dutnguye is saying he was hacked, and today he had a quick sale -he posted over at AT and ssaid he heatware was hacked as well. This is a FYI

That thread was edited. I am guessing if true he should contact the admins here or create another account to let people know.
 
Yep I was the victim of the scam. Both his [H] and Heat accounts were hacked. I thought I was buying two 3070's but ended up donating 5.5 SOL to the scammer's cause. Yes I am an idiot. Amazing Heat, communication on Heat and [H], early in the morning, no coffee, in a rush. I should have put on the brakes and asked for more info first.

Could have been prevented if dutnguye had 2FA enabled and didn't lose control of his accounts (re-used passwords??), but still my fault.
 
Last edited:
I have never ever been scammed here and had come to think of this place as 'safe'. Reality check. I enabled 2FA on my account today - didn't even remember it was an option.

I wonder if 2FA should be required to be enabled for FS/FT posting? It not only protects the account owners (sellers) but the people he/she are dealing with (buyers - like me).
 
Last edited:
Sorry to hear this was actually a scam. It should probably be made a rule that if you use the marketplace, 2FA is required. Heatware doesn't have 2FA, but at least one end would be secure.
 
Almost fell for this too, same situation as Clocker what caused me to pause was that he couldn't produce a pic of the card coz his phone was busted and wouldn't provide the serial for warranty verification. Good thing I decided to sleep on it. Everyone beware, nothing is fool proof. One clue is if an account suddenly becomes active selling a high value high demand item for cheap, be wary. Then again, had I dealt with him in the past, would probably have sent him some BTC.
 
There shouldn't be allowed posts with payments in crypto if there's no way to protect buyer/seller in a transaction. This should be a rule to marketplace.
 
There shouldn't be allowed posts with payments in crypto if there's no way to protect buyer/seller in a transaction. This should be a rule to marketplace.
I think requiring 2FA in the FS/FT section would be more beneficial....to all types of transactions.
 
There shouldn't be allowed posts with payments in crypto if there's no way to protect buyer/seller in a transaction. This should be a rule to marketplace.
F&F is allowed and there's no protection on that. Don't do your due diligence you get burned sometimes. OP was probably so hot to get those GPUs first he skipped all checks.
 
F&F is allowed and there's no protection on that. Don't do your due diligence you get burned sometimes. OP was probably so hot to get those GPUs first he skipped all checks.
I won't blame the OP too much, let's not rub salt over someone's wounds, the fact that both heatware and H accounts were hacked made this easy to fall for. I suspect the actual user's email got hacked and related accounts compromised. 700 for a FHR 3070 is mighty generous in this market but not totally implausible if someone is looking to make a quick sale and not deal with ebay and the like. You can use a cc for FF if you have doubts and file a charge back, yes your pp account may be suspended but there is atleast some recourse.
 
Didn't realize 2FA was an option, but after hearing about this I've definitely enabled it now as I plan to sell quite a few things on here soon. Sorry for those that got scammed. Maybe 2FA should be a mandatary rule if you are going to post in that section of the forum.
 
I won't blame the OP too much let's not rub salt over someone's wounds, the fact that both heatware and H accounts were hacked made this easy to fall for. I suspect the actual user's email got hacked and related accounts compromised. 700 for a FHR 3070 is mighty generous in this market but not totally implausible if someone is looking to make a quick sale and not deal with ebay and the like. You can use a cc for FF if you have doubts and file a charge back, yes your pp account may be suspended but there atleast some recourse.
Eh, it's like the constant scam they pull on ebay with listing X GPU for several 100s below the going rate. People keep falling for it for some reason...

Also no, you can't use a CC with F&F payments, unless they have recently changed that policy...
 
F&F is allowed and there's no protection on that. Don't do your due diligence you get burned sometimes. OP was probably so hot to get those GPUs first he skipped all checks.
"Seller" was a long-time [H] member (16 years) with incredible Heat (1082) and relatively recent transactions. Also able to communicate over both [H] and Heatware. Sure I could have questioned more - and I obviously should have - but you could also say that the user who lost control of his accounts must not have practiced good security practices, reused passwords etc etc.
 
Last edited:
I didn't. Reading this thread definitely steered me to enable it.
 
To be clear, the user's password was compromised somehow, however it has nothing to do with HardForum, we are still secure.

Yes, 2FA had been an option for years. We are looking into requiring this for FSFT currently, but I am not sure if that is feasible on a per subforum basis at this moment.
 
To be clear, the user's password was compromised somehow, however it has nothing to do with HardForum, we are still secure.

Yes, 2FA had been an option for years. We are looking into requiring this for FSFT currently, but I am not sure if that is feasible on a per subforum basis at this moment.
FrgMstr He is asking how to get in touch here as the email on his account has been changed and he can’t get in.
 
