spam here is not an indication of how secure the site is.
Click to expand...
If they can create a bogus Commercial User account with apparently no verification, as some have in the past, the site is not secure. If the site lets them do that, I will assume the bad actor can get to the personal information if they wish to.
 
  • Sad
Reactions: mcnach and bholder
#5
KenD said:
If they can create a bogus Commercial User account with apparently no verification, as some have in the past, the site is not secure. If the site lets them do that, I will assume the bad actor can get to the personal information if they wish to.
Click to expand...
Adding a Commercial User flag to your account requires checking a box in your Account Details Settings page. As far as I can tell it doesn't require mod intervention.
1726160078412.png
 
  • Like
Reactions: Riff Ranger, -Asdfgh- and bholder
#6
ardgedee said:
Adding a Commercial User flag to your account requires checking a box in your Account Details Settings page. As far as I can tell it doesn't require mod intervention.
View attachment 7028340
Click to expand...
Additionally being a commercial user gives you no increased security level or access to other users information. OP's concern is simply misled and utterly bogus.
 
  • Like
Reactions: Nashrakh, N4860, Riff Ranger and 9 others
#8
KenD said:
If they can create a bogus Commercial User account with apparently no verification, as some have in the past, the site is not secure. If the site lets them do that, I will assume the bad actor can get to the personal information if they wish to.
Click to expand...
You are connecting things that are definitely not related. That is not how it works. Registering for an account does not give you access to anyone else's information. Not sure why you would think it does.
 
  • Like
Reactions: Chris Fitzgerald, mcnach, Riff Ranger and 3 others
#10
What people are saying is correct. No users, commercial or otherwise have access to other users' information other than what they publicly share. If you check the box on your profile to indicate that you are a commercial user, you are required to disclose your affiliation and adhere to the Commercial User Policy (CUP). It doesn't give you any extra power.

We see a few recurring scams and it's important to know what they are:

1) straight up spam. I've deleted/banned/scrubbed two users this week who registered and posted some cryptocurrency opportunity B.S.. They got reported and I wacked them and banned access from their IP address. Annoying and I wish they would stop, but I'm not aware of any TB users falling for it. It's just annoying clutter and we clean it as fast as it gets reported.

2) Far more serious are people registering using a stolen credit card and "Selling" something they don't own and convincing the buyer to pay friends and family (in violation of ours and PayPal's rules) and then disappearing with the money.
 
  • Like
  • Love
Reactions: FRoss6788, Chris Fitzgerald, Isaac_James and 5 others
#14
bholder said:
KenD, you need to read up on computer security before you start posting fear-based nonsense on things you don't understand.
Click to expand...
I don't think it's beneficial to go hard on people who have legitimate concerns. Treat it as an opportunity to share knowledge.

In this case, @KenD has a legitimate concern about data theft and security. What he doesn't understand is how users are managed in a web forum as opposed to an ecommerce site. It's a good teaching moment.
 
  • Like
Reactions: lethargytartare, Winslow, dalahorse and 8 others
#15
TroyK said:
I've deleted/banned/scrubbed two users this week who registered and posted some cryptocurrency opportunity B.S.. They got reported and I wacked them and banned access from their IP address
Click to expand...
That seems just a little excessive and could cause unintended problems. In many cases, home computers don't have fixed public IP addresses (some ISPs actually force them to change periodically). The IP address that gets banned could get reassigned to some innocent third party who then is locked out.

But thank you for your diligence against the scammers and ongoing efforts to maintain TalkBass!
 
#16
KenD said:
Why does this platform find itself incapable of shutting off scam interlopers? How secure is user credit card information?
Click to expand...
Scammers either create new accounts or gain access to vulnerable accounts with weak passwords. No one is hacking into TB to get personal information. Besides, when dealing with classified ads, TB doesn’t collect or save any credit card information. Transactions aren’t done through TB itself.
 
  • Like
Reactions: FRoss6788, Chris Fitzgerald, HowieD72 and 2 others
#17
It's a constant arms race back and forth between cyber security minded folks and those that would look to exploit systemic weaknesses online. One thing that is helpful is that our purchases of memberships with TB go through paypal. So sensitive financial information never passes through TB directly. Same thing with purchases through classifieds. The actual financials are not hosted through TB as Beagle mentioned.


So as much as Paypal is also a target for exploitation and there are scams related to that, in order to gank your CC information they'd instead be going up against the much more robust security of platforms like Paypal. In which case, if they were sophisticated enough to breach that platform, then it'd be muuuuuuuuuuuch more than TB that is at risk. YMMV but I'd argue at least the CC information is as secure as it can be using any other online platform that transacts through third party vendors.
 
  • Like
Reactions: davedamage, DJ Bebop, salmon256 and 3 others
#18
TroyK said:
What people are saying is correct. No users, commercial or otherwise have access to other users' information other than what they publicly share. If you check the box on your profile to indicate that you are a commercial user, you are required to disclose your affiliation and adhere to the Commercial User Policy (CUP). It doesn't give you any extra power.

We see a few recurring scams and it's important to know what they are:

1) straight up spam. I've deleted/banned/scrubbed two users this week who registered and posted some cryptocurrency opportunity B.S.. They got reported and I wacked them and banned access from their IP address. Annoying and I wish they would stop, but I'm not aware of any TB users falling for it. It's just annoying clutter and we clean it as fast as it gets reported.

2) Far more serious are people registering using a stolen credit card and "Selling" something they don't own and convincing the buyer to pay friends and family (in violation of ours and PayPal's rules) and then disappearing with the money.
Click to expand...
The "this guy recovered my crypto" postings seem to be the same rant, posted by many different usernames, all "new".

TroyK seems to kill them off fairly quickly. Annoying, but I don't even peek at them anymore.

I appreciate the efforts to keep things "clean".
 
  • Like
Reactions: FRoss6788, DJ Bebop and bholder
#20
KenD said:
If they can create a bogus Commercial User account with apparently no verification, as some have in the past, the site is not secure. If the site lets them do that, I will assume the bad actor can get to the personal information if they wish to.
Click to expand...
You can feel free to assume that but it doesn't make you right. Just overreacting.
 
  • Like
Reactions: FRoss6788, mcnach and NitroBobby
You must log in or register to reply here.
Top Bottom
Back