Fiverr Forum

Some Buyers are Hackers


#1

Hi everyone, I created this topic to help sellers like myself avoid being hacked or worse. A buyer messaged about a Video :video_camera: Animation, it’s normal to ask for a script once a buyer ask for a video, this buyer sent me a MS Word file with a Malware attached. Fortunately I have a good Anti-virus installed which immediately blocked the exploit before it went too far. I thought maybe this buyer didn’t know, so I asked him to copy the content of the script and paste it ask plain text for me to see, he suggested enabling the edit feature which would give the Malware full access to my PC :computer:. I’ll upload our conversation for you guys to take a look.


Is it safe to check Dropbox links?
#2

If you upload the conversation, make sure you remove the buyer’s name so you don’t violate the forum rules.

Don’t forget to report that buyer to Customer Support, too.


#3

Is there anything common ?


#4

I have reported this buyer to the customer care.


#5

I am not sure if that is correct with you, but I am working with bunch of word files.

When you open document there is always edit button in it that you need to click. That’s how microsoft made it.

But, weird thing that you antivirus blocked word file. As far as I know every hacker are using exe files. I got few of them before. Something like blahword.exe


#6

In that case, here is something for you.


#7

Uploading… Uploading… Uploading…
Exactly the same message the buyer used


#8

Australia, January 17 ?


#9

Yes, Australia, experience was just last night


#10


#11

report him right away.
Fiverr has “solved” my request.
But this user is still around.
Multiple reports should help.


#12

Did this user made account this month or last month maybe?


#13

January '17 …


#14

Yeah, that is probably hacker. They are always making new accounts. And there are always problems with new buyers tho…


#15

There’s also a website you can use the check if websites or attachments contain malware. I’m not sure if I can mention the URL but the name is virustotal :wink: