glovermee fake escrow scam attempt

[shorena]

What happened: The user glovermee tried to use a fake escrow message to trick Flooores. Flooores however is a smart person and did not fall for it, they tried to verify with me and I was able to answer before they send any coins.

Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=663723

Amount Scammed: 0
Payment Method: netteller for btc
PM/Chat Logs:

!!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!!

Shorena are you really  don't this escrow here  for me  ?
Sorry for this question

"Flooores" You don't have to worry.Just Follow the guideline.

Hi,

I was asked to Escrow your deal, I assume the below is what you want.

-Sho

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Escrow by shorena from bitcointalk.org (UID: 181801)
for Flooores  as SELLER
and glovermee as BUYER

Item: 0,48475124 BTC  for neteller payment 240$


Steps:
#0 stay calm, things done properly need time.

#1 Flooores sends escrow the above BTC to 18qw5BLBXv3TS3oKjdhBt2nJvBEZmi99mG

#2 Escrow confirms Flooores to have received the correct amount after 1 confirmation

#3 glovermee issues a  USD transfer via netteler to Flooores

#4 Flooores confirms to have received the correct amount

#5 Escrow releases the BTC to glovermee 

#6 all are happy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWjUAiAAoJEJQKF9u9a2jizH8QAJLWODpfPrC3wezzm2kNnblv
HhLSZrF4qYHVKKiD46jdBXcXV8Txc7ekw2seOl9pf/A+OwhcZNJIs8tpCIX8d+PF
F4hv1tN2VEzLTrldY8ZCf4x7d85rvJ+DEIyBWeC2EkYR8IsXboqkVTFxdLv08HdO
oBLg1hkMKYU6LcVIedNpD2efZIVM5cmBGvtjr5MZ1SVmoUwxehOyWgaPOcE7LtdP
WNU3mcbChF668AmIZ45xf4njTOcbUyYK8re2l+G8mBM8IV78BlIZbJrwkKYNpPmc
JNAy74bquwJEfL43j80rcfcQ6ERooahntxTmkVLhbSiutASFOrI1p+bCs+jZ4ut1
tm1bwmUKzYRruLFZ3fyFvVxGsBIHWVjtcAmL+WanPul+0rP0tVfBob+0eQtPCeQC
BnGrUqqOyCvfITAcrBF2M0iD174oXsmh1SGQpVw4XYWDn4tC+Tc/1zX1EnLkOVdD
S70MBmtD+BBsZfpYWyw3Ab+uIqdTOSUTp7c7jxzXYo6boml+F9inHo0N8luQN/kH
I8wRSUJhbywlQWvlP5HLqOY6R44euqUu23RaAoJINAk7dK96oE48Rdb+IEL7WfBn
i8ULUVkrkK9Nd4zG1TsuuZHk46hqRHVvPm1YQwt8ZfwA0RP9n5i0ccp9S3/ThLMx
k4cJISkvR9txlI3YV4Xr
=/7Ef
-----END PGP SIGNATURE-----

Additional Notes: I asked Flooores to report the PM to staff so they can be verified. The main reason for this thread is that more people are aware that this is happening. I will always sign escrow agreements. You can verify them here -> https://keybase.io/verify Everything that you can not verify should be considered false.

[Quickseller]

The signature was made by your GPG key on January 6 2016 at 11:26:10 EST, however the signature does not sign the text of the message. Check your outbox and your inbox to find out who you sent a GPG signed message to with that signature around that time.

[shorena]

The signature was made by your GPG key on January 6 2016 at 11:26:10 EST, however the signature does not sign the text of the message. Check your outbox and your inbox to find out who you sent a GPG signed message to with that signature around that time.

