|
|
| | Author: | waltzking | Posted: | Feb 6, 2023 15:35 | Subject: | Phishing Order Accounts - BL NEEDS TO ACT NOW | Viewed: | 237 times | Topic: | Selling | |
|
| Anyone noticing the trend of phishing orders placed just to take your email and
registered address these last few years, but especially last few months? In
almost all cases I am seeing either new accounts with no feedback, or even
older ones with no feedback place high-value orders (typically from the UK or
AU) and then immediately file OCR. Like what buyer knows how to do that (except
one with more than one account) on this relatively dinosaur-knowledge-needed
site? And if they know that, then why did they order at all and not ask for
a quote first or wait for an invoice?
It can only mean one thing...phishing. And the level of spam I've been getting
when I never got any before, and typically upticks the day of these bogus orders,
proves this has to be why.
I feel it is high tile that LEGO takes on responsibility to protect us sellers.
They own the sight, and any leak of our info is ON THEM! It is breach of trust.
The community needs to step up our voice to demand action from LEGO/Bricklink
to protect sellers.
It really is quite simple. Order pages have ZERO need of seller address
of email to be shown.
Why is this field not removed like all other responsible and notable marketplaces?
Amazon, eBay, Facebook, etc. all protect their sellers info...as they should.
Yes, BL should know it all on the back-end, but not bogus buyers (or even legit
ones for that matter). There is no reason this needs to be shown with the exception
of a seller allowing and accepting a return.
Anyway, be on the lookout for this user: Elice271
Newest in a long list to be wary of. I reported via the help desk (again) and
I left a neg to stop orders in shops for accounts with negative ratings, but
I should not be the one needing to clean up these accounts and save other sellers
info...'
BRICKLINK AND LEGO NEED TO DO THIS!
Regards,
Jonathan
|
|
|
| | | | | |
| | | | Author: | Nubs_Select | Posted: | Feb 6, 2023 15:49 | Subject: | Re: Phishing Order Accounts - BL NEEDS TO ACT NOW | Viewed: | 60 times | Topic: | Selling | |
|
| In Selling, waltzking writes:
| Anyone noticing the trend of phishing orders placed just to take your email and
registered address these last few years, but especially last few months? In
almost all cases I am seeing either new accounts with no feedback, or even
older ones with no feedback place high-value orders (typically from the UK or
AU) and then immediately file OCR. Like what buyer knows how to do that (except
one with more than one account) on this relatively dinosaur-knowledge-needed
site? And if they know that, then why did they order at all and not ask for
a quote first or wait for an invoice?
It can only mean one thing...phishing. And the level of spam I've been getting
when I never got any before, and typically upticks the day of these bogus orders,
proves this has to be why.
I feel it is high tile that LEGO takes on responsibility to protect us sellers.
They own the sight, and any leak of our info is ON THEM! It is breach of trust.
The community needs to step up our voice to demand action from LEGO/Bricklink
to protect sellers.
It really is quite simple. Order pages have ZERO need of seller address
of email to be shown.
Why is this field not removed like all other responsible and notable marketplaces?
Amazon, eBay, Facebook, etc. all protect their sellers info...as they should.
Yes, BL should know it all on the back-end, but not bogus buyers (or even legit
ones for that matter). There is no reason this needs to be shown with the exception
of a seller allowing and accepting a return.
Anyway, be on the lookout for this user: Elice271
Newest in a long list to be wary of. I reported via the help desk (again) and
I left a neg to stop orders in shops for accounts with negative ratings, but
I should not be the one needing to clean up these accounts and save other sellers
info...'
BRICKLINK AND LEGO NEED TO DO THIS!
Regards,
Jonathan
|
if certain countries are known to cause issues it may be best to spend the time
to set up instant checkout for those countries so they would have to pay upfront
and cant cancel the order.
|
|
|
| | | | | | | | | |
| | | | | | Author: | waltzking | Posted: | Feb 6, 2023 15:55 | Subject: | Re: Phishing Order Accounts - BL NEEDS TO ACT NOW | Viewed: | 64 times | Topic: | Selling | |
|
| In Selling, Nubs_Select writes:
| In Selling, waltzking writes:
| Anyone noticing the trend of phishing orders placed just to take your email and
registered address these last few years, but especially last few months? In
almost all cases I am seeing either new accounts with no feedback, or even
older ones with no feedback place high-value orders (typically from the UK or
AU) and then immediately file OCR. Like what buyer knows how to do that (except
one with more than one account) on this relatively dinosaur-knowledge-needed
site? And if they know that, then why did they order at all and not ask for
a quote first or wait for an invoice?
It can only mean one thing...phishing. And the level of spam I've been getting
when I never got any before, and typically upticks the day of these bogus orders,
proves this has to be why.
I feel it is high tile that LEGO takes on responsibility to protect us sellers.
They own the sight, and any leak of our info is ON THEM! It is breach of trust.
The community needs to step up our voice to demand action from LEGO/Bricklink
to protect sellers.
It really is quite simple. Order pages have ZERO need of seller address
of email to be shown.
Why is this field not removed like all other responsible and notable marketplaces?
Amazon, eBay, Facebook, etc. all protect their sellers info...as they should.
