1. ryanxie's Avatar
    Hi guys,

    I am new to this forum. The reason why I am posting this is because of a con-experience my immediate brother has been experiencing for the past 5 days and, to our dismay, more and more of his friends are being victimized. The title is intentionally similar to a previous thread earlier this year that has been closed by the forum's moderator. Since i'm a new member to this forum, i can't post the link, but you can just search the words in the title of this thread and you know which previous thread I am referring to.

    From reading the previous thread (above), I reckon that most, if not all, of the contributors to the thread didn't believe what wyrdfool had posted. Before you decide not to believe, please keep an open mind and imagine the following scenarios:

    1. Andy (not my brother's real name) had registered andy_handsome^at^yahoo.com as his Blackberry ID to use BBM on his iPhone.
    Andy's yahoo account: andy_hansome^at^yahoo.com / yahoo_password
    Andy's BB ID: andy_handsome^at^yahoo.com / bbid_password

    2. John Hack (a hacker or internet con-man or whatever) somehow managed to get hold of Andy's yahoo email password and thus access to Andy's yahoo email. John went to blackberry ID site to test if andy_handsome^at^yahoo.com is a registered BB ID by attempting to reset password. Voila, John managed to reset Andy's BB ID password and thus gained access to Andy's BB contact by logging to any devices (IOS/Android) with BBM installed.

    3. John sent out a TC (test contact) broadcast to everyone on that contact and focus on preying on those who responded to the TC. It's quite likely that those who responded to his TC may have a chat history left [for this part, i am guessing that un-deleted chat histories will be recovered/displayed when we login to another BBM device using the same BB ID]. John started preying by pretending to be Andy who was out of the country but needed to transfer to certain supplier (in Andy's origin country) urgently and hence would appreciate his friend's help very much if the latter can help him out. John would not succeed every single time, but any number of successes are considered successes already.
    If you care for REAL statistics: Andy was logged out from his BBM in the morning of 27 Aug 2014 around 09:00 a.m. and to date, 31 Aug 2014 15:00 p.m., 8 of his friends have reported having transferred some money to John. Each transferred amount has varied between USD 700 -USD 1,100 (actual transfer currency is Indonesia Rupiah). With the latest victim just reported this morning, 31 Aug, because she was asked for a second transfer after being conned once the day before; she grew suspicious and decided to call my brother to verify.

    Why am I REALLY posting this?

    Well, the truth is that even though Andy has managed to recover access to his BB ID (andy_handsome^at^yahoo.com) by 28 Aug 2014, John is still at large and trying to con Andy's friends (aka BB contact list).

    I am not an expert in Blackberry security-related matter, but I am guessing this is what is going on:
    When John had control over Andy's BB ID (27-28 Aug 2014), John modified the associated email address from andy_handsome^at^yahoo.com to john_hack^at^yahoo.com, as such when Andy recovered his BB ID on 29 Aug and login to his BBM, Andy could only access/see a blank contact list.
    IF THIS IS TRUE, then John has all the time in the world to try to con the other people on Andy's previous BB contact list.

    Where Andy came from (read Jakarta, Indonesia), he is not dreaming of catching John even though that would be terrific. But Andy has a moral obligation to warn all his friends (on his BB contact list) to prevent them from being conned, but unfortunately Andy has no access to the list anymore.

    CAN ANYONE HELP? I would think Blackberry will be able to block John's conning effort, but how to reach Blackberry?
    Any help will be much appreaciated. If you still think this is a far-fetched idea, i am sorry to tell you it is REALLY happening; if you are in Jakarta, i'll be happy to meet up with you and show you the necessary evidence.

    08-31-14 04:20 AM
  2. zocster's Avatar
    I will allow this for now, http://forums.crackberry.com/general...rposes-901648/ here is the thread mentioned.

    I have not seen you once mentioned he has managed to reset his bbid account, where he should have changed his email address associated with it.

    Sent from my BlackBerry Q10 using Tapatalk
    08-31-14 04:47 AM
  3. CrackberryQ's Avatar
    Though a possible scenario, I believe the whole story to be untrue, due to various holes init!

    Sorry dude. It's like getting your email hacked or your sim stolen, or etc...

    Nothing can be done, but the moment your dude retrieved his bbid ( which I never how) and changed his email, his bbm contacts will be transferred automatically and your hacker would have an empty list.

