Jump to content
Why become a member? ×

Reverb.com website - SCAM??


TheGreek
 Share

Recommended Posts

I've just received an email from the Reverb.com site advising that "we believe that contact information, including name, address, phone number, and email, was publicly accessible for a short period of time. We do not have reason to believe that any of this information has been misused, nor do we believe that password or payment information were involved."

There was the obligatory link to "their" Account Settings page.

Being concerned that this may be a scam I went to the Reverb site itself and reset my password anyway, just in case.

Anybody else receive this?

  • Like 1
Link to comment
Share on other sites

1 minute ago, Reggaebass said:

Where’s that ped 🙂

To the left of the address, you can see that in BC too. If the site you’re sent to doesn’t have that then it’s potentially not the proper site

3FD6B14A-6F98-4267-8A32-1AB68B615EA4.jpeg

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Just now, Reggaebass said:

Nice one, thanks 👍

No probs, it’s not 100% foolproof but a very good indicator. An e-commerce site that I use for buying watches found a scammer was emailing customers and directing them to a spoof site so they always reminded you to check the site was the proper one with the padlock. Many browsers now will warn you if the site isn’t secure. 

  • Like 1
Link to comment
Share on other sites

1 minute ago, ped said:

No probs, it’s not 100% foolproof but a very good indicator. An e-commerce site that I use for buying watches found a scammer was emailing customers and directing them to a spoof site so they always reminded you to check the site was the proper one with the padlock. Many browsers now will warn you if the site isn’t secure. 

Thanks, I’ve just had a look and all the tabs I have in safari all have the padlock, I’ll keep an eye out for that in future 

  • Like 1
Link to comment
Share on other sites

Got the message too. First thing I always do is check the email address of the sender. If it looks ok, I never use their link, but go directly to the website and do what I have to do.

That said, my passwords are so complicated and different from each other that I wish good luck to an eventual scammer.

I don't like simplicity.

Link to comment
Share on other sites

I can't change my Reverb PW because i dont remember what it was.  That's the trouble of being advised to have a different PW for every site we join but told dont write them down.   I'm  on loads of sites. 

 

Link to comment
Share on other sites

1 hour ago, fleabag said:

I can't change my Reverb PW because i dont remember what it was.  That's the trouble of being advised to have a different PW for every site we join but told dont write them down.   I'm  on loads of sites. 

I have a different pwd for every site, but all with the same construction, so all I have to remember is the construction. Obviously I can't say exactly what mine is, but Great Basschat Minds will surely be able to come up with something..? Some sites (bar stewards...) forced a pwd change, and removed the possibility to re-use a previous one, so some 'innovation' was required. It has worked for me for the last several decades, so I must be doing something right. :D

Link to comment
Share on other sites

9 hours ago, fleabag said:

can't change my Reverb PW because i dont remember what it was

On the log in page there is a button for this, called something like "Forgotten Password"? Click it, input your email address, and you'll receive an email address containing a link allowing you to set a new password. Which is exactly what I did last night for exactly the same reason 😄

  • Like 1
Link to comment
Share on other sites

I don't know if it's a coincidence or not but I got the Reverb email (and have since changed my password) but in the meantime a fake DHL account sent me a text and email saying along the lines of  'We tried to deliver your package, but didn't complete delivery. ....additional shipping fees may apply please click this link' 

It's quite convincing as they have my name, email address and phone number. Their email address is clearly fake though : 'UPS-United Kingdom® <[email protected]>'

 

Pretty annoying as it's probably due to Reverb, now scammers will be passing around my name/phone number/email address details to all their scammy mates forever and I need to check all my passwords in-case I'd used the Reverb one anywhere else.

Link to comment
Share on other sites

8 minutes ago, SumOne said:

I don't know if it's a coincidence or not but I got the Reverb email (and have since changed my password) but in the meantime a fake DHL account sent me a text and email saying along the lines of  'We tried to deliver your package, but didn't complete delivery. ....additional shipping fees may apply please click this link'

I have had that one several times a starting a long time before the reverb one, so pretty sure it isn't related.

  • Thanks 1
Link to comment
Share on other sites

Do NOT rely on a correct email address in an email to confirm who it came from. It is trivially easy to set the from: field in an email to anything you like. I've done this with server applications that genuinely needed to send out email. Basschat itself probably has a setting somewhere in the app for the email address that emails should be from, and I bet you can set it to pretty much anything. There might be some restrictions in what mail relays will handle but it's very easy to set up an outgoing mail server that will handle anything you want.

See things like:

https://www.google.com/amp/s/www.howtogeek.com/121532/htg-explains-how-scammers-forge-email-addresses-and-how-you-can-tell/amp/

https://www.techlicious.com/how-to/how-to-tell-if-email-has-been-spoofed/

Again, do not trust an email because the email address is correct.

  • Like 2
Link to comment
Share on other sites

15 hours ago, ped said:

Not a scam - you can check the reverb site is genuine by looking for the padlock next to the url 🔒 

Its fairly normal these days, and the reason you should have a separate PW on every site you use

It should be said that the padlock only confirms that communications between your browser and the site in question are encrypted and therefore private. It doesn't check whether the site is genuine or not.

Scammers can set up a site which is secured and looks like the real thing but isn't, using, say a slightly misspelled URL - www.reverbs.com?- which you might not notice. 

Always check the URL for authenticity and consistency with the company's domain if you are in any doubt.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...