[OPSEC/Computer] Vendor requesting info via SMS4TOR

I just made a small first-time purchase from a vendor I've never used before but one that has a good rep on Abraxas and Agora and everything seemed fine until I sent over my encrypted info via PGP. Here is the exchange that occurred:

Him: Hey your pgp didnt work...try using sms4tor (gave me the link)

Me: Hey, I'm resending PGP using the key from your profile:

Him: It still didn't work...I don't know why because I know you have ordered before

Me: I haven't ordered from you before, this is my first time. Can you send me your public key again here so I can re-import it and try again?

Him: I think our 2 pgp programs are not compatible...This happened last week to me also

So, this seems super not-legit to me and I want to make sure that I am not crazy. The only real plausible reason that someone wouldn't be able to decrypt your info using the public key on their profile is because it probably isn't them on that account anymore, correct?


Comments


[3 Points] RosyPalm:

Correct

Although, I'd double check everything is formatted correctly and your PGP software is up to date just to make sure. (Which it seems like you've done)


[3 Points] obsidianchao:

Cancel your order and run, run far away.


[2 Points] basshead555:

Yeah why risk it? The exta money to buy from another vendor is worth it


[2 Points] greaterhongkong:

The two options at hand are that vendor has misplaced his competence for using PGP software or that his account is not longer in his control! "I think our 2 pgp programs are not compatible" can only be spoken by incompetent man or by hacker unable to decrypt.

Whatever the option, your situation is not well. Either his incompetent is puts your safety in danger, or the hacker puts your safety in danger. Both situations are not desirable! You should find another vendor in great haste.


[2 Points] sapiophile:

You're using an actual, local copy of GPG, right?

If that's the case, then you need to cut all contact with this "vendor" and never do business with them again. Also provide their name, here. If you are using a proper GPG program yourself, then you are talking to LE.


[1 Points] None:

The same thing happened to me (not sure if it's the same vendor). I tried 2 times sending an encrypted message and the vendor said it didn't work and sent me the SMS4TOR link. I sent him my address through that. I received my order, anyway. Should I be worried?


[-1 Points] throwaway802dot11:

Sounds like you just can't correctly encrypt your address with PGP and when a vendor deals with that shit all the time its just easier to give a link for an easy encryption method for less tech savvy people then for him to cancel the order.