good idea, found this.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Escrow by shorena from bitcointalk.org (UID: 181801)
for Gildarts (UID: 532733) as SELLER
and campycoin (UID: 196264) as BUYER
-redacted-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWjUAiAAoJEJQKF9u9a2jizH8QAJLWODpfPrC3wezzm2kNnblv
HhLSZrF4qYHVKKiD46jdBXcXV8Txc7ekw2seOl9pf/A+OwhcZNJIs8tpCIX8d+PF
F4hv1tN2VEzLTrldY8ZCf4x7d85rvJ+DEIyBWeC2EkYR8IsXboqkVTFxdLv08HdO
oBLg1hkMKYU6LcVIedNpD2efZIVM5cmBGvtjr5MZ1SVmoUwxehOyWgaPOcE7LtdP
WNU3mcbChF668AmIZ45xf4njTOcbUyYK8re2l+G8mBM8IV78BlIZbJrwkKYNpPmc
JNAy74bquwJEfL43j80rcfcQ6ERooahntxTmkVLhbSiutASFOrI1p+bCs+jZ4ut1
tm1bwmUKzYRruLFZ3fyFvVxGsBIHWVjtcAmL+WanPul+0rP0tVfBob+0eQtPCeQC
BnGrUqqOyCvfITAcrBF2M0iD174oXsmh1SGQpVw4XYWDn4tC+Tc/1zX1EnLkOVdD
S70MBmtD+BBsZfpYWyw3Ab+uIqdTOSUTp7c7jxzXYo6boml+F9inHo0N8luQN/kH
I8wRSUJhbywlQWvlP5HLqOY6R44euqUu23RaAoJINAk7dK96oE48Rdb+IEL7WfBn
i8ULUVkrkK9Nd4zG1TsuuZHk46hqRHVvPm1YQwt8ZfwA0RP9n5i0ccp9S3/ThLMx
k4cJISkvR9txlI3YV4Xr
=/7Ef
-----END PGP SIGNATURE-----

Deal was never finished. Campycoin didnt send a single PM, it was Gildarts saying they backed out. campycoin stopped posting a day later.

[allyouracid]

Just to make sure I understand that right:
- users are making bogus escrow attempts with reputable users
- only goal of all this is to get their signed message
- then, they try to scam someone by sending what they got in the bogus attempt (maybe because they hope that the escrow always uses the same text and only changes the names+date, which could maybe be overseen)

[shorena]

Just to make sure I understand that right:
- users are making bogus escrow attempts with reputable users
- only goal of all this is to get their signed message
- then, they try to scam someone by sending what they got in the bogus attempt (maybe because they hope that the escrow always uses the same text and only changes the names+date, which could maybe be overseen)

kinda yes, but the message is heavily modified. All sub-steps are removed, there are no user IDs, there is an extra space after Flooores, the BTC amount uses "," instead of "." as a separator and possibly more I missed.

[Phildo]

Did you ever send a pm to Flooores before he sent you one?

Isn't the whole point of escrow to bring a 3rd party into the transaction? Why anyone would think they are using escrow because someone sends them a quoted PM is nuts. If you are using user: x as an escrow, be sure you are talking to user x.

[Quickseller]

Just to make sure I understand that right:
- users are making bogus escrow attempts with reputable users
- only goal of all this is to get their signed message
- then, they try to scam someone by sending what they got in the bogus attempt (maybe because they hope that the escrow always uses the same text and only changes the names+date, which could maybe be overseen)

kinda yes, but the message is heavily modified. All sub-steps are removed, there are no user IDs, there is an extra space after Flooores, the BTC amount uses "," instead of "." as a separator and possibly more I missed.

I think that is just the lack of attention to detail on the part of the scammer. I would say he probably intended on making it look exactly how you would normally sign an escrow agreement.

[shorena]

Just to make sure I understand that right:
- users are making bogus escrow attempts with reputable users
- only goal of all this is to get their signed message
- then, they try to scam someone by sending what they got in the bogus attempt (maybe because they hope that the escrow always uses the same text and only changes the names+date, which could maybe be overseen)

kinda yes, but the message is heavily modified. All sub-steps are removed, there are no user IDs, there is an extra space after Flooores, the BTC amount uses "," instead of "." as a separator and possibly more I missed.

I think that is just the lack of attention to detail on the part of the scammer. I would say he probably intended on making it look exactly how you would normally sign an escrow agreement.

Probably yes.

Did you ever send a pm to Flooores before he sent you one?

Nope.

Isn't the whole point of escrow to bring a 3rd party into the transaction? Why anyone would think they are using escrow because someone sends them a quoted PM is nuts. If you are using user: x as an escrow, be sure you are talking to user x.

Scammers still try this and have so in the past. I know there was one where PMs from OgNasty had been faked. Probably others as well.