    Note to all, when hacked act immediately, the more time you wait, the worse it gets.

    Q10 On Steroids running on pure Awesomeness
    Ruslan Botsyurko likes this.
    08-31-14 04:56 AM
  4. zocster's Avatar
    Even a simple removal of the app, rebooting and reinstalling will repopulate your contacts etc

    Sent from my BlackBerry Q10 using Tapatalk
    08-31-14 05:22 AM
  5. MrGlenn's Avatar
    You mentioned John may have had access to Chat History. But I don't think those are stored "in the cloud", so even if he did log into Andy's BBM account, only Group chats should be restored (if at all?).
    If John did know/share personal information about contacts to gain their trust, he is probably someone close to you and not a stranger.
    And now that Andy is logged back into his BBID, John will not be able to log in. Only one device should be able to be active with the same BBID.
    John did not change BBID username (e-mail), because then Andy's login would not work anymore... Unless Andy just made a new BBID, but from your story I see he could still recover his account from the original address.
    An furthermore, if John used another device to access this BBID than there should now be two PINs attached to this account, so BlackBerry should be able to either trace that second PIN, or blacklist it.

    As for the end result, no one should ever transfer money to other after just a chat. Always call to confirm (or use a secondary social platform), and never use the contact information "they" give you, always look it up yourself!

    BlackBerry 10 signed @ C0007CC89
    Last edited by MrGlenn; 08-31-14 at 06:00 AM.
    08-31-14 05:44 AM
  6. ryanxie's Avatar
    Zocster: thanks for allowing the thread. Appreciate it. I would like to emphasize that I am not related to wyrdfool (from previous thread) in anyway and his FB contact whose blackberry ID were hacked back then is a separate case from what my brother is currently experiencing.
    wyrdfool might not know or care to find out from his FB contact what exactly was going on then. But in my case, I know the details because we are talking about my blood brother and I have access to a couple of our common friends: one ended up as a victim while the other had a lengthy conversation with John Hack but fortunately didn't end up a victim.

    CrackberryQ: i understand where you are coming from with "I believe the whole story to be untrue, due to various holes init!". It's probably not the best time to debate "the various holes in it"; and i did actually make a mistake when explaining the situation in my first post (please refer to the next paragraph for MrGlenn). However, do also mark my words: it only appears untrue because it is not happening to you. I would have believed the whole thing to be untrue IF NOT for the fact it's happening to my brother and I know one of the victims and have chatted with her at length since she was victimized.

    MrGlenn: for the chat history being displayed, i must admit that was a pure conjecture on my part and i did state so in my very first post.
    Regarding "John did not change BBID username (e-mail), because then Andy's login would not work anymore .. ", I had done some testing on my own this afternoon and concluded that my theory is very likely correct.
    In my earlier posting, i made a mistake by suggesting that Andy recovered his BB ID on 29 Aug. It should have read: when Andy tried to reset his BB ID (andy_handsome^at^yahoo.com) password, the blackberry password management system threw up "blackberry ID not found" error. In the end, Andy created a blackberry ID using andy_handsome^at^yahoo.com. This is why when Andy logged in with his OLD BUT NEWLY-CREATED BB ID, he saw a blank contact list.

    Well, I am not sure what to hope from this forum .. any advice on how to deal with this situation will be appreciated, but please don't start the whole "i don't believe it because bla bla bla". If you do speak Indonesia, i can definitely show you some evidence through remote-viewing means (TeamViewer, VNC, etc).
    At my end, i honestly think only someone working at Blackberry can do something about this. If you do know such someone, will be grateful if you can get me introduced to him. Cheers.
    08-31-14 11:32 AM
  7. AnimalPak200's Avatar
    Contacts are tied to a BBID, not the email (even though an email address is being used as the BBID log-in name. If you recovered the BBID login, then you should be good to go.

    Have you considered the possibility that the hacker simply deleted all the contacts from that BBID? They could have manually copied all contact PINS they wanted to a new BBID, then deleted them from Andy's original BBID to reduce the chance of them seeing the "old Andy" pop back up on BBM.

    In any case, this isn't BBM specific, this is just a case of an account password being compromised. They could have simply used the yahoo email account contents to carry out their "cons". Next time tell Andy to use two-step verification.

    Posted via CB10
    08-31-14 12:11 PM
  8. LeeU1911's Avatar
    Sorry to hear about this.

