Hackers are in fiverr please keep the safe your accounts


#1

Fragglesrock this man is ask from me illegal contacts and he is contact us through Gmail Please keep safe your account from the hackers.



[Sheriff’s Note: Please refrain from posting actual names, links of other users, or external links. Thank you.]


#2

These are far from ‘hackers’ they are literally asking people to give their private data and people are handing it over to them. It counts more as ignorance on part of the ‘victim’ than an act of hacking itself.



I mean, if someone asks you for your bank key and you merrily hand it over to them, then who is to blame? I read another forum post where someone reset their gmail and gave away the mobile reset code. If you are so co-operative with the attacker then they are not to blame. This is something that no amount of security patches can fix. You can have captchas, passwords, login verification systems but if you have members that voluntarily hand over their login details then its all a waste. This is the internet and a certain degree of basic security knowledge is advised and expected out of everyone who is using it, especially where money is involved.



What the victims so far have been affected with is a technique called as Phishing : ( http://en.wikipedia.org/wiki/Phishing ) Read up, educate yourself, and stay safe.



A possible carpet solution for Fiverr to implement : Remember the regular IP address that the user uses to login to Fiverr occassionally and auto-block login attempts from any other unknown IP addresses. This is seemingly simple to implement but has deep legal liabilities for Fiverr if implemented because IP tracking itself is a very sensitive issue and needs lots of plugs and funds and permissions to legally justify the use of such a system. Given that the site is going to be used worldwide, the laws differ and you need separate permissions from the IT security departments of ALL those countries which makes it all the more complex.



How about not giving your passwords to others for a change?


#3

People have tried this on with me in the past. Some of the methods they try to use are very crafty and have been reported. The one a lot of these idiots are using now is simple. Do Not fall for this social engineering. If anyone ask you to verify a “code” do not do it. It’s to reset the password on your email account. Do not click on any links you get sent from people trying to “show you work” and if anyone sends you links in any shape or form using URL shorteners, hover over the links with your mouse, so you can see where they are really going to. The best thing to do if you have any doubt is not to open them, or to copy and paste the links into a seperate browser, but if you are not sure don’t open them.


#4

Reply to @aweberr: yes you are right, but you have to take a broader view on this. A lot of people do not know about this and most people have no clue they are giving out a reset passcode and this is why social engineering has been and always will be effective.



Some of these attempts also go beyond simple phishing. I’ve had people try spoofed URL’s with me. As for IP tracking. Its useless on so many levels. All someone needs to do is to use an elite or private proxy and keep switching it and any determined person with half a brain will do that.



The only thing I would like fiverr to do is to disable hyperlinking in messages and this would force people to copy and paste any url’s or to also implement a system similar to what facebook did, which was and is very effective and warns you when you click on a link that is sending you to a different site. It might seem simple but it makes people think before clicking on anything and reduces any “occurences”.


#5
mayuracw said: they change google pw and fiverr email and we are doomed


So, don't answer them. Plain and simple. Nobody needs to be verified on Fiverr.

#6

Yup that can be done but then again, a new barrier is just another challenge for the attacker to innovate. It is not truly going to end unless this is solved :


markp said: A lot of people do not know about this


It is basic internet manners, just like traffic signals in real life. They HAVE to know it if they want to operate on the internet. One cannot just jump into the swimming pool without knowing how to swim and blame the administration when they drown. This is not even something very high tech. Simple things like not giving security codes, not clicking on encrypted links, this is something which any netizen can grasp even if they only read it once.

#7
anuradha2012 said: keep safe your account from the hackers.


Many thanx for alert.

G!

#8

Thanks for the heads up


#9

:slight_smile: Yes, I really like Aweber btw. You’re super smart!


#10

Good advice.


#11

Reply to @aweberr:


aweberr said: A possible carpet solution for Fiverr to implement : Remember the regular IP address that the user uses to login to Fiverr occassionally and auto-block login attempts from any other unknown IP addresses. This is seemingly simple to implement but has deep legal liabilities for Fiverr if implemented because IP tracking itself is a very sensitive issue and needs lots of plugs and funds and permissions to legally justify the use of such a system. Given that the site is going to be used worldwide, the laws differ and you need separate permissions from the IT security departments of ALL those countries which makes it all the more complex.


You have good advice, @aweberr, but the IP address solution will not work for everyone, because I log into Fiverr on the road. I do a lot of travelling. A lot of Fiverr members travel and if they lock down a username to an IP address, people will not be on Fiverr for long. Since you get a different IP address wherever you are, if I could not log into my Fiverr account from a different IP address, I'd be really disappointed with Fiverr.

#12

A big problem with Fiverr or any website that people log into is that they use simple english passwords and hackers know the dictionary words. You need to make sure your passwords are not in the dictionary. I do a lot of public speaking about this. Make sure your Fiverr password is hard for hackers to figure out and usually, the best solution is the first initial of a phrase that you can remember with alternating case.



Here is my Fiverr password everyone: The first initial of my first cousins on my mother’s side including me and my sister in birth order from oldest to youngest, plus a two digit number and all first initials alternate the cases. Can anyone on Fiverr figure it out? LOL


#13
mayuracw said: yeahh exactly but newbies like us getting fooled by them


Maybe Fiverr should follow suit from the other websites like "Fiverr will never ask you for your password." I saw it on Hubpages I think.

#14

thanks for the alert


#15

With all these hacks going on, does anyone have a recommendation for someone safe to increase the traffic on my website?


#16

thanks for the alert. It is indeed scary. I think changing passwords regularly should help. at least do this for Fiverr, paypal and your e-mail. Make sure all three are not the same


#17

I WAS HACKED BY SOMEONE HE SEND ME FAKE MESSAGE FROM FIVERR_PROMO AND THE LINK WAS DIRECTED TO FIVERTOUR.COM THEN ASK MY ALL QUESTION EMAIL PASSWORD AND LOST MY 44$ VERY UNHAPPY


#18

My account was hacked from fiverr_promo and I lost my $36 dollars, Im very sad!


#19

You can do some things to minimize the risk of getting hacked. Such as not saving browser history and cookies, newer save your passwords etc.



Minimize risk of getting scammed by making it a habit never to click any links in messages, emails, groups or forums even if they claim to lead to sites you know. Example you get a message with a link leading to fiverr, you don’t click it, instead you type in the real url from memory or preferably use your bookmarked link.

Using your bookmarks is a safer way in most cases as you eliminate the risk of typos (scammers often study common typos and then they utilise these when registering a clone domain for their clone scam site)

If an url is shortened then either decrypt it or skip it.


#20

Trust tick.