Jump to content

Hackers are in fiverr please keep the safe your accounts


anuradha2012

Recommended Posts

People have tried this on with me in the past. Some of the methods they try to use are very crafty and have been reported. The one a lot of these idiots are using now is simple. Do Not fall for this social engineering. If anyone ask you to verify a “code” do not do it. It’s to reset the password on your email account. Do not click on any links you get sent from people trying to “show you work” and if anyone sends you links in any shape or form using URL shorteners, hover over the links with your mouse, so you can see where they are really going to. The best thing to do if you have any doubt is not to open them, or to copy and paste the links into a seperate browser, but if you are not sure don’t open them.

Link to comment
Share on other sites

These are far from ‘hackers’ they are literally asking people to give their private data and people are handing it over to them. It counts more as ignorance on part of the ‘victim’ than an act of hacking itself.



I mean, if someone asks you for your bank key and you merrily hand it over to them, then who is to blame? I read another forum post where someone reset their gmail and gave away the mobile reset code. If you are so co-operative with the attacker then they are not to blame. This is something that no amount of security patches can fix. You can have captchas, passwords, login verification systems but if you have members that voluntarily hand over their login details then its all a waste. This is the internet and a certain degree of basic security knowledge is advised and expected out of everyone who is using it, especially where money is involved.



What the victims so far have been affected with is a technique called as Phishing : ( http://en.wikipedia.org/wiki/Phishing ) Read up, educate yourself, and stay safe.



A possible carpet solution for Fiverr to implement : Remember the regular IP address that the user uses to login to Fiverr occassionally and auto-block login attempts from any other unknown IP addresses. This is seemingly simple to implement but has deep legal liabilities for Fiverr if implemented because IP tracking itself is a very sensitive issue and needs lots of plugs and funds and permissions to legally justify the use of such a system. Given that the site is going to be used worldwide, the laws differ and you need separate permissions from the IT security departments of ALL those countries which makes it all the more complex.



How about not giving your passwords to others for a change?

Link to comment
Share on other sites

Reply to @aweberr: yes you are right, but you have to take a broader view on this. A lot of people do not know about this and most people have no clue they are giving out a reset passcode and this is why social engineering has been and always will be effective.



Some of these attempts also go beyond simple phishing. I’ve had people try spoofed URL’s with me. As for IP tracking. Its useless on so many levels. All someone needs to do is to use an elite or private proxy and keep switching it and any determined person with half a brain will do that.



The only thing I would like fiverr to do is to disable hyperlinking in messages and this would force people to copy and paste any url’s or to also implement a system similar to what facebook did, which was and is very effective and warns you when you click on a link that is sending you to a different site. It might seem simple but it makes people think before clicking on anything and reduces any “occurences”.

Link to comment
Share on other sites

Yup that can be done but then again, a new barrier is just another challenge for the attacker to innovate. It is not truly going to end unless this is solved :


markp said: A lot of people do not know about this


It is basic internet manners, just like traffic signals in real life. They HAVE to know it if they want to operate on the internet. One cannot just jump into the swimming pool without knowing how to swim and blame the administration when they drown. This is not even something very high tech. Simple things like not giving security codes, not clicking on encrypted links, this is something which any netizen can grasp even if they only read it once.
Link to comment
Share on other sites

Reply to @aweberr:


aweberr said: A possible carpet solution for Fiverr to implement : Remember the regular IP address that the user uses to login to Fiverr occassionally and auto-block login attempts from any other unknown IP addresses. This is seemingly simple to implement but has deep legal liabilities for Fiverr if implemented because IP tracking itself is a very sensitive issue and needs lots of plugs and funds and permissions to legally justify the use of such a system. Given that the site is going to be used worldwide, the laws differ and you need separate permissions from the IT security departments of ALL those countries which makes it all the more complex.


You have good advice, @aweberr, but the IP address solution will not work for everyone, because I log into Fiverr on the road. I do a lot of travelling. A lot of Fiverr members travel and if they lock down a username to an IP address, people will not be on Fiverr for long. Since you get a different IP address wherever you are, if I could not log into my Fiverr account from a different IP address, I'd be really disappointed with Fiverr.
Link to comment
Share on other sites

A big problem with Fiverr or any website that people log into is that they use simple english passwords and hackers know the dictionary words. You need to make sure your passwords are not in the dictionary. I do a lot of public speaking about this. Make sure your Fiverr password is hard for hackers to figure out and usually, the best solution is the first initial of a phrase that you can remember with alternating case.



Here is my Fiverr password everyone: The first initial of my first cousins on my mother’s side including me and my sister in birth order from oldest to youngest, plus a two digit number and all first initials alternate the cases. Can anyone on Fiverr figure it out? LOL

Link to comment
Share on other sites

  • 7 months later...
  • 1 year later...

You can do some things to minimize the risk of getting hacked. Such as not saving browser history and cookies, newer save your passwords etc.



Minimize risk of getting scammed by making it a habit never to click any links in messages, emails, groups or forums even if they claim to lead to sites you know. Example you get a message with a link leading to fiverr, you don’t click it, instead you type in the real url from memory or preferably use your bookmarked link.

Using your bookmarks is a safer way in most cases as you eliminate the risk of typos (scammers often study common typos and then they utilise these when registering a clone domain for their clone scam site)

If an url is shortened then either decrypt it or skip it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...