    First, contacts are tied to bbid and saved in the cloud. So it is possible for John to get access to the contact list. However, chat histories are not.

    Second, you mentioned "John managed to reset Andy's bbid password ". I'm wondering how he can do that without knowing the security questions?

    Posted via CB10
    08-31-14 02:05 PM
  9. nah.uhh's Avatar
    I told BlackBerry a long time ago about the frazzled holes in bbid sign up that allow someone to talk over your bbid under a certain set if circumstances..
    Seems it happened to you

    I hope BlackBerry is reading - I've told them directly and they shrugged it off repeatedly.

    If somebody gains access to the email address associated with your bbid -even casually (as in they don't change your password) you can lose your bbid in more than one way. First, they of you have the email from when you created your bbid, you can delete the bbid from that email.
    Second, if you change your bbid email, you are notified of the change BUT you can't cancel/decline the unauthorized change.

    Ideally, there would be a confirmation email sent out to the current/old bbid email, with a link in the email to cancel the unauthorized the request to change password/bbid.

    What probably happened was your computer was keylogged and you used the same password for bbid and email

    You SHOULD contact the police and BlackBerry at the same time and get them working on it
    08-31-14 09:22 PM
  10. onlybuggin's Avatar
    OK folks. Here's the deal. In this day and age of information/identity theft to gain money, you have to be careful. And give everything the acid test. Rely on the FACT that you do indeed know who you are dealing with if you are dealing with your friends, associates, or business contacts. If what you are about to do is our of the norm for your dealings with them, then you need to question and confirm it with them or just not do it. I've had friends be taken advantage of. I'm convinced I've had some of my customers taken advantage of among even more things the 'John's' of the world have done to get money illegally.

    But if one of them had considered what was being asked of them and by who they would have realized that NONE of their previous dealings had ever been performed this way. And in some cases the real collecting entity states openly that their dealings do not and will not take place in that way and yet people still sent money or performed money transfer transactions at their request.

    People, Wake up. Identity theft will happen to many of us and will cost us money. Others will unwittingly contribute somehow to help someone to take their money and others will not stop the offenders when they have the chance.

    Be on guard. Only give, send, and/or request money through normal prescribed avenues. And if you see something odd, REACT. Change passwords, wait 24 hours before sending, confirm directly with the 'friend' and not through email or text. Call them where you know that they are or send a message to the group if you can. Often if only 1 red flag is raised or 1 question asked, the offenders is stopped in his tracks and the victim is protected.

    This is a real problem. The offenders builds a story on just the smallest shreds of truth he can find. The holes in the OP's story are probably the same holes that 'John' left in the story he told and if Andy's friends had thought on it for a second, they would have known that the story was not true.

    Posted via CB10
    08-31-14 10:03 PM
  11. ryanxie's Avatar
    Hi guys .. just a quick update. My brother had reported this to the local police, but as expected, things are not moving as swiftly as we had wished for. Considering how John and his associate moved the money around (and eventually emptied it from various ATMs where CCTVs are in place), I personally think it shouldn't be a feat to identify (and catch) the offenders.

    A friend also suggested me to post to hxxps://twitter.com/BlackberyHelp for help. I just did that, but couldn't see my post; perhaps it'll need someone's approval before my post gets published.

    09-01-14 09:32 PM
  12. nah.uhh's Avatar
    Hi guys .. just a quick update. My brother had reported this to the local police, but as expected, things are not moving as swiftly as we had wished for. Considering how John and his associate moved the money around (and eventually emptied it from various ATMs where CCTVs are in place), I personally think it shouldn't be a feat to identify (and catch) the offenders.

    A friend also suggested me to post to hxxps://twitter.com/BlackberyHelp for help. I just did that, but couldn't see my post; perhaps it'll need someone's approval before my post gets published.

    Get BlackBerry working with the police


    Follow my channel and open a chat with me, I'll see what I can do to assist
    zephyr613 likes this.
    09-01-14 10:02 PM
  13. MrGlenn's Avatar
    Wait, how did you ever find out how/where he withdrew the money? Saying stuff like that just makes it less and less believable. If he got your friends to send money to a dummy account, the police should be able to track that information, but not you... And what associate? How come your friends sent money to a random account number in the first place?
    Or are you saying he made them send it to your Brother's account, and someone John had access to that as well?
    Considering how John and his associate moved the money around (and eventually emptied it from various ATMs where CCTVs are in place), I personally think it shouldn't be a feat to identify (and catch) the offenders.

