adityasharma3d Posted April 5, 2017 Posted April 5, 2017 I just got a message from a buyer, I really want to give his name here so others won’t fall for it. The message wasn’t a template but a custom one and thus seemed genuine. He wanted me to transcribe a video and he was unable to download the video himself so wanted me to visit the link and check out the video myself. When I clicked the link, it went to a page that probably triggered a script that jumped through various sites and finally reached my facebook profile. I have changed my passwords on most of my crucial sites an use mobile verification or 2 step authentication on them. I thought I will just share this and also share how happy I am that fiverr implemented the mobile verification feature, as I am getting verification codes on my mobile and I am assuming it’s the hacker trying to change my password or withdraw cash.Anyone else had this issue and if yes, what did you do?
bernieeata Posted April 5, 2017 Posted April 5, 2017 I haven’t had any issues like that, let alone any buyers for that matter 😆 but thanks for warning the community and I’m glad nothing extreme happened to your personal accounts!
misscrystal Posted April 5, 2017 Posted April 5, 2017 I just got a message from a buyer, I really want to give his name here so others won’t fall for it. The message wasn’t a template but a custom one and thus seemed genuine. He wanted me to transcribe a video and he was unable to download the video himself so wanted me to visit the link and check out the video myself. When I clicked the link, it went to a page that probably triggered a script that jumped through various sites and finally reached my facebook profile. I have changed my passwords on most of my crucial sites an use mobile verification or 2 step authentication on them. I thought I will just share this and also share how happy I am that fiverr implemented the mobile verification feature, as I am getting verification codes on my mobile and I am assuming it’s the hacker trying to change my password or withdraw cash.Anyone else had this issue and if yes, what did you do?I am getting verification codes on my mobile and I am assuming it’s the hacker trying to change my password or withdraw cash.So if you do not enter the codes you are getting to verify your account, how will you ever be able to withdraw money?Why would the hacker not change the phone number?
adityasharma3d Posted April 5, 2017 Author Posted April 5, 2017 I am getting verification codes on my mobile and I am assuming it’s the hacker trying to change my password or withdraw cash.So if you do not enter the codes you are getting to verify your account, how will you ever be able to withdraw money?Why would the hacker not change the phone number?The hacker will have to have my username, password (Which he might have gotten from the hack) but he would also need my secret answer. Also, the first thing I did was to initiate withdrawal then changed password.But yeah fiverr should make code mandatory if you try to change phone number, I was able to do it without entering the verification codes and just using secret answer.
jagvinderkaur Posted April 5, 2017 Posted April 5, 2017 No one can change your mobile number if you will not share with the buyers here on facebook.
misscrystal Posted April 5, 2017 Posted April 5, 2017 The hacker will have to have my username, password (Which he might have gotten from the hack) but he would also need my secret answer. Also, the first thing I did was to initiate withdrawal then changed password.But yeah fiverr should make code mandatory if you try to change phone number, I was able to do it without entering the verification codes and just using secret answer.the first thing I did was to initiate withdrawalDid you get a code to use to initiate the withdrawal?
uk1000 Posted April 5, 2017 Posted April 5, 2017 The hacker will have to have my username, password (Which he might have gotten from the hack) but he would also need my secret answer. Also, the first thing I did was to initiate withdrawal then changed password.But yeah fiverr should make code mandatory if you try to change phone number, I was able to do it without entering the verification codes and just using secret answer.I don’t see how he would have got your password, unless you clicked on and ran an executable (.exe) file or something (eg. you unknowingly installed a keylogger or something), or unless you typed your password into a fake site (eg. one made to look like a site you normally use).I don’t see how he could have got your password from you just clicking on a link and it running scripts (javascript) * (maybe I’m wrong but I don’t really see it). Unless it could install some keylogger or you typed it into a fake site, it just shouldn’t be possible I think (JavaScript just shouldn’t have access to your password - there just shouldn’t be a way for it to.).I’d also ensure you have anti virus set up on the machine, and if possible anti-spyware/anti-malware - and run them to ensure you have no viruses/spyware/malware. You could also have something like NoScript running (a Firefox plugin/extension) that would stop it from automatically running scripts (if also set that way in the browser) unless you told it to do so.
