closing tag is in template navbar
timefactors watches



TZ-UK Fundraiser
Results 1 to 40 of 40

Thread: [Beware] Scammer on TZ-UK - user 'okzbow' (maybe more?)

  1. #1

    [Beware] Scammer on TZ-UK - user 'okzbow' (maybe more?)

    Hi all, scammer alert. Or hacker alert, as I think is the case here.


    I have something posted in SC and was contacted by a 'member' expressing an interest. It was fishy from the beginning:

    This morning:









    Before proceeding to send an email, I did a quick check on the user's posts.... yes seemed genuine enough, albeit somewhat dated.

    I knew signing off with 'N' did not tally up with how they have signed off on their TZ posts. So, I proceeded with a very tentative email:











    Here is the response a short while ago:








    Pure scammer talk.
    The item is not marked as sold.
    Asking about shipping when it's not relevant.
    Asking me to click - what seems like - a genuine link? It is not....

    It reads as follows: https://forum.tz-uk.com/forum.php/35334435

    But it points to this location: http://tz-uk.foruptu.com/

    ...and see what that location looks like:








    Yes, that's right. An attempted mirror of TZ-UK forcing you to enter your username and password so they can capture your details as you submit them.

    When I was suspicious earlier this morning, and took a look at TZ-UK profile of okzbow, I could see his activity was erratic, always being in PM's and with different user names.
    I suspect many other people who have items in SC have received this type of contact.
    I'm almost certain 'ingenioren' would've been PM'd by this guy, as that was the last PM activity I last saw last on the profile of okzbow. If you're reading ingenioren, watch out!

    One can assume okzbow was tricked into this and hence the 'scammer' using his profile to contact other members.




    By the way the bikes are still available

  2. #2
    Master
    Join Date
    Nov 2012
    Location
    Lincoln
    Posts
    2,054

    [Beware] Scammer on TZ-UK - user 'okzbow' (maybe more?)

    I replied to his pm saying I had no idea what he was on about.. I don’t click links I didn’t ask for but that looks bad on the face of it.. bad scammer though he tried buying a seiko off me I never owned lol.. mine didn’t have a link I’ve screen shotted it

    Hope nobody got caught up in it




    Sent from my iPhone using Tapatalk
    Last edited by Macca; 24th January 2020 at 18:03.

  3. #3
    Craftsman
    Join Date
    Dec 2017
    Location
    Manchester UK
    Posts
    618
    Blog Entries
    1
    Exactly the same email that I received this morning & with the same ‘fake’ link to TZ-UK.

    I didn’t send any bank or PP details.

    Be careful out there.


    Sent from my iPhone using Tapatalk

  4. #4
    Master
    Join Date
    Aug 2008
    Location
    North West
    Posts
    1,894
    Me too

  5. #5
    He messaged me on here asking me to email him also. I replied and said I only talk on the forum so I never emailed him or her, whoever they really are

  6. #6
    Grand Master Foxy100's Avatar
    Join Date
    Aug 2009
    Location
    Die Fuchsröhre
    Posts
    14,925
    Good work cman, I suspect a lot of us would have clicked that link without necessarily checking. In fact I wonder if anyone has entered their details - time to be on the lookout for any suspicious PMs.
    "A man of little significance"

  7. #7
    Administrator swanbourne's Avatar
    Join Date
    Oct 2002
    Location
    Sheffield, England
    Posts
    47,490
    The okzbow account has now been banned but there may be more so PLEASE let me know so I can do some tidying up.

    Regards,

    Eddie
    Whole chunks of my life come under the heading "it seemed like a good idea at the time".

  8. #8
    Master
    Join Date
    Jan 2010
    Location
    Coming Straight Outer Trumpton
    Posts
    9,385
    I just tried to log into that fake site but I might have got my email and password a bit wrong ;-)

  9. #9
    Master
    Join Date
    Oct 2010
    Location
    Kent
    Posts
    1,053

    Me too

    I'd reported my very similar approach re my Zenith on SC to Eddie this afternoon.......


    Fishy AF as the kids say apparently.

  10. #10
    Administrator swanbourne's Avatar
    Join Date
    Oct 2002
    Location
    Sheffield, England
    Posts
    47,490
    That website address must be disguised because an ICANN WHOIS search on tz-uk.foruptu.com returns

    The requested domain was not found in the Registry or Registrar's RDAP server.
    The page source contains an IP address which comes back to Virgin Media in Camden Town.

