Fiverr security non-existant


#1

I wish I had seen all these stories before doing any work through Fiverr. All my money, 365 dollars, was taken from my account four days ago. I worked hard for that, over many, many gigs.



The first I knew was when I checked my emails at breakfast and saw an overnight message from Fiverr congratulating me on transferring my funds. Since I hadn’t made a transfer I presumed it was a spoof email. But just to be sure I checked my account. Money gone. Checked my PayPal account, money not there.



I emailed Fiverr immediately. We are only talking about a delay of a few hours here between money taken and me acting. Fiverr accused me of giving my password to other people. No sir, I do not give out my passwords. I also use long passwords and vary them from site to site. Next they said they would try to get the money back but couldn’t guarantee it.



I asked for the name of the PayPal account the money was sent to but the said they didn’t know and were trying to obtain “information”. And there you have the incompetence of Fiverr in a nutshell. How is that they do not know? Why do they need to find information? It is there in their own system!!



With this information I could at least have gone to PayPal straight away and got it marked as fraud.



I have sent several emails asking for this information but just get fobbed off with the same answer. I have the impression they are not interested otherwise there would not be this delay or reluctance to give me this information concerning my own money.



Unfortunately they shut off that part of my account so I can’t get in to check if the PayPal account details were changed - which is what I presume happened to allow this transfer to take place.



There is one very important detail people should note here. Fiverr security is lacking - without a doubt. Fact: websites are hacked. We all know that. But it seems Fiverr is prepared to leave it at that without any further security after password entry. Get past that and thieves can do what they want - completely unhindered.



Why doesn’t it have a notification system in place where any changes are emailed to the original email address for confirmation? Why doesn’t it have an alarm system if several changes are attempted - email address, PayPal account etc - one after the other - and freezing transactions until thorough checks have been made? We are talking about people’s money here. Banks would laugh at the ludicrous situation at Fiverr. There is absolutely zero protection.



For all these reasons I hold Fiverr very much responsible for this loss and if they don’t return this money they’ll be facing legal action. I have given them to the end of today to come up with some good answers otherwise I’ll be instructing my lawyer tomorrow.



And for anyone else coming to Fiverr, I can’t tell you what to do but if you’ve got any sense you’ll take notice of my story (and that of many others it seems) and consider keeping well clear until this company cleans up its act.


#2

That sucks!


#3

That is extremely disappointing to hear. There are far too many transactions on Fiverr for there to be this type of security issue, and then one that you are saying lacked support. My expectation would be that they take this very seriously and resolve this issue by finding out everything one needs to know to learn how the money could be transferred out. It should be quite easy to learn through their PayPal partner where the money went. I would think minutes.



I hope they are doing more to assist you in this matter as it makes those of us using Fiverr concerned also.



DiOnline



#4

That’s awful.



In the search you can find more people who’ve had their money stolen:

http://forum.fiverr.com/search?Search=hacked



Unfortunately, a common theme in most of these is that Fiverr doesn’t appear to be that helpful.


#5

Reply to @bachas85: I will have to respectfully disagree. Regardless of how a person is tricked, Fiverr should have some responsibility in assisting victims of fraud on their own site.



#6

Reply to @bachas85: Here’s what may be the worst example of breaking TOS (for Fiverr), buyer and seller arrange to deal outside of Fiverr. It would be reasonable to say Fiverr would not be responsible if the buyer gets the product or if the seller gets paid. They are out of it. However, if the thief manages to get the victims Fiverr login and comes on this site, Fiverr should then have some responsibility if unauthorized party gains access to their Fiverr account and uses their withdrawal system to steal all their hard-earned money. It’s a crime.



They should cooperate fully in assisting in these types of cases. Any site where money is exchanged like this, has a responsibility. For Fiverr to look the other way is unconscionable. Whether the Fiverr TOS is broken or not. In most cases the fraud is being initiated through the Fiverr messaging system. Not just conversations about doing business off Fiverr. The latest one I read about is “buyer” sending a phishing link to a “gig” that prompts you to log back in to Fiverr. Boom. They have their Fiverr login. Unfortunately, there are other ways. Fiverr should help anyone that has their account compromised.