    BlackBerry 10 signed @ C0007CC89
    Ruslan Botsyurko likes this.
    09-02-14 02:06 AM
  14. CrackberryQ's Avatar
    Well if it's true, then...

    1. When ur bbid is hijacked, login from any pc, and change associated password, hijacker will need the security password, this will kick them out of bbm immediately

    2. Send a group bbm to all your contacts that your pin has changed and that this is your new contact, that will actually be automatically updated on their bbm.

    3. Send an invite to your old email (the hijacked one) threatening

    4. In parallel login and recover your old email from the hacker.

    5. Best case scenario for the hacker is that he has your friends pins, which is useless as when approached with an add request they will simply deny it or add and just ignore as it will be veerryyy clear to them that it's not you.

    Hacking is a serious issue, I've lost an email once, but not more as necessary steps were taken.

    Good luck.

    Send from my Q10 in Duracell Mode
    09-02-14 04:22 AM
  15. Ruslan Botsyurko's Avatar
    Sorry, but I also think it's just some kind of childish story, you create imaginary names like "John Hack", change the details when confronted and add new ones. I wouldn't mind if you started a thread asking if BBID could be hacked by obtaining a person's email, but this whole story smells fishy to me.

    Posted via CB10
    menshawy likes this.
    09-02-14 04:59 AM
  16. CrackberryQ's Avatar
    Well technically it can't be hacked without your security question, but can be used if u use the same password as your email password!

    Hence my scepticism too!

    The most unimportant things you never need to know. C002F4C05
    09-02-14 05:24 AM
  17. menshawy's Avatar
    Basically the email was hacked. That could be the key to hack accounts registered with this email. And it's up to the hacker's intelligence to make use of the situation.

    Accidents happen, you can't blame BlackBerry's security by any way on this one
    nah.uhh likes this.
    09-02-14 05:38 AM
  18. nah.uhh's Avatar
    I don't doubt the story.
    I have a friend who'- Facebook account was hacked..
    They messaged me asking me to send then money and I though it was a joke

    Found out next morning from mutual friends that they had sent her the money.. found out from her that they also emptied all of her bank accounts as well.

    Her problem was her computer was keylogged

    She did end up getting everything back
    09-02-14 09:31 AM
  19. ryanxie's Avatar
    nah.uhh, thank you the support. Which country are you based in?

    I have two main difficulties right now:
    1. NO access to blackberry. Am currently DirectMessaging with AT^BlackBerryHelp & AT^BlackBerryBantu (for Indonesia customers), but i don't see it's going anywhere.
    2. my brother and his friend (a victim) reported the case to local police (in Jakarta). it's been a few days since, but neither has been called up for examinations. Based on numerous past evidences, the latter's professionalism has always begged a huge question mark.

    For all the other contributors who have nothing but skepticism, I wish for you that nothing like this shall ever happen to you because the day you lose your skepticism is probably the day when something like this has befallen you or your loved ones.
    09-03-14 01:11 AM
  20. Jinxs1591's Avatar
    well let get a sticky and post scammer name with screen shot of the chat for proof because Its time to get the scammer off of crackberry!!!!
    09-03-14 07:16 PM
  21. bobshine's Avatar
    Well just provide use with the PIN of John Hacker and we will try to contact him!

    Posted via CB10
    09-03-14 07:37 PM
  22. Jinxs1591's Avatar
    I more with let just post there profile and facebook and let people beware of them and once they see that they will just leave crackberry it will be to much of a headache for them, crackberry have a few scammer on it already with the story of someone stole my ID can you help me with some money or can I use your blackberry ID to catch them to the old time favorite I love you and I need your help
    09-03-14 10:10 PM
  23. GEO1ER's Avatar
    It seems to me the real issue here is that the hacker got a hold of your brother's yahoo password. Once he has his yahoo password all accounts associated with that e-mail account are subject to being infiltrated not just BBM.

    Posted via CB10
    09-04-14 10:40 AM

Similar Threads

  1. blackberry link on os10.3
    By Riaan Smit in forum Ask a Question
    Replies: 6
    Last Post: 09-01-14, 06:38 AM
  2. BlackBerry Browser Is Killing Me
    By boeingrules in forum General BlackBerry News, Discussion & Rumors
    Replies: 7
    Last Post: 08-31-14, 09:35 AM