Seller stole my hosting account!

[amandalipman391]

Hi everyone,
I have used Fivver before with ok experiences. However the latest experience was really bad and I wanted to warn people here to take care and not to just automatically trust sellers here, even if there are a lot of positive reviews
My story is that I recently purchased a gig to help me build a landing page on my domain. The work was done ok, but a few days later I received an email from my hosting service to tell me that the password had been changed and I therefore was locked out of my account
I also started to receive lots of strange emails (I still am)
Basically the seller ‘stole’ my account. I am still in the process of reclaiming this from the host site.
Can anybody help me? Why would he want to do this? So far as I can see he has not accessed my email account.
Thanks for reading

[miiila]

Can you prove it was the seller? That would be a really stupid thing for a seller to do, ar least if you chose one with a halfways established profile, as they’d get banned by Fiverr if that came out, and obviously any buyer a seller would do that to would go and complain at Fiverr.

Maybe your password and your general security for your hosting are lacking, my hoster has something in place that needs answering a security question I could specify for instance, even for “minor things” like updating the mail to function.

Anyway, I hope your hoster can give you more info, and if things indeed point at that seller, you can send Fiverr a ticket (see Help link on the main page) or you can email them at support@fiverr.com but I doubt they can do more than ban the seller if there is sufficient proof; you’ll have to report that to the police.

Why would the seller have access to your mail? Did you give them the password to your mail? You may want to consider that your computer was compromised if someone is messing with more than “only” your hosting, and inform yourself about the steps you need to take in that case.

I hope you’ll have your hosting account back soon!

[misscrystal]

All I can think of is they wanted to send out a lot of spam from your hosting account. Check that to see if spam was sent from it when you get it back, or better yet ask your hosting provider if it was or if there was a spike in the data usage.

Since you are getting strange emails that is probably why they did it.

Have your hosting provider limit how much data, or how much email, can be sent from that account at least until you can recover it.

If this was actually the reason, your hosting account might be in danger of being shut down if they use too much data.

[coerdelion]

A few days later may be a coincidence.

Websites are constantly under attack - bots attempting to get in over and over again. If you have no security on your site, if you use a user name such as “admin”, if you don’t change your password after a developer from Fiverr or anywhere else has been working on it … then you leave your website open to a hack.

It may seem like cause and effect, but isn’t necessarily so.

Work with your host to get your site back …and then install some basic security.

[amandalipman391]

Can you prove it was the seller? That would be a really stupid thing for a seller to do, ar least if you chose one with a halfways established profile, as they’d get banned by Fiverr if that came out, and obviously any buyer a seller would do that to would go and complain at Fiverr.

Maybe your password and your general security for your hosting are lacking, my hoster has something in place that needs answering a security question I could specify for instance, even for “minor things” like updating the mail to function.

Anyway, I hope your hoster can give you more info, and if things indeed point at that seller, you can send Fiverr a ticket (see Help link on the main page) or you can email them at support@fiverr.com but I doubt they can do more than ban the seller if there is sufficient proof; you’ll have to report that to the police.

Why would the seller have access to your mail? Did you give them the password to your mail? You may want to consider that your computer was compromised if someone is messing with more than “only” your hosting, and inform yourself about the steps you need to take in that case.

I hope you’ll have your hosting account back soon!

Hi thanks for your reply - yes I am sure it was the seller. I received an email from my hosting site addressed to the seller , ie using his name! So it looks as if the seller has had the cheek to change the details to put his fivver name in my account!

I did raise this with support at fivver and they have removed him now. The support staff here at fivver have been excellent.

Thank you for the advice regarding the hoster asking for additional information to update emails and passwords, I will raise this with them as it is quite ridiculous that this can be done so easily.

I am not sure if the seller has access to my email, I don’t think so and I have changed the password a couple of times now. But it looks as if the seller has given my email address to third parties , lets say a Russian dating site, hence I am receiving stupid emails

Thanks again, still waiting to get my account back!

One of my concerns with using fivver again now is - could this same person come back to fivver with a different alias and do the same thing?

Thanks!

[amandalipman391]

A few days later may be a coincidence.

Websites are constantly under attack - bots attempting to get in over and over again. If you have no security on your site, if you use a user name such as “admin”, if you don’t change your password after a developer from Fiverr or anywhere else has been working on it … then you leave your website open to a hack.

It may seem like cause and effect, but isn’t necessarily so.