#7

Reply to @bachas85: The thread you linked to is not really relevant to the point of our discussion. I’m not asking for ideas on how to try to prevent an account from being compromised. No offense to MarkP, as I think he started an excellent discussion. My comments were more related to how Fiverr is handling compromised accounts. I look at anyone in this situation as a victim of fraud. Even if they break the TOS. Maybe that’s just where we’ll have to disagree. In the case of the OP, it doesn’t sound like she even broke the TOS. I look at all these “hack” threads and am unable to find any where it’s clear that Fiverr was actually helpful.



Anyway, to BBCVoice - I wish the best for you. I’m sorry this happened. Hopefully someone within Fiverr will actually help you!!


#8

Simply putting it. The incident of the account being hacked is unfortunate. However you cannot expect Fiverr to act on the basis that their system was not compromised due to lack of security protocols governing the website. If any community member was sent a link to any website containing trojans/exchanged personal information through outside medium violating TOS then you in all logic cannot expect Fiverr Administration to help. These basic terms are placed there for your own security as any other stipulations with your Bank/Paypal, Payoneer or other financial institution. You cannot refuse to adhere to these rules set for your own protection and then ask for help when you become the victim of your own carelessness. Now bearing in mind that there are several ways someone could gain access to your account info it is up to you to protect that information.


#9

Reply to @craigscott: I do have an expectation of Fiverr to be helpful in assisting against crime being committed on their own site. Absolutely! Regardless of whether it’s the fault of security on Fiverr, a member has a weak password, went to a phishing site…etc. You can’t just blame the victim.


#10

Rebdesign. Check your machine for keyloggers, maybe one of your friends had the chance to install it on your machine. Format the machine and install yourself a decent antivirus :slight_smile: that should help in the future.



As for how CS handles issues like this… I had my account stolen. CS helped me out it all went ok. I asked about recovering the withdrawn funds and I even knew who did it and their paypal address. CS said the money was out of the system and that due to TOS they can’t confirm or tell me the paypal address they went to. I wrote to paypal gave them the address I believed the money were sent to ( I knew for sure the address since I got the chance to see it in my accounts settings before he changed the password, he had access to my previous paypal email which was linked to facebook also). Paypal replied politely that the revenues didn’t exit fiverr. :slight_smile: Maybe I was wrong about the address maybe not. Its a question mark for me to this day.

Other than that CS was sweet to me, and I had various issues. From what I read they did everything they can to help you out.



#11

Reply to @radugeorgescu: My account hasn’t been stolen.



With your story, it doesn’t sound like Fiverr helped. Fiverr CS said “the money was out of the system.” And even though they knew the email (and possibly other identifying info) they wouldn’t contact Paypal for you? Or, provide the email to you? Did they do anything at all other than talk to you? Then Paypal said “the revenues didn’t exit fiverr.” Meanwhile, all your money is gone. I wouldn’t be satisfied with that outcome. With CS they’ve been sweet to me as well. I like Maria. However, the idea of CS refusing to help, it’s just WOW. Unbelievable. If it happened to me, law enforcement would be involved. I don’t know exactly what would happen. I’m imagining Fiverr explaining to them how they often just sit by and do nothing while scammers steal money from accounts. That would be an interesting conversation. :slight_smile:


#12

This is the reason Fiverr should not allow paypal as one of their payment options. Havent you all heard the horror stories of paypal? Yes, paypal is very popular, but… pay pal will screw you! They should just stick with payoneer.



Simple stuff. A buyer buys, if they dont like it, then they get refunded , simple as that!



None of this paypal bs where you have to send in your social security, copy of your drivers license, proof of income, electric bills, birth certificate!



If you all think Im over exaggerating… think again! Its true!



Paypal will freeze your account.



Now I know Im going off topic but this really heats me up. Paypal will support scammers in everyway. By the time you know it, you will be left without money, and when you call paypal they will make it sound like you are the criminal in all this situation.



Google paypal horror stories. It will take you years to read everything you see.


