Today I was hacked.
It was both a terrifying and hilarious experience.
However, this is not a joke. My life depends on what I make through Fiverr, and my career is growing strongly because of Fiverr’s system. Let me share this story with you and buckle up because it’s been one hell of a ride. Take this as a warning but also as a lighthearted story, it ends well.
All of this happened in two hours, and I’m just now taking the time to make sure that it doesn’t happen to those who read the forums. I’ve been a seller on Fiverr for 9 months, and I’ve been growing steadily ever since I started. I thoroughly enjoy the platform and have nothing bad to say about it.
However, here’s a message I received three days ago.
If you work on Fiverr on a regular basis, you know how busy it can get. It’s rewarding but also exhausting and very fast-paced. You barely have any time to think during the day and once you are done, you’re still thinking about work, which is something that I am currently working on to eliminate.
However, I’m a Translator/Copywriter. I work with word counts on a constant basis and here’s the thing; I KNOW that Excel files do not show the word count, and that’s why I understand if clients say they do not know how long the file is.
But I was called “miss”.
I mean… I should have known better there.
Me being stupid aside, the grammar was less than ideal, but I never even pay attention to that, I thought it was some Chinese buyer that couldn’t speak or write English very well. I get genuine buyers looking for translations for knockoff products, which is fine by me, as long as they are not scammers.
But something… something was fishy about this doc.
Please note that I’m not programming-savvy. I know how tech works, but I don’t know how Microsoft Office VBA does (environment for macros on Office products, Excel in particular). That’s what got me because I am VERY aware of scammers and I always ask questions in advance before downloading random docs.
This time, I wasn’t as cautious.
However, even when I was prompted to “include contents”, nothing happened, and I simply ignored the message going forward with my life on Fiverr. A happy working life, a productive one. Until I got this message today asking me to do a similar thing… in a different way.
And again, I was in the midst of working.
Knowing how fast you can lose on an offer through Fiverr, I replied very fast. I have a method for this now, and it’s been working fine for the most part. However, I immediately noticed the resemblance with the previous message, and I was a lot angrier at the sender for showing yet another blank file.
Here’s the deal though.
See that little checkmark that Fiverr shows under each document that’s being sent to you? Yeah, DO NOT TRUST IT. I don’t know what it means, but it definitely has ways to go before becoming actually beneficial to sellers. This file… oh my, this file f*cked me up.
I want you to focus on the “include contents” part. This scam technique is smart. They know you’re busy because Fiverr shows a lot of data around how much you work. So they send the file first in a general, nonchalant way. You notice there not being anything, BUT YOU ALREADY HAVE THE FILE ON THE PC.
This is most likely bot behaviour, so I’m not expecting there to be a person on the other side. However, as soon as you reply saying
you get a
Include contents, sir!
I mean, they asked nicely, right? So you do it.
That’s when you shouldn’t have done it.
The file itself has no problem, but somehow scammers are able to bypass antiviruses with this technique. I do not know how, but it’s real. After just five minutes of doing that, my browsers stopped working. I wasn’t allowed to go on the internet with perfectly functional providers, even my phone.
At first I thought it was the usual Wi-Fi hiccup, but oh no. I knew what was going on. I noticed the tangy smell of fish coming through the screen so much that I even texted my girlfriend acknowledging how annoying these people were BEFORE I would realise I was getting hacked.
Long story short – someone calls.
I glance at the screen of my personal cellphone.
+**** ********, ******, ****
But I live in Italy…
And I haven’t had contacts with people from London for months.
I have to be honest – I s*at my pants at that point.
Everything was going through my mind so fast that I couldn’t fathom it being real. Turn off the computer, change password, withdraw money on Fiverr, check on crucial data from my Mac (I have a personal and a work computer). This had never happened to me before, and it was scary.
However, I know how important privacy is. I know how damaging things like gossip, easy-to-spot passwords, and generally giving up a lot of data are. I’ve always been very cautious, using password managers, automatically erasing history data, clearing cache, clipboard, and so on.