Work with your host to get your site back …and then install some basic security.

Hi there, i’m certain it isn’t coincidence as I have received emails addressed to the seller! (so he has added his details)

Thank you for your advice to change passwords, I will certainly do that in the future!!

[amandalipman391]

All I can think of is they wanted to send out a lot of spam from your hosting account. Check that to see if spam was sent from it when you get it back, or better yet ask your hosting provider if it was or if there was a spike in the data usage.

Since you are getting strange emails that is probably why they did it.

Have your hosting provider limit how much data, or how much email, can be sent from that account at least until you can recover it.

If this was actually the reason, your hosting account might be in danger of being shut down if they use too much data.

Hi Miss Crystal

Thanks for your message, I will check the spam thing when I eventually get my account back!

[miiila]

Hi thanks for your reply - yes I am sure it was the seller. I received an email from my hosting site addressed to the seller , ie using his name! So it looks as if the seller has had the cheek to change the details to put his fivver name in my account!

I did raise this with support at fivver and they have removed him now. The support staff here at fivver have been excellent.

Thank you for the advice regarding the hoster asking for additional information to update emails and passwords, I will raise this with them as it is quite ridiculous that this can be done so easily.

I am not sure if the seller has access to my email, I don’t think so and I have changed the password a couple of times now. But it looks as if the seller has given my email address to third parties , lets say a Russian dating site, hence I am receiving stupid emails

Thanks again, still waiting to get my account back!

One of my concerns with using fivver again now is - could this same person come back to fivver with a different alias and do the same thing?

Thanks!

When a seller gets permanently suspended, i.e., banned, they get told they aren’t allowed to open another account, and Fiverr has quite a few measures in place, including ID verification since a while, so it won’t be easy for most people, however if someone is determined enough, plus has enough criminal energy and technical knowledge, or knows people who do, I don’t think you can guarantee that this specific person won’t ever be back, it’s not too probable, though.

Plus if you’re afraid of that, you could specifically only hire sellers who are active on Fiverr since years, have lots of 5* reviews, lots of orders in queue, in short, a lot to lose. If a seller has more to lose by losing their account than by claiming your domain, which they most probably will lose again anyway, once your hoster gets to the bottom of that, it makes no sense for them to do such a thing - plus, not everyone would want to do such things anyway 😉

You can see when users signed up and how many reviews they got in that time, and reduce your odds of getting that same seller again further by choosing a seller who didn’t sign up just this month, for instance.

Apart from that, it seems a little very stupid of the seller to put his Fiverr name, so there might even be a chance that your Fiverr seller himself was a victim in this and his account got hacked or something, and this is some kind of revenge thing by a competitor. But then, people do stupid things all the time, so who knows.

Would be great if you’d update this to let us know how this will pan out in the end.

[misscrystal]

Hi thanks for your reply - yes I am sure it was the seller. I received an email from my hosting site addressed to the seller , ie using his name! So it looks as if the seller has had the cheek to change the details to put his fivver name in my account!

I did raise this with support at fivver and they have removed him now. The support staff here at fivver have been excellent.

Thank you for the advice regarding the hoster asking for additional information to update emails and passwords, I will raise this with them as it is quite ridiculous that this can be done so easily.

I am not sure if the seller has access to my email, I don’t think so and I have changed the password a couple of times now. But it looks as if the seller has given my email address to third parties , lets say a Russian dating site, hence I am receiving stupid emails

Thanks again, still waiting to get my account back!

One of my concerns with using fivver again now is - could this same person come back to fivver with a different alias and do the same thing?

Thanks!

They can make a new fiverr account but if they don’t have your new password to your hosting account they can’t do it to you again. What’s taking your hosting provider so long to change it back to you? Usually they do that instantly if you have a secret answer to a question or they have your phone number to call you on.

[youssefkamel]

Sorry to hear about your terrible experience. That’s why you should only provide a limited access for developers to your hosting account specially if you’re hiring a new seller.

I’m actually a bit confused. Why would he steal a hosting account which is basically worth a couple of bucks and he’ll eventually have to pay for it to keep it active, lol. It’s like ruining his career for nothing.

Anyway, hope everything gets settled down with you. Let us know how it went out!

[coerdelion]

I usually create an admin account for myself when working on someone’s site. You’d be surprised how many site owners think they can work on the site at the same time as the developer on the same admin account.

