Suspicious buyer alert on Reverb

[asingardenof]

18 hours ago, Woodinblack said:

 

Paypal has a qr code that you scan if you pick up in person, proving your received it. And for a bank transfer, then it doesn't matter what they say, you have the money and they can't do anything about it (or paypal friends and family - same thing)

I know that works with eBay purchases because I've done it, but does it work with Reverb as well?

[nightraven]

29 minutes ago, tauzero said:

 

Don't you understand the issue? If you ban an IP address then anyone using that address is blocked. Non-fixed IP addresses are allocated as and when, so a totally innocent person could be IP banned. Same for VPNs, and company IP addresses - ban the VPN or the company IP address and that's a lot of innocent people banned. So it's a stupid idea.

Right, but it's not difficult to ascertain whether an IP address corresponds with a VPN or an internet café, or whether it's a private residence. My example was completely hypothetical, and you're missing the point —  AFAIK Reverb charges more than eBay nowadays, and it's not unreasonable to expect them to do better.

[tegs07]

1 hour ago, tauzero said:

 

IP banning a non-fixed IP address or a VPN would be wildly inappropriate.

I started a reply along these lines but binned it as I guessed at the fairly predictable outcome. 
 

[tegs07]

3 minutes ago, nightraven said:

Right, but it's not difficult to ascertain whether an IP address corresponds with a VPN or an internet café, or whether it's a private residence. My example was completely hypothetical, and you're missing the point —  AFAIK Reverb charges more than eBay nowadays, and it's not unreasonable to expect them to do better.

You would need a little technical knowledge around public vs private IPs, NAT and a bunch of other technobabble to understand why this is not as simple as it sounds.

[neepheid]

7 minutes ago, nightraven said:

Right, but it's not difficult to ascertain whether an IP address corresponds with a VPN or an internet café, or whether it's a private residence. My example was completely hypothetical, and you're missing the point —  AFAIK Reverb charges more than eBay nowadays, and it's not unreasonable to expect them to do better.

 

I work in IT and I'm telling you it's not that easy.  But go ahead and trivialise it some more just because you've got a bee in your bonnet.  In fact, if it's so bloody easy, then you do it.  Go ahead and solve scamming by blocking IPs.  I'll wait, I'm on my lunchbreak.  Have it done by 2pm yeah?  Cheers.

[BreadBin]

On 25/02/2024 at 19:02, Downunderwonder said:

What's happened to folks getting one over a scammer by getting them to pay for the couriering of box of bricks? I live reading those stories, haven't seen one for years.

No scammer is getting MY bricks.

[tauzero]

1 hour ago, nightraven said:

Right, but it's not difficult to ascertain whether an IP address corresponds with a VPN or an internet café, or whether it's a private residence. My example was completely hypothetical, and you're missing the point —  AFAIK Reverb charges more than eBay nowadays, and it's not unreasonable to expect them to do better.

 

I'm not missing the point. Reverb do need to take better precautions against fraud as they're not doing it terribly well at the moment, but any notion of IP address banning is ridiculous, and your statement about not being difficult to ascertain whether an IP address corresponds with VPN, internet cafe, etc is woefully far of the mark. Your other suggestion of checking for email addresses is better. The entire transaction needs to be done within the aegis of Reverb (which needs to be watertight) with T&Cs making clear that if it isn't, you're on your own.

[MiltyG565]

Very sadly, even with warnings and alerts and attempts to stop people arranging a sale off the platform, people still do it. Be it naivety, hubris, or casual disregard for the risks, it still happens, and that is because scammers are convincing, and sometimes the allure is too great.

 

Try as they might, they're unlikely to ever truly stop scams, as every step they take towards that goal, the scammers will adjust and get around it. That doesn't mean we shouldn't try - of course we should, but for the time being, it seems like the best way to stop scams is to simply have your wits about you and recognise the signs. Many of the additional measures which have been introduced to prevent scams have been helpful, but have also caused greater inconvenience for consumers, and it very much feels like the problem is being tackled from the bottom up, not the top down.

 

And that's not even touching on the very many other forms of fraud that exist, such as counterfeit goods, misrepresentation, etc.