    !DOCTYPE html>
    <html lang="en">
    <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>TZ-UK Forums</title>
    <link rel="stylesheet" href="style.css">
    </head>
    <body>
    <div class="all">
    <div class="header"header></div>
    <div class="user"user>
    <form action="action.php" method="post">

    <input type="hidden" name="ip" value="92.236.33.227" />
    <input type="hidden" name="httpref" value="" />

    <input type="hidden" name="ip" value="92.236.33.227" />

    <input type="text" name="visitormail" class="u-name">

    <input type="password" name="nameis" class="pass">
    <br>
    <input type="checkbox" class="check">
    <br>
    <button type="submit" class="bt-1">Log in</button>
    <button type="reset" class="bt-2">Reset Fields</button>
    </form>

    </div>



    <div class="footer"footer></div>



    </div>
    </body>
    </html>
    Eddie
    Whole chunks of my life come under the heading "it seemed like a good idea at the time".

  11. #11
    Master
    Join Date
    Jul 2008
    Location
    Surrey England
    Posts
    1,688
    Had an email today (with a clickable link) saying I had a PM, I logged on through TapaTalk and there was nothing in my inbox I can only assume it was an attempt to get my password etc via the email link.


    Sent from my iPad using Tapatalk

  12. #12
    Master
    Join Date
    Nov 2012
    Location
    Lincoln
    Posts
    2,054
    Quote Originally Posted by swanbourne View Post
    The okzbow account has now been banned but there may be more so PLEASE let me know so I can do some tidying up.

    Regards,

    Eddie
    Thanks Eddie


    Sent from my iPhone using Tapatalk

  13. #13
    Craftsman
    Join Date
    Dec 2017
    Location
    Manchester UK
    Posts
    618
    Blog Entries
    1

    [Beware] Scammer on TZ-UK - user 'okzbow' (maybe more?)

    My second one of the day




    Sent from my iPhone using Tapatalk

  14. #14
    Master Andyp1973's Avatar
    Join Date
    Oct 2013
    Location
    Derbyshire
    Posts
    1,646
    Thanks for the heads up.

    He’s emailed me the same thing offering to buy my ORIS that currently up for sale.

    Same MO and link.

    I have emailed him but no personal details have been sent. I was deliberately vague as I though something was off when Mac didn’t recognise the website.


    Sent from my iPhone using Tapatalk

  15. #15
    Craftsman
    Join Date
    Feb 2017
    Location
    London, England
    Posts
    448
    Thanks Eddie. Received an email as well. Looked at the profile and it didn't seem right. Its good that there are vigilant members here!

  16. #16
    Craftsman
    Join Date
    Dec 2017
    Location
    Manchester UK
    Posts
    618
    Blog Entries
    1
    Can I ask what is maybe a naive question? What’s the scam?


    Sent from my iPhone using Tapatalk

  17. #17
    Master
    Join Date
    Nov 2012
    Location
    Lincoln
    Posts
    2,054
    Quote Originally Posted by wjkerfoot View Post
    Can I ask what is maybe a naive question? What’s the scam?


    Sent from my iPhone using Tapatalk
    I’m not going to click to find out but often they are after your financial info or worse could be ransomware or malware


    Sent from my iPhone using Tapatalk

  18. #18
    Craftsman
    Join Date
    Dec 2017
    Location
    Manchester UK
    Posts
    618
    Blog Entries
    1
    Quote Originally Posted by Macca View Post
    I’m not going to click to find out but often they are after your financial info or worse could be ransomware or malware


    Sent from my iPhone using Tapatalk
    I understand that but it takes you to what is obviously a clone TZ forum where it asks you to log-in.
    I’m assuming that most of us have the forum as a favourite which would automatically log you in, unlike the fake site, which doesn’t, so red flags immediately.


    Sent from my iPhone using Tapatalk

  19. #19
    Master
    Join Date
    Nov 2012
    Location
    Lincoln
    Posts
    2,054
    Yeah I have a link stored and wouldn’t use that one, I’m really not desperate to find out what happens if I were to log in though.. could just be for stealing logins if someone is being a bit of a cretin


    Sent from my iPhone using Tapatalk

  20. #20
    Master
    Join Date
    Jan 2012
    Location
    Sutton Coldfield
    Posts
    1,801
    PM'd me too. Replied saying they'd made a mistake but I think it should have set off my scammer alarm.