@youssefkamel - developers need full admin access to be able to do their work. Limited access is not the answer. Good security procedure is.

I still get notifications from an old client website, which indicates they haven’t downgraded or deleted my account, despite being told to several times. Can’t do it myself - it’s my account, not to mention not having any business being in that site any more.

It seems mad for anyone to put their Fiverr account in danger. However, as economists are increasingly realising, people in general cannot be relied upon to make rational decisions.

It’s unfortunate this happened. It gets new sellers a bad name, when most of them are just trying to make a living.

[amandalipman391]

When a seller gets permanently suspended, i.e., banned, they get told they aren’t allowed to open another account, and Fiverr has quite a few measures in place, including ID verification since a while, so it won’t be easy for most people, however if someone is determined enough, plus has enough criminal energy and technical knowledge, or knows people who do, I don’t think you can guarantee that this specific person won’t ever be back, it’s not too probable, though.

Plus if you’re afraid of that, you could specifically only hire sellers who are active on Fiverr since years, have lots of 5* reviews, lots of orders in queue, in short, a lot to lose. If a seller has more to lose by losing their account than by claiming your domain, which they most probably will lose again anyway, once your hoster gets to the bottom of that, it makes no sense for them to do such a thing - plus, not everyone would want to do such things anyway 😉

You can see when users signed up and how many reviews they got in that time, and reduce your odds of getting that same seller again further by choosing a seller who didn’t sign up just this month, for instance.

Apart from that, it seems a little very stupid of the seller to put his Fiverr name, so there might even be a chance that your Fiverr seller himself was a victim in this and his account got hacked or something, and this is some kind of revenge thing by a competitor. But then, people do stupid things all the time, so who knows.

Would be great if you’d update this to let us know how this will pan out in the end.

Hi there, thanks so much for the great advice, I will let you know when I get any news… still waiting for Bluehost to reinstate my account!

[amandalipman391]

They can make a new fiverr account but if they don’t have your new password to your hosting account they can’t do it to you again. What’s taking your hosting provider so long to change it back to you? Usually they do that instantly if you have a secret answer to a question or they have your phone number to call you on.

I really don’t understand why, their support desk tells me they have everything. What a pain!

[amandalipman391]

Sorry to hear about your terrible experience. That’s why you should only provide a limited access for developers to your hosting account specially if you’re hiring a new seller.

I’m actually a bit confused. Why would he steal a hosting account which is basically worth a couple of bucks and he’ll eventually have to pay for it to keep it active, lol. It’s like ruining his career for nothing.

Anyway, hope everything gets settled down with you. Let us know how it went out!

Thanks, I don’ understand either why he would do this

[amandalipman391]

I usually create an admin account for myself when working on someone’s site. You’d be surprised how many site owners think they can work on the site at the same time as the developer on the same admin account.

@youssefkamel - developers need full admin access to be able to do their work. Limited access is not the answer. Good security procedure is.

I still get notifications from an old client website, which indicates they haven’t downgraded or deleted my account, despite being told to several times. Can’t do it myself - it’s my account, not to mention not having any business being in that site any more.

It seems mad for anyone to put their Fiverr account in danger. However, as economists are increasingly realising, people in general cannot be relied upon to make rational decisions.

It’s unfortunate this happened. It gets new sellers a bad name, when most of them are just trying to make a living.

yes, I agree , I am left wondering whether it is save to employ people here at fivver now, however the advice on this forum has been great and I will take into account the recommendations on extra security and how best to choose a seller. Thanks everyone

[amandalipman391]

Hi all I thought I would update you on the debacle with Bluehost. They have still not recovered my account, it doesnt help that it takes up to 48 hours to respond to an email and apparently they are treating this as ‘urgent’. I have now worked out why the hacker hacked the account - my bank have informed my that over £1400 has been taken out of my account and paid over to bluehost’s affilated company EIG. I can only assume that the hacker must have ordered a lot of apps (or whatever) from my account and of course this was billed to me. I have to say Bluehost have been a nightmare to deal with, they have not taken this seriously and I had emailed them several times telling them I was worried what was happening to my account. This has been a pretty awful experience - and this all started with commissioning a simple job through Fiverr! Any thoughts? Thanks for reading!

