 |
June 17, 2016, 04:19:46 AM
Last edit: June 25, 2016, 02:52:02 AM by AruTrader |
|
On Paxfull on 6/13/16 my account "AruTrader" was hijacked after a social engineering attack. This member under the Screen Name "Profiter" had a very attractive AD to buy BTC. Very good deal. So I made him an offer, he even showed an ID and one with Selfie.. He also asked for my Cell number pretending that he want to verify it. He already knew my email where to send payment to. The BTC were already in Escrow. So he asked if I received a code which I gived to him right away! That code he used it to reset my email account to get access to my paxfull then release the coins to himself. What a thief! I didn't realize that untill it was too late that I was a victim of a Social Engineering Attack!.
And still not satisfied he gain access to several of my btc wallets and tried to spend 500EU on one of them, which fortunately was canceled.
After changing my passwords and enabled 2FA (2 Factor Authentication) I reported him, and his account got suspended and banned. But It's not over yet. He still had access to my paxful account, using it to scam others under my behalf until my account was also banned and suspended!! I reported this to Marcos, the moderator, and he believed that Profit hacked my account but he also believed that I did the same thing also!! WTF! His IP location is from Morocco, but of course he could be using some proxy or VPN.
So I don't know how come he still had access to my account. I Enabled 2FA on my email and my paxful account also had 2FA enabled, but through SMS, and I heard it's possible for the Hacker to Port your SIM card Number to his phone, maybe that's how he got access. But maybe there were also some settings in my email account that he knew about. So I reset all security codes and devices etc..and changed my password again with 2FA enabled. Also I started Enabling 2FA on the accounts that were compromised. Since then, no more issues!! If I did that earlier, this would not have happened!.
Lesson learned: Becareful when giving numbers, and read the sms code verify carefully if it's from your email provider. Do not give numbers to any buyer. If you do then make sure is for legitimate purpose. Just because the buyer or seller provides ID doesn't mean it's real no matter how legitimate it looks!
Always Enable 2FA (2 Factor Authentication), Not SMS 2FA but Mobile App 2FA. This will make hard for the hacker to get access t your account. If my email had 2FA enabled, my account wouldn't be hijacked... I learned the hard way!!
Update: The scumbag tried to gain access again to my Email, from an IP from Netherlands....but this time he failed!! Thanks to 2FA!!!
|