[nightraven]

3 hours ago, neepheid said:

 

I work in IT and I'm telling you it's not that easy.  But go ahead and trivialise it some more just because you've got a bee in your bonnet.  In fact, if it's so bloody easy, then you do it.  Go ahead and solve scamming by blocking IPs.  I'll wait, I'm on my lunchbreak.  Have it done by 2pm yeah?  Cheers.

LOL, I was a forum mod over on Ultimate-Guitar many many years ago (at age 17), and in extreme situations IP bans were used. Sure, people can get around them if they wish to, but ultimately the fight against spammers and scammers alike comes down to making it inconvenient for them to operate on your platform. If someone got caught in the cross-fire, they could still make an appeal in what was called the 'forum of the banned'. Far from a perfect solution, but we're talking almost 20 years ago. Get a grip, please — you're not performing brain surgery from your cosy WfH desk. 

[neepheid]

12 minutes ago, nightraven said:

LOL, I was a forum mod over on Ultimate-Guitar many many years ago (at age 17), and in extreme situations IP bans were used. Sure, people can get around them if they wish to, but ultimately the fight against spammers and scammers alike comes down to making it inconvenient for them to operate on your platform. If someone got caught in the cross-fire, they could still make an appeal in what was called the 'forum of the banned'. Far from a perfect solution, but we're talking almost 20 years ago. Get a grip, please — you're not performing brain surgery from your cosy WfH desk. 

 

LOL, what makes you think I'm at home, and why is that a put down anyway?

 

Forum mod when you were 17.  Impressive.  Do you have anything else - a relevant degree, other professional qualifications, 20+ years industry experience?

[nightraven]

6 minutes ago, neepheid said:

 

LOL, what makes you think I'm at home, and why is that a put down anyway?

 

Forum mod when you were 17.  Impressive.  Do you have anything else - a relevant degree, other professional qualifications, 20+ years industry experience?

You don't need 20+ years of industry experience to understand that IP bans are an option worth exploring, and that IP bans are something that have been deployed on online platforms for decades. Your edumacation is definitely a weird flex, however, and I'm not at all sorry to have trivialised that on this occasion 😁

[Baloney Balderdash]

I get loads of scam/fishing e-mails, and what strikes me is how bad the average scammer apparently is at scamming.

 

Then again the general stupidity of a humanity at this point shouldn't really surprise me anymore.

 

It's just kind of tragic and sad to think about, but does explain why the world is as it is, and why we can't have nice things.

 

 

Edited March 19 by Baloney Balderdash

[chriswareham]

5 minutes ago, nightraven said:

You don't need 20+ years of industry experience to understand that IP bans are an option worth exploring, and that IP bans are something that have been deployed on online platforms for decades. Your edumacation is definitely a weird flex, however, and I'm not at all sorry to have trivialised that on this occasion 😁

 

Well a couple of years industry experience might educate you on why IP blocking is a bloody stupid idea. Even more so "many years ago" when you were a forum mod, if it was in the dial up era.

 

Most people are on residential broadband, which means they get assigned an IP address for a certain period and when that period expires - or they reconnect - they get a different one. That period may be as long as a couple of weeks, but is often as short as one day. Then there's the issue that a lot of people on business connections are sharing one or a handful of IP addresses with the rest of the people at the same site via Network Address Translation. So blocking an IP will block multiple users (and these days, even a residential user will typically have a bunch of devices with multiple users connected to the Internet via their router).

 

(I have worked at places where entire ranges of IP addresses are blocked, based on the geographic assignment of those ranges. It's an imperfect means of blocking all traffic from Russia or China for example, but in my experience the people implementing that policy are at least aware it's a blunt instrument and often have to whitelist addresses as the demand arises).

[tegs07]

44 minutes ago, nightraven said:

LOL, I was a forum mod over on Ultimate-Guitar many many years ago (at age 17), and in extreme situations IP bans were used. Sure, people can get around them if they wish to, but ultimately the fight against spammers and scammers alike comes down to making it inconvenient for them to operate on your platform. If someone got caught in the cross-fire, they could still make an appeal in what was called the 'forum of the banned'. Far from a perfect solution, but we're talking almost 20 years ago. Get a grip, please — you're not performing brain surgery from your cosy WfH desk. 