[eoinfinnegan]

Hi all I thought I would update you on the debacle with Bluehost. They have still not recovered my account, it doesnt help that it takes up to 48 hours to respond to an email and apparently they are treating this as ‘urgent’. I have now worked out why the hacker hacked the account - my bank have informed my that over £1400 has been taken out of my account and paid over to bluehost’s affilated company EIG. I can only assume that the hacker must have ordered a lot of apps (or whatever) from my account and of course this was billed to me. I have to say Bluehost have been a nightmare to deal with, they have not taken this seriously and I had emailed them several times telling them I was worried what was happening to my account. This has been a pretty awful experience - and this all started with commissioning a simple job through Fiverr! Any thoughts? Thanks for reading!

That’s awful!

I assume it’s through a debit rather than a credit card that the payments were made? If a credit card you might be able to look for a chargeback on the basis of fraud. Your bank should be able to advise on that a lot quicker than anywhere else.

[amandalipman391]

That’s awful!

I assume it’s through a debit rather than a credit card that the payments were made? If a credit card you might be able to look for a chargeback on the basis of fraud. Your bank should be able to advise on that a lot quicker than anywhere else.

Hi there, yeh the bank were informed directly and the matter passed to fraud - it was debit, but the bank are being very good (unlike Bluehost) and have indicated that they will flag this as fraud and I should get my money back if Bluehost don’t play ball. I cannot see how Bluehost will not honour this, it is not as if I haven’t contacted them on a daily basis since this happened!

[misscrystal]

Hi there, yeh the bank were informed directly and the matter passed to fraud - it was debit, but the bank are being very good (unlike Bluehost) and have indicated that they will flag this as fraud and I should get my money back if Bluehost don’t play ball. I cannot see how Bluehost will not honour this, it is not as if I haven’t contacted them on a daily basis since this happened!

I cannot see how Bluehost will not honour this,

Clearly they are in on it, or at least don’t want to help you.

I hope you get this sorted out and get your money back.

[amandalipman391]

I cannot see how Bluehost will not honour this,

Clearly they are in on it, or at least don’t want to help you.

I hope you get this sorted out and get your money back.

I hope not, Bluehost are a big organisation, this would be theft if they were in on it, they are surely not going to risk their reputation etc for a measly £1400 (to them it will be nothing) surely?!

[cyaxrex]

I hope not, Bluehost are a big organisation, this would be theft if they were in on it, they are surely not going to risk their reputation etc for a measly £1400 (to them it will be nothing) surely?!

Bluehost are a big organisation, this would be theft if they were in on it, they are surely not going to risk their reputation etc for a measly £1400 (to them it will be nothing) surely?!

To be honest, if I was Bluehost, I wouldn’t give you your money back. If your account had been hacked or there had been a security breach on their side, they’d likely reimburse you in a moment. Here, though, you gave out your login ID to someone else. Now Bluehost only has your word that you didn’t order $1,400 of extra services and are now suffering buyers remorse.

I do hope you get your money back. However, an insurance company won’t pay out if you get robbed after leaving all your house doors and windows open when you go on vacation. This is essentially the same thing.

Have you reported this matter to the police? If not, you need to. Also, I just found out recently that when reporting cyber crimes, you need to provide basic evidence that a crime has taken place. This means (as strange as it sounds) using a cellphone to take pictures of things like onscreen Bluehost login times and transactions.

As a rule. web hosts will only really investigate cases of fraud like what you are describing, when law reinforcement is involved. It will also help your bank reverse charges if you can provide the likes of a polie incident number to aid with their own investigations.

[amandalipman391]

I hope you’re wrong - this was reported to them before the money was taken and they told me they had put the account in suspense or on hold, but obviously not.Thanks for the advice, I doubt the police will be interested but I will report this

[misscrystal]

I hope you’re wrong - this was reported to them before the money was taken and they told me they had put the account in suspense or on hold, but obviously not.Thanks for the advice, I doubt the police will be interested but I will report this

What exactly was ordered? Were the things ordered things that Bluehost sells? It’s nice of your bank to notify you.

[amandalipman391]

What exactly was ordered? Were the things ordered things that Bluehost sells? It’s nice of your bank to notify you.

I don’t know yet as I still have not recovered my account, but the monies were taken by Bluehost (well their affiliated company)

[misscrystal]

I don’t know yet as I still have not recovered my account, but the monies were taken by Bluehost (well their affiliated company)

Sometimes big hosting companies have hundreds of affiliate companies each under it’s own name. So it’s possible the affiliate was at fault.