Any way to corroborate the hack? E.g. do we see a new IP address accessing his account the same day the email and password was changed?
 
There was a very similar post at Anandtech from a different user. https://forums.anandtech.com/threads/evga-geforce-rtx-3070-xc3-ultra-8gb-gddr6-750-shipped.2598881/ Not a recently active member, tons of Heatware, requesting only crypto. Not trying to be an alarmist here but there's definitely a problem. it seems like either Heatware had a security incident, or maybe somebody is using credentials from some other breach to try to gain access to PC enthusiast forums/heatware to scam? I buy a ton of stuff through here and trust the FS/T forum implicitly, so hopefully not. I made sure my [H] account, Anandtech account and Heatware account don't share credentials(they hadn't already). I would encourage everybody else to do the same and also enable dual factor anywhere you can.

To be clear - I don't think anything has happened to Hardforum as FrgMstr said, but maybe some other site got breached and they are using credentials that were shared amongst the sites to scam. It could even be any of the large breaches that have happened over the years, tons of people reuse passwords for years and use them on all sites.
 
This was my first thought honestly.
The concern being though would be that now somebody has figured out "oh crap, these computer forums are great places to use these leaked credentials from _____ breach years ago and if I can gain access to even a single account I can walk away with $2k-$50k in cyrpto". Let's face it if my account with ~64 positive Heatware posted today "I have non LHR 3080's for $1100 a piece but you have to pay via ethereum to ___ address" I would probably get 20 PM's right away all ready to send it. The only meaningful rule change I can even think to combat this is that you must post 'ygpm' or similar when sending a seller a PM so at least others know they're not the first in line.

I just changed my password to a super secure randomly generated Lastpass one and made sure 2FA was on my account. Hopefully others all do the same. What a messed up situation and hopefully it's an isolated incident, but the other post at Anandtech makes me think we should be cautious.
 
The concern being though would be that now somebody has figured out "oh crap, these computer forums are great places to use these leaked credentials from _____ breach years ago and if I can gain access to even a single account I can walk away with $2k-$50k in cyrpto". Let's face it if my account with ~64 positive Heatware posted today "I have non LHR 3080's for $1100 a piece but you have to pay via ethereum to ___ address" I would probably get 20 PM's right away all ready to send it. The only meaningful rule change I can even think to combat this is that you must post 'ygpm' or similar when sending a seller a PM so at least others know they're not the first in line.

I just changed my password to a super secure randomly generated Lastpass one and made sure 2FA was on my account. Hopefully others all do the same. What a messed up situation and hopefully it's an isolated incident, but the other post at Anandtech makes me think we should be cautious.
Don't pay with methods that don't have recourse for scammers. Problem solved. Might as well be sending cash through the mail.
 
i also fell for this and ended up sending him two $700 bitcoin payments. i should have realized something but i took for granted his record and his past postings and his heatware and he said i could contact him on either heat or here. and i have had such great sellers and buyers on here for years i just thought that this was another normal transaction. i feel like an idiot
 
Don't pay with methods that don't have recourse for scammers. Problem solved. Might as well be sending cash through the mail.
One of the main benefits to selling stuff through here is getting your money without Paypal fees, Ebay fees, etc. I've always paid Paypal G&S if the person didn't have a lot of Heatware or I was at all sketched out(and I always include an extra ~3% to cover the G&S fee as a courtesy). I've been buying and selling stuff through forums for 20 years and never had an issue just by being cautious, but this is a new angle of scamming.
i also fell for this and ended up sending him two $700 bitcoin payments. i should have realized something but i took for granted his record and his past postings and his heatware and he said i could contact him on either heat or here. and i have had such great sellers and buyers on here for years i just thought that this was another normal transaction. i feel like an idiot
I'm really sorry to hear that. For what it's worth - don't feel like an idiot. It definitely sucks, but I nearly fell for the same scam and I consider myself pretty savvy on buying / selling /etc. Had I gotten to that 3070 post this morning before anybody else I probably would have sent the crypto. High feedback trader, long standing user, etc. The crypto only is kind of a red flag, but plenty of legit users here have also requested only crypto. My thought this morning was "darn I missed it by 20 minutes" not "oh those guys for sure got scammed"
 
One of the main benefits to selling stuff through here is getting your money without Paypal fees, Ebay fees, etc. I've always paid Paypal G&S if the person didn't have a lot of Heatware or I was at all sketched out(and I always include an extra ~3% to cover the G&S fee as a courtesy). I've been buying and selling stuff through forums for 20 years and never had an issue just by being cautious, but this is a new angle of scamming.