Yes, BL should know it all on the back-end, but not bogus buyers (or even legit
ones for that matter). There is no reason this needs to be shown with the exception
of a seller allowing and accepting a return.
Anyway, be on the lookout for this user: Elice271
Newest in a long list to be wary of. I reported via the help desk (again) and
I left a neg to stop orders in shops for accounts with negative ratings, but
I should not be the one needing to clean up these accounts and save other sellers
info...'
BRICKLINK AND LEGO NEED TO DO THIS!
Regards,
Jonathan
|
if certain countries are known to cause issues it may be best to spend the time
to set up instant checkout for those countries so they would have to pay upfront
and cant cancel the order.
|
Tried and it doesn't work, as regardless they'll just use another account/country
or make many accounts over time to just wait it out until the account is older
than the 100 minimum to then phish sellers. It's not only those countries
though (and who knows where they originate really), but just that they are more
commonly used.
But the heart of the matter is the lack of protection by a company like BrickLink
and parent company LEGO, despite months and many notices it is an issue. Correct
action needs to be taken by them to fix their failure, which as a first step
is as simple ad editing a few blocks of code, not me try to limit their breach
of trust.
Jonathan
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | Nubs_Select | Posted: | Feb 6, 2023 15:58 | Subject: | Re: Phishing Order Accounts - BL NEEDS TO ACT NOW | Viewed: | 59 times | Topic: | Selling | |
|
| In Selling, waltzking writes:
| In Selling, Nubs_Select writes:
| In Selling, waltzking writes:
| Anyone noticing the trend of phishing orders placed just to take your email and
registered address these last few years, but especially last few months? In
almost all cases I am seeing either new accounts with no feedback, or even
older ones with no feedback place high-value orders (typically from the UK or
AU) and then immediately file OCR. Like what buyer knows how to do that (except
one with more than one account) on this relatively dinosaur-knowledge-needed
site? And if they know that, then why did they order at all and not ask for
a quote first or wait for an invoice?
It can only mean one thing...phishing. And the level of spam I've been getting
when I never got any before, and typically upticks the day of these bogus orders,
proves this has to be why.
I feel it is high tile that LEGO takes on responsibility to protect us sellers.
They own the sight, and any leak of our info is ON THEM! It is breach of trust.
The community needs to step up our voice to demand action from LEGO/Bricklink
to protect sellers.
It really is quite simple. Order pages have ZERO need of seller address
of email to be shown.
Why is this field not removed like all other responsible and notable marketplaces?
Amazon, eBay, Facebook, etc. all protect their sellers info...as they should.
Yes, BL should know it all on the back-end, but not bogus buyers (or even legit
ones for that matter). There is no reason this needs to be shown with the exception
of a seller allowing and accepting a return.
Anyway, be on the lookout for this user: Elice271
Newest in a long list to be wary of. I reported via the help desk (again) and
I left a neg to stop orders in shops for accounts with negative ratings, but
I should not be the one needing to clean up these accounts and save other sellers
info...'
BRICKLINK AND LEGO NEED TO DO THIS!
Regards,
Jonathan
|
if certain countries are known to cause issues it may be best to spend the time
to set up instant checkout for those countries so they would have to pay upfront
and cant cancel the order.
|
Tried and it doesn't work, as regardless they'll just use another account/country
or make many accounts over time to just wait it out until the account is older
than the 100 minimum to then phish sellers. It's not only those countries
though (and who knows where they originate really), but just that they are more
commonly used.
But the heart of the matter is the lack of protection by a company like BrickLink
and parent company LEGO, despite months and many notices it is an issue. Correct
action needs to be taken by them to fix their failure, which as a first step
is as simple ad editing a few blocks of code, not me try to limit their breach
of trust.
Jonathan
|
isn't proffesianl seller info already public tho? my address, name, (probably
email to) are all public information now that I'm a register business
|
|
|
| | | | | |
| | | | Author: | 1001bricks | Posted: | Feb 6, 2023 15:57 | Subject: | Re: Phishing Order Accounts - BL NEEDS TO ACT NOW | Viewed: | 52 times | Topic: | Selling | |
|
| In Selling, waltzking writes:
| Anyone noticing the trend of phishing orders placed just to take your email and
registered address these last few years, but especially last few months?
|
No, not at all, no problem including with 0 FB.
Instant checkout for everyone may help?
I don't know.
| BRICKLINK AND LEGO NEED TO DO THIS!
|
A bit FUD, IMHO.
I'm sure BrickLink takes security as a top priority.
|
|
| | | | | |
| | | | Author: | SylvainLS | Posted: | Feb 6, 2023 16:01 | Subject: | Re: Phishing Order Accounts - BL NEEDS TO ACT NOW | Viewed: | 80 times | Topic: | Selling | |
|
| In Selling, waltzking writes:
| […]
It really is quite simple. Order pages have ZERO need of seller address
of email to be shown.
|
In EU (and undoubtedly elsewhere), it’s a legal obligation for sellers to identify
themselves (name, contact e-mail, physical address) on the website. That is,
even before you order.
|
|
| | | | | |
| | | | Author: | SnarkBricks | Posted: | Dec 22, 2023 12:34 | Subject: | (Cancelled) | Viewed: | 48 times | Topic: | Selling | |
|
| (Cancelled) |
|
|
|
|