I suggest that you google DHCP and IP leases. At best you put a sticking plaster on the situation for a short period. At worst you may have lost a bunch of customers. 

Unless you are dealing with a seriously clueless scammer that lives in a single occupancy dwelling, pays for a dedicated fixed public IP and has never heard about VPN you are not likely to achieve much by IP blocking a suspect scammer. For persistent offenders (usually mass distribution of spam or malware) companies do take action but it’s a game of cat and mouse.

 

Not sure what is wrong with WFH? My current company has over 40 sites, a datacenter and various cloud based tenancies. My previous company had contracts all over the world. I would frequently find myself in the early hours connecting to resources in New York, London or Budapest. My home office was as adequate as anywhere else (though I do wish that they would let me do the work from somewhere warm and cheap. 

[tegs07]

21 minutes ago, Baloney Balderdash said:

I get loads of scam/fishing e-mails, and what strikes me is how bad the average scammer apparently is at scamming.

 

Then again the stupidity of a humanity at this point shouldn't really surprise me anymore.

 

It's just kind of tragic and sad to think about, but does explain why the world is as it is, and why we can't have nice things.

 

 

Sadly apart from a DDOS attack every major IT outage or incident in my career has involved email and a click happy user giving away financial data, credit card details, passwords etc despite constant training and the fact that 2 minutes of thought would have prevented an obvious spoof/phish.

 

Edited March 19 by tegs07

[chriswareham]

9 minutes ago, Baloney Balderdash said:

I get loads of scam/fishing e-mails, and what strikes me is how bad the average scammer apparently is at scamming.

 

Some people think the scams are deliberately bad - using poor grammar in phishing emails or technobabble in call scripts for example - because it means only the most likely marks will engage with the scammer. Personally I think it's just a reflection of the kind of people involved in these scams being unable to find anything more lucrative to do legally.

 

I did have a more professional sounding than normal scam call last week though. It was from a "personal investment company", on behalf of a "hedge fund in Mayfair, London". The quality of the spoken English was a cut above average, and the script was quite well put together. I was on my lunch break, so happily wasted half an hour of the caller's time when they could be scamming someone more gullible. When asked if I made investments, I said I work in importation and put some of my money back into stocks and shares. As the call went on I started dropping more and more obvious hints that my importation involved chemicals of a "recreational pharmaceutical" nature, and that I had to be careful how I "washed, sorry invested" my profits. The penny finally dropped when I asked the caller if he was based in northern India, and if so whether he wanted to make some extra income bringing certain items from Myanmar into the UK via his back passage.

[Obrienp]

These posts are triggering me back to the Network Administration courses I did many years ago, back when Sun were a big name and Unix ruled 😱. I am so glad I moved into application development, then project management and finally technical sales for application services! 
 

Haven’t we got a little off the original topic here?

[Woodinblack]

5 hours ago, asingardenof said:

I know that works with eBay purchases because I've done it, but does it work with Reverb as well?

 

Its not a reverb / ebay thing, its a paypal thing so it works on any transfer

 

[tegs07]

4 minutes ago, Obrienp said:

Haven’t we got a little off the original topic here?

Staying off topic on Basschat? No chance. Never happens.

[MiltyG565]

*On a set, somewhere in Hollywood, Paul Rudd is surrounded by computers in a darkly lit room, his friends Squabbling*

Director: “Aaand ACTION!”

Rudd, pacing around, frustratedly: “….GUYS! We need to stop fighting. Can’t you see!? This is exactly what the scammer wants! United we stand, divided we fall! We need to focus and find a way to stop him!”

Meg Ryan: “You’re right, Paul (or whatever your character’s name is)! We need to find a way to stop him! But how…?”

Keanu Reeves: “Why don’t we block his IP address… but this time… we simply don’t care about the unintended consequences?”

Rudd, gleefully strutting towards a whiteboard: “You’re right! We shouldn’t care!” *scribbles some nonsense on a board while quickly talking about technical components of a network* “…and it might just work!”

