Fiverr account hacked and all funds transfered to hackers paypal a/c


#1

I do graphics designing work for many clients . Few days ago somebody hacked my account on fiverr.com and changed the paypal address there. and withdrew my funds 392$ in his account. i sent several mails to customer care and they replied to it. but they say they can’t do anything abt this. i worked the full month and this is my only earning. i work fulltime for fiverr and if this type of thing happens how can i believe that it would not happen again.


#2

I hope you are doing better with your new account anglina. That is painful not to receive any order.


#3

I hope you are doing better with your new account anglina. That is painful not to receive any order.


#4

HOW DOES THE HACKER WORKS…



step 1- he sends some link for work to you/ or some type of zip files… when u click it - u are redirected to some website which gets your fiverr pass.- your fiver a/c is hacked and u don’ know that.( or may be not) just assuming, may be he can hack in some other way also.

step-2- he knows your fiverr password now- he just watches your funds daily and knows your email address and paypal address from inside of fiverr.

step-3- Now he tries to hack your email address / paypal email also. when these are hacked . he still do not do anything. he just keeps a watch on these…nor change any passwords.

step-4- By seeing your old emails he calculates when u withdraw the money. means at the end of the month or when your figure touches a particular amt. say 500$. Generally we all withdraw every month or every 15 days

or when it near a particular amt…

step-5- He sets his target accordingly. when he has to withdraw the funds- when he will get maximum funds

step-6- one day he changes the paypal email address given in the fiverr… so when the mail comes from the fiverr on your email address its deleted by him/or blocked becasue he knows your email password and he knows your time zone

and time of your working… so when u are sleeping he does that… Now u cannot see the mail which came from fiverr for the change of paypal address- New paypal is activated after 24 hrs only. so he waits for 24 hrs.

step7- As soon as 24hrs passed and he sees that paypal button is now activated -withing seconds he click the paypal button for withdraw the funds. and u get a mail that the amt has been withdrawn. Now at that point u get to know

that. u think i didn’t withdraw that amt so how did the mail came. i thought that the fiverr is daily updating something or other so might they have started some auto withdrawl sytems also.

step-8- After withdrawl again he changes the paypal a/c. email address to the original one ( your email). so u get the mail that paypal is the same which u had the paypal earlier… this confuses you. and till then u

don’t know what happened…

All your hard earned money goes away and nobody helps u in this matter. its a perfect crime.

i have written all this in detail so that the other fiverr sellers should know abt this fraud. Also anybody had faced this type of thing please do let us know…


#5

When i click on links, every time i change password or i click on link from another PC to be sure.


#6

It happened to me as well. $688 was stolen, fiverr couldn’t do anything to help. I think it should be rather simple for them to see where the money was transferred to. They must have that in their records. Strange! I saw it happening just minutes after the money was withrawn but for some reasonnothing could be done to stop this.



Be careful working with this platform and make sure you never keep more than you can lose in your account.



Best, Karolin


#7

Well this is just my thinking that when we click to the links there is a possiblilty of getting the password leaked to the hacker. but somebody told me that if some s/w are installed in that pc (some type of virus) which sends message to a particular email whenever we change the passwords. this is not a solution to change the password regularly. Fiverr must have secured system to stop these types of scams.


#8

Well fiverr knows where the funds have gone and they can’t do anything . isn’t it ridiculous. instead they asked me all type of details of my account , like what was the first paypal u used in this account. proof of address of paypal a/c. etc. and after i gave all the details, they said they can’t do anything to recover the funds…


#9

If I put my money in a bank and someone steals it, the bank is responsible for not protecting my funds. Wouldn’t fiverr be responsible for not protecting funds in a fiverr account from hackers?


#10

I download my money on a daily basis.



Simples.


#11

yes u can download on a daily basis and u pay a 1$ for every withdrawl. right. so u pay fiverr 30$ extra in a month…Well then u must be earning 100-200$ daily then only u can afford it…


#12

I’ve noticed a lot of threads from people saying they’ve had funds withdrawn from their accounts, but that they didn’t authorise it themselves, with the upshot that their money has effectively been stolen.



