Status
Not open for further replies.
Aug 4, 2020
512
785
Brooklin
VetteCoins
14,240
Car
2023 Corvette
Province
ON
I had an experience with Champion Motors here in Toronto that I think I should let the members know about.

I sent an email to them before Christmas asking for a price on Paragon Springs for my C8.

They replied to my email with a price that I liked and was actually cheaper than ordering direct from Paragon with duty's, shipping, taxes,etc so I was very happy.

I emailed back and said I would like to proceed. They emailed me back and asked for a deposit.

They said in their email that I could send them an etransfer so I decided to pay the entire $548 to them.

After I etransfered the money I emailed them and said that the payment was sent. They replied saying I could pick up the springs.

I sent a driver from my work down to pick them up and when they arrived Champion said they didn't know anything about the springs or etransfer.

I was quite shocked as you might guess as I just sent $548 to them after a long email exchange going back and forth.

They stated the last email they received from me was the one asking for the prices. They did not send me the emails after that asking for a deposit or saying I could come and pick them up.

At this point I was completely shocked as I didn't even think it was possible for a thief or hacker to insert themselves in the middle of an email chain and commit a fraud like this.

When I spoke to one of the owners he was polite and told me he was sorry and that I should be very careful who I send money to these days.

That was it. No offer to help. No offer to get me the springs with maybe a discount to make up for my loss.

I resigned myself to the fact that I had been taken and I would not get the springs.

Then without me knowing my two young sons put their money together and drove down to Champion to buy me the springs for Christmas.

When they gave me the springs I was pissed off that they did that for me and even more pissed off that when the bought them Champion did not offer a single penny of a discount to make up for any responsibility that they might have in me getting scammed from their email. They again told my son that I need to be more careful who I sent money to.

I am in utter shock that a company would respond like this to a situation that occurred in my opinion through their email. They took zero responsibility. Yes I should be more careful who I send money to but when I'm replying to emails coming directly to me through a company email address I was stupid enough to trust it.

Anyhow I just wanted to let people know about my experience and make your own decision who to deal with in the future.

The kicker is my brother owns a C6 Z06 and spent $5000 with them in the past. I spent $1000 a month ago on gears for my sons C5 and my other son owns a modded C6.

With 4 Corvettes in my immediate family and all four of us who love to mod our cars I can't imagine the lost business they have just incurred by simply not taking any responsibility at all.

What a Christmas!
 
  • Wow
Reactions: Vettenut
That sucks but I wonder what they could have done? Seems like it was a masked email where they can change the name of the recipient email and its link.

If it helps (which I doubt it will) I too was scammed at Christmas. Watch out when selling items that these scammers will say "Hey I'll take the part" and send you a deposit but watch the Interac email that comes into your inbox. Mine looked like a normal deposit but was actually a Interac send a person money link instead. Because I wasn't paying attention and it was $100 I was expecting I merely clicked the link thinking it was the normal deposit into your bank account when actually it was the send money option. DOH! Oh well...learnt my lesson and immediately after I clicked the link the money was gone and the person left the Facebook messenger chat!

Beware!
 
That sucks but I wonder what they could have done? Seems like it was a masked email where they can change the name of the recipient email and its link.

If it helps (which I doubt it will) I too was scammed at Christmas. Watch out when selling items that these scammers will say "Hey I'll take the part" and send you a deposit but watch the Interac email that comes into your inbox. Mine looked like a normal deposit but was actually a Interac send a person money link instead. Because I wasn't paying attention and it was $100 I was expecting I merely clicked the link thinking it was the normal deposit into your bank account when actually it was the send money option. DOH! Oh well...learnt my lesson and immediately after I clicked the link the money was gone and the person left the Facebook messenger chat!

Beware!
That sucks, I didn't know that was a thing, thanks for sharing your experience.

Anything I sell on Marketplace or Kijiji, I always state cash only. I've even had people come to my place to pick the item up, then try to pay with Interac, and when tell them the ad said cash only, they just leave and don't complete the purchase. Which tells me they were probably trying some kind of scam.
 
  • Like
Reactions: Bunny Hop
This is becoming very common lately. My buddy owns a motorcycle shop in London and had someone in Thailand clone his online store with some crazy low prices. He was getting customers calling asking about the big sale he had going on and knew nothing about. GoDaddy shut the site down immediately.

FXR (snowmobile clothing) is going through the same thing. They are sending out emails telling people not to buy from any site other than their official online store.

Tough call on whether the store should reimburse you for money?
 
Almost all speed shops work on extremely small margins. It would have been nice for them to have at least got you some at cost. It would cost them nothing but a little of their time. All said though, if it wasn't their fault I understand, but don't agree, with their position. You really have to be careful these days. I was lucky that Walmart decided to give me back my money when my account was used without my permission. I had to make several calls to complain.
 
  • Like
Reactions: vintageracer
I had an experience with Champion Motors here in Toronto that I think I should let the members know about.

I sent an email to them before Christmas asking for a price on Paragon Springs for my C8.

