krack-r



Offline



Activity: 350

Merit: 250









Sr. MemberActivity: 350Merit: 250 [SECURITY] How to spot a scammer on Paxful October 23, 2016, 08:16:10 AM

Last edit: October 25, 2016, 05:36:30 AM by krack-r #1



This is a topic that i think would be very useful to many of us, because it reveals how to protect yourself on Paxful.

I've been dealing coins on their platform for a few days, and to be honest, it's very hard to get scammed, unless you want to be.



MODERATORS POSTS ON PAXFUL ARE ALWAYS IN LIGHT BLUE HIGHLIGHTS! THIS IS STATED AT THE BEGINNING OF EACH TRADE! KEEP YOUR EYES OPEN!



Typical Scams



Case 1 - The Password Change Attempt

1. You click on a SELL offer (for an online payment provider such as PayPal);

2. An escrow is opened, and you provide the PayPal email to the scammer;

3. Then they ask you to send them a verification code, that they would "send to your phone" (if they're unable to do so - to your email);

4. They send you a password change email or phone message;

5. If you provide the code, and have no 2FA, they cancel the deal, access your account and steal your coins.



Case 2 - The Moderator Advising you to Release Coins

1. A scammer buys (places in escrow your coins);

2. Then they ask you for personal data, such as your email or phone number;



subcase a)

i. There they send you an email from EXAMPLE LINK);

ii. In the email in very bad English they try to convince you that they've blocked the user, and to release the bitcoins, which they would add to your balance manually within 15 minutes;

iii. You seeing that it's sent from the proper mail address do as advised and release the coins, not realizing that it was all a scam.



subcase b)

i. They send you message in the Escrow chat claiming to be a Moderator ( MODERATORS POSTS ON PAXFUL ARE ALWAYS IN LIGHT BLUE HIGHLIGHTS! ), or a security team member, claiming that you're a victim of a coin-locker, and you have to release the bitcoins which they would add to your wallet later by hand;

ii. You seeing the message has a title Moderator do as advised and release the coins, not realizing that it was all a scam.



Case 3 - Marking Payment as Made, before the buyer paid

1. A guy responds to a BUY offer that you posted;

2. He asks you for an email address and claims that he's made payment;

3. They mark it as Payment Complete and ask you to release the bitcoins;

4. You stumbled from the enormous profit, don't think to check it first, and release - forgetting about seeing your cash again.



Case 4 - Asking for a loan

1. A guy responds to your offer and buys (holds in escrow) a small portion of your coins;

2. Then he politely asks you if you could loan him 20$ (for instance) and they would pay you back 125% in a few hours;

3. The profile that made the request has a few green + ratings (easy to fake) and you do as advised - losing the coins to a scammer.



NB: Those cases might be intertwined. It's not said that a scammer would use just one, but they might incorporate parts of any of them into their scam attempts.



======================================================================================================

HOW TO PROTECT YOURSELF ON PAXFUL AND PREVENT SCAMS:



I. IN GENERAL:

1. Before you even fund your account - enable 2FA (SMS or Google Authenticator) for ALL available options through the

2. Never release bitcoins from escrow, if you have not received the payment! EVER!

3. Do not be fooled by 100% green reputation. Always do your due diligence and check the users that left the reps. If they are reputable with more than 100 deals and more than 10BTCs traded - then you have a legit trader.

4. If you receive a suspicious looking email from help@paxful.com - bad English, bad grammar, etc - try to reply to it! If you get a mail-delivery-subsystem message (link) then the message was not sent from the original mailbox, it just used an mx record to look like it was.

5. Never click on links received in the emails from point 4;

6. When posting a Trade, always require the user to at least has verified phone number/email address, 10+ BTC trades, and to be trusted (there is an option for that)!



II. SPECIFIC:

1. Case 1:

a) Never use the same email address for your payment method and Paxful. Also - never provide your Paxful email;

b) Never provide a phone number linked to your Paxful account or your payment method;

c) Try reasoning with the guy - just tell them that you did not request a security code (as it's supposed to be for your security) and it's better to cancel and not lose your time.



2. Case 2:

a) MODERATORS POSTS ON PAXFUL ARE ALWAYS IN LIGHT BLUE HIGHLIGHTS!

b) NEVER RELEASE BITCOINS, IF PAYMENT IS MARKED AS PAID BUT YOU DIDN'T RECEIVE IT!

c) save all data - make screenshots of the conversation + forward the scam email to

d) report the user through the report button.