Generic computer whizz teenager, glasses, 17 screens arranged in a globe around him, furiously typing away: “I’m into the mainframe!”

Everyone: “what?”

Rudd: “Mate, you didn’t need to do that, just fkn block the IP address, and then let’s get a pizza”

Whizz: “but anybody could do that, what’s my contribution?”

Ryan: “You are the heart of this operation”

They all hug, go for pizza, and then never think about how many people couldn’t access their website ever again, amen.

*scene*
*end credits*

[tauzero]

2 hours ago, nightraven said:

LOL, I was a forum mod over on Ultimate-Guitar many many years ago (at age 17), and in extreme situations IP bans were used. Sure, people can get around them if they wish to, but ultimately the fight against spammers and scammers alike comes down to making it inconvenient for them to operate on your platform. If someone got caught in the cross-fire, they could still make an appeal in what was called the 'forum of the banned'. Far from a perfect solution, but we're talking almost 20 years ago. Get a grip, please — you're not performing brain surgery from your cosy WfH desk. 

 

Wow. Someone with leet haxor skillz. It's nice to see the script kiddies at play.

[tauzero]

52 minutes ago, Obrienp said:

Haven’t we got a little off the original topic here?

 

NAHAY?

[tauzero]

13 minutes ago, MiltyG565 said:

*On a set, somewhere in Hollywood, Paul Rudd is surrounded by computers in a darkly lit room, his friends Squabbling*

Director: “Aaand ACTION!”

Rudd, pacing around, frustratedly: “….GUYS! We need to stop fighting. Can’t you see!? This is exactly what the scammer wants! United we stand, divided we fall! We need to focus and find a way to stop him!”

Meg Ryan: “You’re right, Paul (or whatever your character’s name is)! We need to find a way to stop him! But how…?”

Keanu Reeves: “Why don’t we block his IP address… but this time… we simply don’t care about the unintended consequences?”

Rudd, gleefully strutting towards a whiteboard: “You’re right! We shouldn’t care!” *scribbles some nonsense on a board while quickly talking about technical components of a network* “…and it might just work!”

Generic computer whizz teenager, glasses, 17 screens arranged in a globe around him, furiously typing away: “I’m into the mainframe!”

Everyone: “what?”

Rudd: “Mate, you didn’t need to do that, just fkn block the IP address, and then let’s get a pizza”

Whizz: “but anybody could do that, what’s my contribution?”

Ryan: “You are the heart of this operation”

They all hug, go for pizza, and then never think about how many people couldn’t access their website ever again, amen.

*scene*
*end credits*

 

There will be an IP address on a screen which will be something like 218.576.326.113.

[chriswareham]

1 hour ago, Obrienp said:

These posts are triggering me back to the Network Administration courses I did many years ago, back when Sun were a big name and Unix ruled 😱. I am so glad I moved into application development, then project management and finally technical sales for application services! 
 

Haven’t we got a little off the original topic here?

 

It's Spungen's Fifth Law of the Internet - any forum discussion that goes on long enough will eventually descend into a flame war about the finer points of networking.

[nightraven]

2 hours ago, tegs07 said:

Not sure what is wrong with WFH? My current company has over 40 sites, a datacenter and various cloud based tenancies. My previous company had contracts all over the world. I would frequently find myself in the early hours connecting to resources in New York, London or Budapest. My home office was as adequate as anywhere else (though I do wish that they would let me do the work from somewhere warm and cheap. 

Nothing wrong with WFH at all — I wish my job were WFHable, but I definitely don't resent those with the luxury. I was only making a quip at the previous poster who got defensive all of a sudden about their "20+ years IT job" being trivialised, when there's a strong likelihood that it's the sort of role where nobody other than their boss would actually notice if they stopped logging into 'slack' or whatever.

 

  

1 hour ago, tauzero said:

 

Wow. Someone with leet haxor skillz. It's nice to see the script kiddies at play.

LOL, my example was far more relevant to the discussion than the person bragging about their university degree.

Edited March 19 by nightraven