#13

Fiverr is from Tel Aviv. Paypal doesnt trust many people outside of the USA. If Fiverr were to call paypal up, paypal would treat them as just another person from outside the USA. Its true.


#14

Reply to @rebesign: well who else is there to blame? I just don’t get the point you’re trying to make. if I my account gets hijacked because of my carelessness, via going to a phishing site, etc on my own actions and end up having my accounts compromised…who do I blame now? it’s simple responsibility man. For every action there is an equal and opposite reaction. It’s not rocket science. When people see security options such as …“create a strong password, refrain from going to particular sites” etc they blatantly ignore it then cry for help when they are faced with the consequences.


#15

Reply to @gamersuscentral: seriously payoneer isn’t the greatest thing since slice bread man. Payoneer was set up initially for people who did not have a US bank account and needed a US ACH to receive direct payments from companies such as Amazon etc. However the fees are expensive. Paypal like any other entity has it’s own shares of problems and if you’re going to refer to the so called stories on the internet to make a decision to use or not to use a service then continue to follow the masses blindly. Paypal has their rules and regulations for getting your accounts verified just like any other company. Payoneer does not require as much for opening an account and hence the higher transaction fees.

At the end of the day It’s what you feel comfortable with.

If you Read and follow the guidelines and TOS in Paypal, Fiverr, Payoneer or any other service you may choose to use then in the event of something unfortunate happening at least you will have a foundation to base your complaint on.


#16

Reply to @rebesign: He he looking at it from your point of view, you are right. But I only lost a fraction of what I had on my account as they acted quick to block it untill the problem was solved. So it didn’t hurt that much, I did lost the account out of my own stpidity so… :slight_smile: Like I said there was that question mark left… :slight_smile: I was thinking the same thing you are saying. But I also realised that if I would go at it like you said I would end nowhere. :slight_smile:



It is still a new “company” :slight_smile: it has its bads and goods but hopefully as time passes they will develop better and more efficient ways to aproach things like this. For now it does the job for most of the consumers. :slight_smile: Fiverr is constantly growing with bads and goods.



Your case sucks man but If I was you after 2nd time I would have formated my machine and made sure I had a proper antivirus installed and change all passwords.


#17

Reply to @craigscott: Oh, indeed I DO expect Fiverr to act. I have done nothing to compromise security. Furthermore, I also expect that if others do hack in that I will be notified of an email change request or password change request. For anyone to be able to hack in and change things immediately without challenge and instantly withdraw money is ridiculous. What’s more to deny information about which PayPal account my money has gone to thus preventing action from PayPal is ridiculous. On top of that absolutely there’s no follow up from Fiverr. I am still waiting to hear from them. Anyone who disputes these very obvious facts can only be working Fiverr is all I can think.



Crooked. No other word for it. And Mr Micha Kaufman can sue me for saying that if he likes. He hasn’t had the courtesy to reply to my letter I sent by registered post explaining everything. I sent copies of my letter to three different addresses you will find on the internet - though not shown on their website, which is totally anonymous. The Washington, US address is actually that of the Israeli Embassy. The Israel address is that of a tiny office on a rundown industrial estate and not even bearing a company name or logo. I wouldn’t know about the New York address.



#18

Reply to @rebesign: Sadly five months on I am still waiting for Fiverr to come back to me. Yes that’s the level of their customer service. Of-course it is not service at all - except for themselves. I have also sent registered letters to their addresses (see my other posts below) but they have been ignored.



When a company doesn’t respond then you have an idea of the the kind of organisation it is. The loss of this money is very serious indeed. It is fraud. To simply walk away from that is very wrong.


#19

Reply to @craigscott: You are assuming too much. See my post below. It is Fiverr that has behaved totally irresponsibly and I will see Mr Kaufman in court if I have to.


#20

Reply to @bachas85: No, I don’t exchange personal information. And I don’t share passwords either, as the “customer service” people alleged. The account was hacked - maybe by someone in Fiverr for all I know. At the very least a. I should have been notified of a password change request, b. notified of a PayPal account change and c. been told where the money had been sent. The whole thing stinks. Crooked.