3. Case 3:

a) Look at Case 2a)

b) Look at Case 2b)

c) DISPUTE THE PAYMENT AS SOON AS POSSIBLE AND REPORT THE SCAMMER!

d) Look at Case 2c)

d) Look at Case 2d)



4. Case 4 - Just use your head. Don't send money to people you don't know with the expectation that you would ever see it back.





Final thoughts:

It struck me that i read a forum full of people thinking that Paxful have a Team Member named Marcos, with bad English, who advised them to release coins. That's why I wrote this guide.

I actually corresponded with Arthur (the owner/founder) of Paxful and his English is perfect. Even if there is a Marco(s) in Paxful it is definitely not the guy that sends you those scam emails.

Just think people. This is how PayPal accounts and credit cards get stolen!



*Note - I am not in any way affiliated with Paxful, nor am I their employee! Hello Traders,This is a topic that i think would be very useful to many of us, because it reveals how to protect yourself onI've been dealing coins on their platform for a few days, and to be honest, it's very hard to get scammed, unless you want to be.1. You click on a SELL offer (for an online payment provider such as PayPal);2. An escrow is opened, and you provide the PayPal email to the scammer;3. Then they ask you to send them a verification code, that they would "send to your phone" (if they're unable to do so - to your email);4. They send you a password change email or phone message;5. If you provide the code, and have no 2FA, they cancel the deal, access your account and steal your coins.1. A scammer buys (places in escrow your coins);2. Then they ask you for personal data, such as your email or phone number;i. There they send you an email from help@paxful.com (ANYONE CAN DO THAT -);ii. In the email in very bad English they try to convince you that they've blocked the user, and to release the bitcoins, which they would add to your balance manually within 15 minutes;iii. You seeing that it's sent from the proper mail address do as advised and release the coins, not realizing that it was all a scam.i. They send you message in the Escrow chat claiming to be a Moderator (), or a security team member, claiming that you're a victim of a coin-locker, and you have to release the bitcoins which they would add to your wallet later by hand;ii. You seeing the message has a title Moderator do as advised and release the coins, not realizing that it was all a scam.1. A guy responds to a BUY offer that you posted;2. He asks you for an email address and claims that he's made payment;3. They mark it as Payment Complete and ask you to release the bitcoins;4. You stumbled from the enormous profit, don't think to check it first, and release - forgetting about seeing your cash again.1. A guy responds to your offer and buys (holds in escrow) a small portion of your coins;2. Then he politely asks you if you could loan him 20$ (for instance) and they would pay you back 125% in a few hours;3. The profile that made the request has a few green + ratings (easy to fake) and you do as advised - losing the coins to a scammer.Those cases might be intertwined. It's not said that a scammer would use just one, but they might incorporate parts of any of them into their scam attempts.======================================================================================================1. Before you even fund your account - enable 2FA (SMS or Google Authenticator) for ALL available options through the security tab in your profile (link) 3. Do not be fooled by 100% green reputation. Always do your due diligence and check the users that left the reps. If they are reputable with more than 100 deals and more than 10BTCs traded - then you have a legit trader.5. Never click on links received in the emails from point 4;6. When posting a Trade, always require the user to at least has verified phone number/email address, 10+ BTC trades, and to be trusted (there is an option for that)!1. Case 1:a) Never use the same email address for your payment method and Paxful. Also - never provide your Paxful email;b) Never provide a phone number linked to your Paxful account or your payment method;c) Try reasoning with the guy - just tell them that you did not request a security code (as it's supposed to be for your security) and it's better to cancel and not lose your time.2. Case 2:c) save all data - make screenshots of the conversation + forward the scam email to help@paxful.com from your paxful email and also send it to the chat support with the attachmens (even if they're offline);d) report the user through the report button.3. Case 3:a) Look at Case 2a)b) Look at Case 2b)d) Look at Case 2c)d) Look at Case 2d)4. Case 4 - Just use your head. Don't send money to people you don't know with the expectation that you would ever see it back.It struck me that i read a forum full of people thinking that Paxful have a Team Member named Marcos, with bad English, who advised them to release coins. That's why I wrote this guide.I actually corresponded with Arthur (the owner/founder) of Paxful and his English is perfect. Even if there is a Marco(s) in Paxful it is definitely not the guy that sends you those scam emails.Just think people. This is how PayPal accounts and credit cards get stolen!

paxful profile - My Vanity address - 1KrackryDQCJTm8R21uUzrPXJTUpgMudinpaxful profile - https://paxful.com/user/krack-r