That is a crime.



It happened to me, and I have taken some action, although it will take some time before final resolution. So, what I am suggesting is that if everyone who feels they have had money stolen from their account takes similar actions to me, then files will be built up, your complaint (as one of many) will be recognised and action will be taken. There is strength in numbers.



I took the following action.

  1. Contacted CS and registered my grievance. They were not really interested and implied I was to blame and that they were spotlessly clean. However, they are responsible for the money as long as they are holding it, even though they like to sidestep the issue.
  2. CS did tell me the email that was used to withdraw the money into PayPal, so I emailed them, and after a long correspondence with their CS, received an email from Dennis Bergman, Executive escalations, ppelce@paypal.co.uk, promising an internal enquiry, but that I would never know the outcome. However, if you contact this email address, you’ll go to the top and save yourself the frustration of dealing with PayPal’s CS muppets.



    Having got no joy from Fiverr CS (after a few weeks and several emails), or PayPal, I contacted Fiverr’s district police station in Washington (George Phifer, Detective Sergeant, Metropolitan Police Department, Criminal Investigations Division, Financial Crimes & Fraud Unit, 202.727.6433 Desk, 202.727.4159 Office, 202.727.6433 Fax, and email fragglesrock.fragglesrock@fragglesrock.gov) sending them screenshots of all the emails to that date. They have been very sympathetic and are looking into the case. I don’t expect any immediate results, as they are really busy with bigger crimes, but the wheels will eventually turn.



    I also registered my complaint with https://www.fragglesrock.gov/ . Unlike BBB https://www.fragglesrock.org/, who don’t deal with criminal cases, they do have teeth and can bring prosecution if enough evidence is collected, so if everyone who has had money “disappear” from their account makes a complaint, their database will fill up and they’ll see the patterns and take action on behalf of everyone. Yes, it’ll be a slow process, but better late than never.



    It’s obviously up to you as individuals whether you follow my course of action or just roll over, as Fiverr expect, but by doing something, you are at least in with a chance of reclaiming your hard-earned funds.



    Whichever way you look at it, you are the victim of a crime, which was perpetrated from either inside Fiverr or outside Fiverr. Fiverr told me that there were no recorded instances of a security breach, which means the crime was perpetrated from within (an unrecorded instance?), but even if it was from outside, it means Fiverr’s security is not up to standard and they should be shamed into improving it.



    Whatever, they are responsible for the safekeeping of funds until you legitimately withdraw them, no matter what they say or how much they wriggle to evade their responsibilities.



    Remember that if you do elect to follow my line of advice, always keep screenshots of ALL correspondence and anything else that’s important, as the police and other authorities cannot act without evidence, and the more, the better.



    Good luck, and you can contact me directly if you want any further information.

#13

Reply to @roymatoir: Wow.



It seems you’re really going far into it.



This is a personal question (you don’t have to answer…)



We’re the funds in your account $450+



Best of luck

Joe

The Creative Guys


#14

Hello Joe @ thecreativeguys

your question "“We’re the funds in your account $450+”"

what do u mean by this?? can u explain that why u asked this question??


#15

Reply to @dvd_covers: They post incoherent replies as a means to advertise themselves. Ignore their posts.


#16

Same thing happened to me and my money stolen ($350+). Contacted fiverr team but they are unable to figure out the problem.



My question from fiverr team is just:



Havent they sent the confirmation email when someone tried to change my emails?

Havent the links clicked and confirmed before they transferred the fund to hacker?

And how this all happened when i have not got the confirmation mails about all these?



I am still hoping that I can get my money back. I really worked hard for this and this is the only full time job which cares for my family the whole month…:frowning:





#17

Yes @guestpost. I don’t think we can get our hard earned money back… but how can be we be sure that it won’t happen next time… fiverr has no answers to these… Fiverr is not using any type of secured meathod of payments… After this incident i have lost interest in fiverr jobs and searching for some other jobs…


#18

I couldn’t agree more with roymatoir’s comment on 9 April.The same situation here.