  21. #21
    Master PreacherCain's Avatar
    Join Date
    Aug 2011
    Location
    London, UK
    Posts
    3,932
    Should I feel offended that I didn’t get a PM...? 🤔 😉

  22. #22
    Grand Master oldoakknives's Avatar
    Join Date
    Sep 2012
    Location
    United Kingdom
    Posts
    20,041
    Blog Entries
    1
    Quote Originally Posted by wjkerfoot View Post
    Can I ask what is maybe a naive question? What’s the scam?


    Sent from my iPhone using Tapatalk
    If they get your log in details with password, they can try to find you on other sites etc. and some people use the same passwords on more than one site. And if they ask for your name and address and bank details to 'pay' for something then they can try logging in on your bank website etc. They do this for a living so no doubt there's much more they can try.
    Started out with nothing. Still have most of it left.

  23. #23
    Grand Master oldoakknives's Avatar
    Join Date
    Sep 2012
    Location
    United Kingdom
    Posts
    20,041
    Blog Entries
    1
    Quote Originally Posted by PreacherCain View Post
    Should I feel offended that I didn’t get a PM...? 樂 
    PM sent.
    Started out with nothing. Still have most of it left.

  24. #24
    I got a PM this morning about my iPhone, they wanted me to go off PM and to their gmail - i said no, no response after that.

  25. #25
    Grand Master Seamaster73's Avatar
    Join Date
    Jun 2006
    Location
    55°N
    Posts
    16,139
    Quote Originally Posted by swanbourne View Post
    The page source contains an IP address which comes back to Virgin Media in Camden Town.
    London is the new Nigeria.

  26. #26
    Master
    Join Date
    Jan 2018
    Location
    UK
    Posts
    3,194
    Quote Originally Posted by oldoakknives View Post
    If they get your log in details with password, they can try to find you on other sites etc. and some people use the same passwords on more than one site. And if they ask for your name and address and bank details to 'pay' for something then they can try logging in on your bank website etc. They do this for a living so no doubt there's much more they can try.
    Or a lot simpler attempt to list things on SC using member accounts and await bank transfers to their scam accounts.

    If they manage to get hold of login details for members who are not so active it may work.

    Beware of any upcoming SC bargains!

    Sent from my SM-N950F using Tapatalk

  27. #27
    Master
    Join Date
    Aug 2017
    Location
    London, UK
    Posts
    2,866
    Dear all, do not click on a link to view the phishing site. Accessing the site may infect your computer. Capturing you logon credential may not be as simple as asking you to logon, but malware can be installed from accessing the home page of the fake site.

    If you did access it then virus scan your machine. Once clean change passwords using the link to the site you normally use in your book marked sites or type it in by hand, do not follow a link.

    Suggest you delete the email from the fraudster as they can be used to drop code onto your machine.

  28. #28
    Craftsman konlew's Avatar
    Join Date
    Sep 2009
    Location
    Poland
    Posts
    456
    Good work - we have to be careful!

  29. #29
    Craftsman
    Join Date
    Oct 2018
    Location
    Winchester
    Posts
    283
    Thanks a lot OP, always good when someone raises these things with the rest of the forum rather than simply ignoring it.

  30. #30
    Master
    Join Date
    Mar 2009
    Location
    North of nowhere
    Posts
    7,331
    Very interesting, and thanks for the good work.

    One of my iPhones had a login problem, refusing to find my details from the keychain. Now I know why.

    Needless to say I didn’t enter my details, just used the other phone.

  31. #31
    Master
    Join Date
    Jun 2015
    Location
    Edinburgh
    Posts
    3,040
    Blog Entries
    1
    Quote Originally Posted by swanbourne View Post
    That website address must be disguised because an ICANN WHOIS search on tz-uk.foruptu.com returns

    The page source contains an IP address which comes back to Virgin Media in Camden Town.
    Eddie
    You should report to VM if possible. That IP address is likely to be very traceable by them to a specific user.

  32. #32
    Quote Originally Posted by Scepticalist View Post
    You should report to VM if possible. That IP address is likely to be very traceable by them to a specific user.
    The HTML code could have been copied and pasted from somewhere - doesn't mean the bloke was ever in London.... though most likely he was as he seems clever enough to craft a fake tz-uk login page but dumb enough not to read the actualy replies to set up the sales... perhaps a bot?

    Goes without saying but:

    Don't keep your personal details or bank details in your private messages.....