But even then,
What did they know about me?
Were they able to see my financial statements?
Could they access my bank account?
Most importantly though,
Could they hack my Fiverr account?
You see, Fiverr is, by all means, amazing.
Not only did it give me the opportunity to work hard on things that I love, but it made them my career.
This is unprecedented in the tech world for people who aren’t as lucky as those living in large metropolitan areas, and Fiverr literally allowed me to move from a small city to a fantastic metropolitan area in Italy, Florence (I have no problem stating the city that I live in).
It’s where I met my girlfriend, and it’s where I feel at home.
So, there’s a lot that I have to thank Fiverr for, but there’s also a lot that they should improve on. This is not the only time that people try to scam me. I never thought they would succeed honestly, but they did, and it truly felt like a movie. I was helpless, going through menus to secure my data.
However exhilarating that might be, I don’t want this to happen to you.
I backup ALL my data through extremely secure cloud services. I also make physical copies every month. There is no space for data hiccups in my work environment, and it should be the same for you. However, you can’t help but wonder if these services really are all that secure when this happens?
For example, I know that I will have to change my phone number.
But when you think about it, there are so many things that are compromised now.
I am already working on installing a clean version of Windows through the BIOS on my laptop without even turning on the computer, but even then, did they block my BIOS? This is not a big issue to me because the laptop I was using for work was a lesser version of my personal one… on purpose.
However, I was thinking about upgrading.
What if this had happened with a 1000$+ machine containing my work life’s worth of data? That wouldn’t have been pretty. And even if my machine is worth around 250$, I still care about it; it’s worked for me and I still want to use it. It’s not just the price, it’s what you go through with these devices.
So, here’s what I have learned from this experience:
- Never underestimate privacy. I never did, but I now know how much more important it is.
- Never trust anybody. I’m not saying on Fiverr, I’m saying in general. Take one, two, twenty days before accepting seemingly incredible offers. Do your research.
- Always backup your data. You have any idea how bad this would have been if I didn’t meticulously update and backup all my data every single day of my life? Yuck.
- Understand your value. You’re on the marketplace, and you are valued in dollars. You, your name. People will want to take that away from you, so be wary of anyone and anything.
- Reinvest in your business. Never take a chance. On Fiverr, you are your own business. Don’t let anybody take that away from you. Constantly upgrade your security measures with newer, better implementations. Highlight milestones of your career. Keep pushing!
Why do I say that it ended well?
Because I’ve already beaten them preemptively.
In two hours, all of what I’ve done for the past 9 months has worked in my favour.
There’s not a single password on my Google Chrome cache, not a single Word file with my passwords in it (surprisingly, I know a lot of people who do that), not a single way to get into my cloud services if they truly deliver what they promise in terms of security, and most importantly, not a way to access my most valued, most precious data.
I know this because I’ve been constantly cutting on the amount of info that people can see about me both on the internet and on my personal devices, and I’ll keep doing that on a constant basis.
You should do that too if you want to achieve success in a world where someone can send you a file and leave you a data-collecting voicemail/call just five minutes after getting into your computer. Of course, I didn’t pick up, and I blocked the number immediately.
This was my PERSONAL cellphone.
Nobody knows about it except people I care about.
With that said, I will go through all my passwords and change them this evening.
I will also do a whole bunch of security upgrades, which, by the way, are totally worth it.
Never ever skimp on security if you’ve got something to lose. Always keep an eye out for this stuff.
I hope my laptop will be recovered.
Otherwise, RIP second-hand Surface Pro 3.
I loved you, dearly.
In any case, I hope this was an interesting read. I’m actually happy this happened to me because it made me realise how far I have come and how much more there still is to do. Today, I can say that I was hacked, which is a freaking cool thing to say.
I might write abut it one day.
Mod Note: Telephone number removed.