I'm really sorry to hear that. For what it's worth - don't feel like an idiot. It definitely sucks, but I nearly fell for the same scam and I consider myself pretty savvy on buying / selling /etc. Had I gotten to that 3070 post this morning before anybody else I probably would have sent the crypto. High feedback trader, long standing user, etc. The crypto only is kind of a red flag, but plenty of legit users here have also requested only crypto. My thought this morning was "darn I missed it by 20 minutes" not "oh those guys for sure got scammed"
I too almost fell for it but the 'phone is broken so can't send pic/serial till noon' and '7 people in line already' made me walk away, the language used was all over the place too, grammatically speaking. Feel bad for the folks at AT too though the place has some serious moderation issues.
 
I too almost fell for it but the 'phone is broken so can't send pic/serial till noon' and '7 people in line already' made me walk away, the language used was all over the place too, grammatically speaking. Feel bad for the folks at AT but given the double standards of some mods there, hard to feel too sorry...
I never got that far as to PM :LOL: I woke up, saw the post and that somebody had already posted they had PM'd and went "welp, that was a heck of a deal I missed out on"
 
Red Alert: Another compromised account on Heatware, thegunner100, do not buy from this user till corrected. Attaching my correspondence with this guy, likely the same person/persons. This conversation started yesterday, before this morning's events here.
 

Attachments

  • Screenshot_20211111-181819_Chrome.jpg
    Screenshot_20211111-181819_Chrome.jpg
    186 KB · Views: 1
i also fell for this and ended up sending him two $700 bitcoin payments. i should have realized something but i took for granted his record and his past postings and his heatware and he said i could contact him on either heat or here. and i have had such great sellers and buyers on here for years i just thought that this was another normal transaction. i feel like an idiot
Thanks for posting. I feel a bit better just knowing I am not alone in this. So sorry you got screwed like me.
 
Even if it’s a long standing member, before I send that much money I call them and make sure my ducks are in a row. I’d rather miss out on a great deal than get scammed. I’ve had people try to pose as me on other forums and link my heatware but most message me by other means and figure it out.
 
The concern being though would be that now somebody has figured out "oh crap, these computer forums are great places to use these leaked credentials from _____ breach years ago and if I can gain access to even a single account I can walk away with $2k-$50k in cyrpto". Let's face it if my account with ~64 positive Heatware posted today "I have non LHR 3080's for $1100 a piece but you have to pay via ethereum to ___ address" I would probably get 20 PM's right away all ready to send it. The only meaningful rule change I can even think to combat this is that you must post 'ygpm' or similar when sending a seller a PM so at least others know they're not the first in line.

I just changed my password to a super secure randomly generated Lastpass one and made sure 2FA was on my account. Hopefully others all do the same. What a messed up situation and hopefully it's an isolated incident, but the other post at Anandtech makes me think we should be cautious.
Not to sound rude, but 64 positive isn’t enough for me to send $1100 blindly to ANYONE without a call or some other follow up to ensure things are on the up and up. Hell, ask dbwillis whom I’ve dealt with many many times how often I’ll ask questions back and forth when it’s over $100! I guess I’m just overly tight with money.
 
Wow. I'm changing passwords and doing 2FA now. I've sold to him and he's a good guy...

I don't know the whole story but crazy how scams have gotten this far...
 
Not to sound rude, but 64 positive isn’t enough for me to send $1100 blindly to ANYONE without a call or some other follow up to ensure things are on the up and up. Hell, ask dbwillis whom I’ve dealt with many many times how often I’ll ask questions back and forth when it’s over $100! I guess I’m just overly tight with money.
You're more cautious than most. My user account here has been around since 2013(though, it should be something more like 2004 but I got lost in one of the forum upgrades). My same user account has been on other popular forums since 2004 or earlier. My Heatware is consistent back to 2004 including a ton of recent stuff. It's not fluff stuff, most of my recent transactions are high value PC parts like EPYC CPU's and high end GPU's. I'm active on this forum and others. Anybody doing a cursory look would think I'm legit. I'm confident that if my account got breached it could do some damage, so that is extra motivation to do everything I can to make sure my account is safe.

I do not recall a single transaction I've ever done where somebody asked my phone number, other than maybe to give to fedex for tracking updates. I've never had somebody ask me to call them or even text them. The closest thing I've ever had to somebody questioning anything is they looked up my shipping address on Street View and noticed it was my employer and were sketched out but were okay with shipping once I told them it was my employer. People are generally trusting, so if there's a scam going around we need to figure it out ASAP to prevent people from getting scammed.
 
Last edited:
Not to sound rude, but 64 positive isn’t enough for me to send $1100 blindly to ANYONE without a call or some other follow up to ensure things are on the up and up. Hell, ask dbwillis whom I’ve dealt with many many times how often I’ll ask questions back and forth when it’s over $100! I guess I’m just overly tight with money.
Just to clarify the seller from the incident today had 1082 positive heat and was a member for 15 years.
 
Back
Top