    Do change your password if you think you used the fake link...

  33. #33
    Master
    Join Date
    May 2011
    Location
    Never Everland
    Posts
    3,081
    Delete all personal messages as soon as you don't need them. They may contain contacts and personal details etc.

  34. #34
    Master
    Join Date
    Oct 2019
    Location
    Chelmsford, Essex
    Posts
    1,168
    Good catch. Good to see people looking out for the other members.

  35. #35
    Craftsman
    Join Date
    Apr 2004
    Location
    New Forest
    Posts
    664
    Quote Originally Posted by Rob s View Post
    Good catch. Good to see people looking out for the other members.
    Earlier this week I had my account compromised, first I knew was a PM about an explorer watch. How anyone got my details is beyond me, I am always very careful with passwords etc, in the meantime I have changed all my passwords for email accounts and other sites. I apologise if this caused any angst among the forum members and it was good to see that my small c*ck alter ego was challenged by others, I just hope no one got scammed. A warning to us all I suppose that we are being targeted by some very unscrupulous people. Steve

  36. #36
    Grand Master Raffe's Avatar
    Join Date
    Feb 2012
    Location
    Lëtzebuerg
    Posts
    38,754
    Quote Originally Posted by Steve B View Post
    Earlier this week I had my account compromised, first I knew was a PM about an explorer watch. How anyone got my details is beyond me, I am always very careful with passwords etc, in the meantime I have changed all my passwords for email accounts and other sites. I apologise if this caused any angst among the forum members and it was good to see that my small c*ck alter ego was challenged by others, I just hope no one got scammed. A warning to us all I suppose that we are being targeted by some very unscrupulous people. Steve
    Good to have you back.

    I think it's still interesting to get to the bottom of how they gained access to your account in order to warn others.

    Did you use the same password across a number of sites?
    Did you recently see an unusual or unexpected log in request for TZ?
    Die you get unusual emails referring to any TZ business?
    Someone who lies about the little things will lie about the big things too.

  37. #37
    Craftsman
    Join Date
    Apr 2004
    Location
    New Forest
    Posts
    664
    Raffe

    thanks for the reply, I honestly don't know how they gained access

    Did you use the same password across a number of sites? No I always use different passwords
    Did you recently see an unusual or unexpected log in request for TZ? No, nothing at all
    Die you get unusual emails referring to any TZ business? As i my previous comment first I knew was Wednesday morning I received a notification of a PM regarding a Rolex Explorer watch that was for sale by me (I hadn't one for sale) this set alarm bells ringing as I don't have an Explorer.

    When I logged on a few hours later when I got home I had been banned by Eddie! I'm just happy that it got rumbled pretty quickly and no one got scammed.

    Steve

    Quote Originally Posted by Raffe View Post
    Good to have you back.

    I think it's still interesting to get to the bottom of how they gained access to your account in order to warn others.

    Did you use the same password across a number of sites?
    Did you recently see an unusual or unexpected log in request for TZ?
    Die you get unusual emails referring to any TZ business?

  38. #38
    Grand Master Raffe's Avatar
    Join Date
    Feb 2012
    Location
    Lëtzebuerg
    Posts
    38,754
    Quote Originally Posted by Steve B View Post
    Raffe

    thanks for the reply, I honestly don't know how they gained access

    Did you use the same password across a number of sites? No I always use different passwords
    Did you recently see an unusual or unexpected log in request for TZ? No, nothing at all
    Die you get unusual emails referring to any TZ business? As i my previous comment first I knew was Wednesday morning I received a notification of a PM regarding a Rolex Explorer watch that was for sale by me (I hadn't one for sale) this set alarm bells ringing as I don't have an Explorer.

    When I logged on a few hours later when I got home I had been banned by Eddie! I'm just happy that it got rumbled pretty quickly and no one got scammed.

    Steve
    Very strange, all of it. Pity if we never learn how it happened, leaves the door open for them to repeat the stunt with someone else.

  39. #39
    The number of site visitors may indicate unusual activity...
    For example, check the time stamp, for which the 'most users ever' of this forum was:





    Must be a lot of bots...?

  40. #40
    Craftsman trott3r's Avatar
    Join Date
    Feb 2015
    Location
    greater manchester UK
    Posts
    698
    Might be a good idea test you passwords strength i use: https://howsecureismypassword.net/

    I also use keepassxc (which does not sync over the internet) to generate passowords and store them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Do Not Sell My Personal Information