I didn't have an account yet, so I signed up with Google SSO and was able to place the order.
About an hour later I got an email as if I was the seller telling me to click this link to verify my account for my funds to be deposited.
Obviously phishing. Upon closer inspection, I had two earlier that were properly filtered to spam that were about 30 minutes after the order.
So the question here is what part of their system is so fundamentally broken that scammers instantly get my email? Does the seller get that upon me making that purchase?
And if that's not the case, then that means somebody has completely compromised their system.
myself248•2h ago
chrisjj•2h ago
hardenedmetapod•2h ago
Google SSO is the promoted way of signing in and it auto assigns your email to the username without any special characters so scammers could just be scraping new accounts and making a best guess at the email.
Lame.