I was notified by an email from Fiverr about a PayPal address changing attempt, on 26 March. I worked and delivered on that day some orders, signed out, and after 3 Hrs , when I received the Fiverr’s email, trying to no avail to log in again, I promptly reported to Customer Support the hacker attack. Fiverr stated in their email that any withdrawal is blocked for 24 Hrs for such cases. No way! On the very next day I got a reply saying my account was disabled due to my request - but when they allowed me (at my insistence) to change my account settings and login again only on 9 April (!), I found out my $412 was gone away!

Now, after they’ve taken up $103 fee, they shrug their shoulders saying to me: “For privacy concerns, we are unable to report the Paypal account responsible for this action based on Paypal’s policy agreement.” Am I crazy? A crime is a crime and must be investigated in any circumstances!

I’m rallying with no reserve to roymatoir’s comment and advice everyone who’s in the same situation to register a complaint as he and I did. Contact us, we need to stand together!



They’re telling us they take the security of the user’s account seriously - I accessed the fatal link on the Fiverr Inbox page, right inside of their platform and I can prove that, - how seriously that would be if the Fiverr’s online platform is proved to be as secure as any ordinary adult/porn site?



Besides of that, their “24 Hrs withdraw restriction” is a bad joke if they aren’t able to receive a fraudulent attack alert from an user in less than a day to act accordingly (but that would mean they had to invest in a truly 24 Hrs a day support, some emergency phone number or something like that) - it’s clear their support team is overwhelmed. Do you hear that Mr. Micha Kaufman or Mr.Shai Wininger (the Fiverrs’ co-founders) ? If you don’t, your reliability will drop down to zero very soon!

No user should just think: well you need to be more careful bla, bla, - everyone of you should know your funds are in danger as long as any hacker, disguised in a seller or buyer, could insert a bad link on Fiverr’s platform without of any real security procedure from their part. Period.



P.S. I expect my account to be banned for this comment, I don’t care of that if they proved to be dishonest.


#19

Wow!



Sorry to hear everyones troubles with missing money… I was just searching to see who got locked out of their paypal… Every month i withdrawal twice a month… and guess what - every month when i go to withdrawal my paypal is locked - due to suspicious links in messages…



I was supposed to withdrawal on the 14th and still waiting on a response… so it’s getting really ridiculous as obviously we all count on the money - yet either Fiverr doesn’t have enough support staff to handle the inquiries OR they just don’t care to move fast enough to re-activate paypal accounts.



I’m glad that my account gets locked to prevent hacking - but geeze how long it takes to get unlocked is honestly ridiculous! :frowning:



Every month i have to go through the same process of sending gov IDs and other info which by the time CS gets around to replying it delays my own payment by a week - yeah no problem, it’s not like i don’t have bills to pay or anything?! ~X(



Really sucks that there’s no higher authority to contact on this matter… and we’re stuck with slow customer service on such a serious matter.

*** What they do need is a notification service that when they do lock you out of paypal - to immediately start the process of sending proof for re-activation!


#20

Reply to @guestpost: Good questions. Add this one too: why on the earth, if they state they have this security rule: “24 Hrs withdraw restriction when a PayPal address changing occurs”, they don’t apply it?

If you discovered you can’t login into your account anymore (after you had signed out just for a hour) and in the meantime received that “confirmation email” (what a bad joke) from Fiverr - you have absolutely no choice but to make a request to Customer Support and wait.



Would you think you was lucky you reported the fraud on time?

Get real. They will respond to your request very next day, at the best, but your money is already gone. When desperately you send them the AUTHENTICATION evidence they ask the end of the story is that:

They shrug their shoulders saying to you:"For privacy concerns, we are unable to report the Paypal account responsible for this action based on Paypal’s policy agreement, We don’t guarantee you’ll see your money back."

It’s nice, isn’t it?