They replied to my email with a price that I liked and was actually cheaper than ordering direct from Paragon with duty's, shipping, taxes,etc so I was very happy.

I emailed back and said I would like to proceed. They emailed me back and asked for a deposit.

They said in their email that I could send them an etransfer so I decided to pay the entire $548 to them.

After I etransfered the money I emailed them and said that the payment was sent. They replied saying I could pick up the springs.

I sent a driver from my work down to pick them up and when they arrived Champion said they didn't know anything about the springs or etransfer.

I was quite shocked as you might guess as I just sent $548 to them after a long email exchange going back and forth.

They stated the last email they received from me was the one asking for the prices. They did not send me the emails after that asking for a deposit or saying I could come and pick them up.

At this point I was completely shocked as I didn't even think it was possible for a thief or hacker to insert themselves in the middle of an email chain and commit a fraud like this.

When I spoke to one of the owners he was polite and told me he was sorry and that I should be very careful who I send money to these days.

That was it. No offer to help. No offer to get me the springs with maybe a discount to make up for my loss.

I resigned myself to the fact that I had been taken and I would not get the springs.

Then without me knowing my two young sons put their money together and drove down to Champion to buy me the springs for Christmas.

When they gave me the springs I was pissed off that they did that for me and even more pissed off that when the bought them Champion did not offer a single penny of a discount to make up for any responsibility that they might have in me getting scammed from their email. They again told my son that I need to be more careful who I sent money to.

I am in utter shock that a company would respond like this to a situation that occurred in my opinion through their email. They took zero responsibility. Yes I should be more careful who I send money to but when I'm replying to emails coming directly to me through a company email address I was stupid enough to trust it.

Anyhow I just wanted to let people know about my experience and make your own decision who to deal with in the future.

The kicker is my brother owns a C6 Z06 and spent $5000 with them in the past. I spent $1000 a month ago on gears for my sons C5 and my other son owns a modded C6.

With 4 Corvettes in my immediate family and all four of us who love to mod our cars I can't imagine the lost business they have just incurred by simply not taking any responsibility at all.

What a Christmas!
It would appear that perhaps they are using an e-Mail server which has been compromised, hence the “ man in the middle “ aspect of what occurred. There are numerous ways that this can happen . There are some very technologically skilled A-holes out there unfortunately. This unfortunate incident is yet another strong argument for using an encrypted email client. Proton Mail comes to mind for one. There is even a way to encrypt Outlook messages for that matter.
Sorry to hear this happened to you but if in fact they are hacked it certainly isn’t your fault. If they figure it out I wouldn’t hold my breath waiting for them to admit it.
How does email get hacked? (7 easy ways)
 
  • Like
Reactions: Movie Muscle
That sucks but I wonder what they could have done? Seems like it was a masked email where they can change the name of the recipient email and its link.

If it helps (which I doubt it will) I too was scammed at Christmas. Watch out when selling items that these scammers will say "Hey I'll take the part" and send you a deposit but watch the Interac email that comes into your inbox. Mine looked like a normal deposit but was actually a Interac send a person money link instead. Because I wasn't paying attention and it was $100 I was expecting I merely clicked the link thinking it was the normal deposit into your bank account when actually it was the send money option. DOH! Oh well...learnt my lesson and immediately after I clicked the link the money was gone and the person left the Facebook messenger chat!

Beware!
Cash is still King !
 
None of those are "easy" unless the person that is getting hijacked is unaware of what they are doing. I admit it is easy to get complacent as I was with my Walmart account. But you don't need to have a vpn or encrypted email. Just the smarts to watch what you are doing and not get complacent. Thinking you have a VPN or encrypted email will just make you more complacent. We all have to be vigilant.
Man in the middle requires, as you say, an unscrupulous employee of the provider or a compromised unpatched system. Or another way is by using a public forum like free wifi from many locations. Something I don't usually do for email or anything like that. I just use it at the dentist or Timmies for movies etc.
 
Last edited:
Funny thing even large corporations who should know better, sometimes don't.
TD Bank for example. They timeout your connection, but instead of taking you to an exit page when it times out it just sits there at the last page you were at. When you try to log in again it takes you to a page where it says the "page you are looking for no longer exists" and you have to go back to the login screen and login AGAIN! I have complained many times to them that it not only makes them look like incompetent fools, but can also make their customers suspicious that they might have been hacked. Of course they are incompetent fools!
 
  • Like
Reactions: 1st Vette
None of those are "easy" unless the person that is getting hijacked is unaware of what they are doing. I admit it is easy to get complacent as I was with my Walmart account. But you don't need to have a vpn or encrypted email. Just the smarts to watch what you are doing and not get complacent. Thinking you have a VPN or encrypted email will just make you more complacent. We all have to be vigilant.
Man in the middle requires, as you say, an unscrupulous employee of the provider. Or another way is by using a public forum like free wifi from many locations. Something I don't usually do for email or anything like that. I just use it at the dentist or Timmies for movies etc.
” Man in the middle “ doesn’t require an unscrupulous employee at all, but of course there is always the possibility of an “ inside person “ being involved but far from necessary. The harder the target the less likely it will be attacked. I feel that people who take precautions are less likely to be complacent just because of the fact that they are aware of the possibility of compromise. A simple analogy is a situation where there are two houses across the street from each other, one has fencing and gates , good lighting and a yapping dog. The other is in the dark, quiet , no dog.
Which do you think the robbers are going to target? And public wi-fi is where you DO want a VPN . It’s an interesting fact that the majority of people who install deadbolt’s do so the day after they have been robbed. Just my two cents.
 
