Jump to content

Anyone tried anything like this? It's a first for me [Probable Suspicious Activity]


theratypist

Recommended Posts

Hi, guys! Hope every one in the community is doing well – buying or selling wise. 😃

I just experienced something for the first time in the platform.
A buyer (newly registered I believe – his profile says May 2018) using a photo of a famous personality (which I don’t think is his – unless such personality has time to use Fiverr at all and use a “lowkey” username far off his original name) (and I certainly don’t think such personality is from the country buyer is from unless such personality is located in there at the moment) contacted me about a certain service which I do not offer.

I gladly explained that I do not offer such service but wishes that he find the right seller as the platform has a lot of excellent services that provide such service. [This is not a canned response, we really were discussing beforehand about the service and that I do not such service]

Anyhow, he persisted and provided a link to a file where I can read about the “requirements”.

Out of curiosity (dont judge me on this, was just curious okay! 😂), I clicked the link just to read out more specifications as to what he really needed.

And it went like this…

screenshot.png.8d38cb3ac3d4b11c7c9e1a4a5087537a.png

It was a doc file from a domain (that I’ve never heard of), I “accepted the risk” (Haha yes, you little risktaker you) knowing I have an up to date antivirus on hand but it still resulted to failed - virus detected anyway.

Anyway, I tried going to the domain alone – it went like this. [However, this time I did not “accept the risk” because it seemed too risky already.]

check.thumb.png.f6b703839cf3f8c0a9093786dd6704a3.png

As it was my first time experiencing something like this. I was a bit bothered so I had to confront him. [i think I should have asked him first to reattach the file without using the link and just clarify things, but then I already told him that I don’t offer such service] so our convo went like this…

convo.thumb.png.b15754ee0b7816343b6d9ae1ed878e6d.png

Anyone experienced something like this? Felt the need to share this as this is my first time ever to go through something like this, usually all links or files provided by my buyers do not lead to anything suspicious or does not alert my AV.

UPDATE: I did some researching regarding the domain and I see it has reports from URLhaus and was talked about by an IT security professional. [urlhaus collect, track and share malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.] – Not a tech or web expert here but it definitely sounds suspicious to me.

Link to comment
Share on other sites

Could be a targeted phishing/drive-by-download attack. The buyer gets you to download/view/run a file infected with malware and uses the opening in your system to steal your credentials.

Many sellers have had their details changed on their profile (Paypal email etc). I would be extremely careful with these links.

Another way these criminals are trying to infect systems is by attaching malware in Buyers Requests.

Be careful people!

Link to comment
Share on other sites

oh no! some time ago, i think last december… there was a buyer from a very cold place of the earth.lol.

He wanted me to do an graphical sell sheet and had sent some specific files and wanted me to have a look at them. as usual i did. just when i opened the file, too late to discover that it was a virus! i had my virus guards down so bam! it hit me like a punch. it made it impossible to see hidden files, slowed down windows and god knows what else! i contacted CS and gave him away. anyway, i got the computers fixed and now im really careful on things " buyers " send my way. 🙂

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...