This guy posed as me to someone trying to use Zelle to take payment - don’t use Zelle or Venmo for transactions

 

Good for posting.

See this thread>>> https://classicoldsmobile.com/forums...-alert-189469/

 

That email addy has been involved in scamming for some time...IP: 45.8.19.46

https://cse.google.com/cse?cx=partne...m%2Fsearch&ss=

 

Been masquerading for some time, evidently...

 

We don't currently have or ever had that user name on this site. Searching the email and IP bring no hits either. I believe these are generated offsite using info gathered through postings.

 

No one suggested there was either a member (user) name or an email or IP address associated with that member (user) name.

 

Then I misunderstood based on the info you provided above.

 

No worries, easy to understand. Two CO members (kjr442 and FLORIDA1972blaze) received correspondence "outside" of this website. Both provided only an image of correspondence they received. They received no direct communication correspondence from w/in the CO website. The email jabzzz770@gmail.com was only contained in correspondence outside of CO. Very likely a 'bot' scanned the CO website & via (guilty by association) assembled a 'keyword' algorithm associated with each of those members. A rather simple/novel escapade.

 

Websites which allow a user to create a website "member" name login credential using their email address are far more susceptible to security risks on three fronts: (1) Phishing, (2) Account Takeover and (3) Credential Stuffing (not including scam/spam & others). Many, many errors &/or security faults are brought to risk using an email address as a member login credential. As a certified CISSP I can almost guarantee CO developers are clueless regarding serious deep-dive security. I recognize the CO site is not the primary revenue feeder for IB, yet the CO website is open to many vulnerabilities. Imagine if this site were hosted on the same server(s) as the revenue generating IB websites. Anyways, the validating security credential for any CO member is probably their email address - the one they submitted when they joined CO. That email address is a security credential (descriptor/identifier). You could create a different CO member name with an email address "different" from the email address associated with the CO member account (the one they used when they registered) or they could even create a CO member name with the exact same email address they used when they created and associated their CO member account (as their official login credential). This is where developers know extremely little regarding security. There is a single security descriptor (credential/SSID, etc.) for every CO member. You allow a member to create a member name with the same security descriptor/credential (their email address) they used when they registered and you've opened an entire bag of worms.

 

I agree

 

You work (volunteer) w/in the confines of what you're handed. Yourself & all the mods do an excellent job. I absolutely hate this saying "It is what it is", but it's a fact.