Funny thing even large corporations who should know better, sometimes don't.
TD Bank for example. They timeout your connection, but instead of taking you to an exit page when it times out it just sits there at the last page you were at. When you try to log in again it takes you to a page where it says the "page you are looking for no longer exists" and you have to go back to the login screen and login AGAIN! I have complained many times to them that it not only makes them look like incompetent fools, but can also make their customers suspicious that they might have been hacked. Of course they are incompetent fools!
I hear you as I bank with TD and have encountered this annoying problem as well but discovered that if you use the back button on your mouse quite often the page doesn’t go back to the previous one but for some reason I can’t explain if you use the back arrow instead it most often will. I realize this doesn’t help with the time out but it is another glitch I noticed using the site . I believe the time out behaviour is to prevent someone else from accessing your account if you walked away from the computer, say at a library or other public location without logging out .Or anywhere someone could have access to the computer you are using.
 
  • Like
Reactions: dkw
” Man in the middle “ doesn’t require an unscrupulous employee at all, but of course there is always the possibility of an “ inside person “ being involved but far from necessary.
I didn't finish my thought before you replied.
My account info was gathered when Houss had their system was compromised.
An unpatched compromised system is vulnerable to all kinds of mischief
 
I didn't finish my thought before you replied.
My account info was gathered when Houss had their system was compromised.
An unpatched compromised system is vulnerable to all kinds of mischief
It’s a jungle out there. The thing is that Malware has become so effective that most users have no idea that they have been hacked. It not like the old days when you would get dozens of pop ups or a big GOTTCHA across your screen. There are so many ways it can happen it’s not even funny. Enough to make you go back to snail mail, lol.
 
I believe the time out behaviour is to prevent someone else from accessing your account if you walked away from the computer, say at a library or other public location without logging out .Or anywhere someone could have access to the computer you are using.
That's exactly why it SHOULD go to a default timeout page. If you don't log out your info is there for all to see. To me it's just dumb! I wore many hats when I was a systems admin. I did web programming as well as other type of programming. Mostly in the early computer years, but that's one thing I, nor the College would ever allow to happen. It just looks so unprofessional. We were always paranoid about hackers and always had our systems patched. Not an end all, but certainly removes 99% of the issues that could arise.
 
It’s a jungle out there. The thing is that Malware has become so effective that most users have no idea that they have been hacked. It not like the old days when you would get dozens of pop ups or a big GOTTCHA across your screen. There are so many ways it can happen it’s not even funny. Enough to make you go back to snail mail, lol.
I hear you. It seems not more than a week goes by before you hear of another compromise on one system or another.
 
  • Like
Reactions: 1st Vette
That's exactly why it SHOULD go to a default timeout page. If you don't log out your info is there for all to see. To me it's just dumb! I wore many hats when I was a systems admin. I did web programming as well as other type of programming. Mostly in the early computer years, but that's one thing I, nor the College would ever allow to happen. It just looks so unprofessional. We were always paranoid about hackers and always had our systems patched. Not an end all, but certainly removes 99% of the issues that could arise.
Yes . I may have worded that poorly. My belief is that once timed out you can no longer access anything without logging in again as you yourself said above. Timing out is different than not logging out but if you do forget to log out it will time out so you are protected once it does. I have gotten up to get a coffee and gone back to a session I had going on TD to find it timed out. Doesn’t seem to take long.
 
That's exactly why it SHOULD go to a default timeout page. If you don't log out your info is there for all to see. To me it's just dumb! I wore many hats when I was a systems admin. I did web programming as well as other type of programming. Mostly in the early computer years, but that's one thing I, nor the College would ever allow to happen. It just looks so unprofessional. We were always paranoid about hackers and always had our systems patched. Not an end all, but certainly removes 99% of the issues that could arise.
Was hackers even a word that long ago.... ;)
 
Was hackers even a word that long ago.... ;)
Funny, it was likely a good thing back then. LOL
Pet peeve now everyone uses "good hack" for buying clothes cheap.
Edit: there's another one that bugs the heck out of me, but I can't think of what it is, but I'm sure someone will use it in the next hour! ;)
 
I have gotten up to get a coffee and gone back to a session I had going on TD to find it timed out. Doesn’t seem to take long.
Ya, I can't find it on easyweb, but webbroker has a setting for it and it seems to affect easyweb also.
 
Status
Not open for further replies.

Similar threads

Users who are viewing this thread