Guest phantompower Posted April 5, 2017 Posted April 5, 2017 I also had this issue, you know what I did. I transcribed the video
lastay Posted April 5, 2017 Posted April 5, 2017 I haven’t had any issues like that, let alone any buyers for that matter 😆 but thanks for warning the community and I’m glad nothing extreme happened to your personal accounts!Hi, I just had a look at your profile, where are your gigs?
nikavoice Posted April 5, 2017 Posted April 5, 2017 Yikes! You’ve already notified Customer Support, right?T&S will get it sorted. Did the supposed hacker, spring cleaned your account? (take your 💰)If not, that’s the first thing their hacking fingers take.
jamat222 Posted April 5, 2017 Posted April 5, 2017 I just got a message from a buyer, I really want to give his name here so others won’t fall for it. The message wasn’t a template but a custom one and thus seemed genuine. He wanted me to transcribe a video and he was unable to download the video himself so wanted me to visit the link and check out the video myself. When I clicked the link, it went to a page that probably triggered a script that jumped through various sites and finally reached my facebook profile. I have changed my passwords on most of my crucial sites an use mobile verification or 2 step authentication on them. I thought I will just share this and also share how happy I am that fiverr implemented the mobile verification feature, as I am getting verification codes on my mobile and I am assuming it’s the hacker trying to change my password or withdraw cash.Anyone else had this issue and if yes, what did you do?I received a similar message about wanting me to transcribe a video and that he was unable to download, however I have since forwarded the message to Fiverr Customer Support
miiila Posted April 5, 2017 Posted April 5, 2017 Hi, I just had a look at your profile, where are your gigs?[details=OT @bernieeata ]I saw lastay’s post and looked at your profile too, Bernie, I can´t see any gig either, better check to make sure you activated your gig/s if you have any, and if you didn´t set any up yet, you´ll have to do that to get buyers 🙂 instructions here:https://support.fiverr.com/hc/en-us/articles/201500856-Creating-a-Gig[/details]
bernieeata Posted April 5, 2017 Posted April 5, 2017 Hi, I just had a look at your profile, where are your gigs?They are currently drafts & I am unsure why, because I have edited it fully. I may be missing something small, but I am still tying to figure out how to get it published
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 No one can change your mobile number if you will not share with the buyers here on facebook.As I mentioned, when I changed my own mobile number it didn’t ask me for any phone confirmation, just my secret answer.
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 the first thing I did was to initiate withdrawalDid you get a code to use to initiate the withdrawal?Surprisingly, no. Was really disappointed to see that.
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 I don’t see how he would have got your password, unless you clicked on and ran an executable (.exe) file or something (eg. you unknowingly installed a keylogger or something), or unless you typed your password into a fake site (eg. one made to look like a site you normally use).I don’t see how he could have got your password from you just clicking on a link and it running scripts (javascript) * (maybe I’m wrong but I don’t really see it). Unless it could install some keylogger or you typed it into a fake site, it just shouldn’t be possible I think (JavaScript just shouldn’t have access to your password - there just shouldn’t be a way for it to.).I’d also ensure you have anti virus set up on the machine, and if possible anti-spyware/anti-malware - and run them to ensure you have no viruses/spyware/malware. You could also have something like NoScript running (a Firefox plugin/extension) that would stop it from automatically running scripts (if also set that way in the browser) unless you told it to do so.I do have softwares installed but I never take chance on my main machine, did a thorough format and reinstalled windows.I am sure the script that ran took advantage of Chrome’s auto sign-in feature. If you use chrome and have saved your password in it, then when you visit the site it automatically signs in.I am no expert but I don’t see what else the link could have done, as it made it impossible to close the tab, stop the loading of the pages. I did see the script jump through around 15 to 20 sites super quickly and then land on facebook. I was already signed in on fb so it just took me to my feeds.
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 I just received a similar message. Thank you.Please report it too, I have reported the buyer that contacted me.
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 I also had this issue, you know what I did. I transcribed the videoIs that a joke or something?
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 Yikes! You’ve already notified Customer Support, right?T&S will get it sorted. Did the supposed hacker, spring cleaned your account? (take your 💰)If not, that’s the first thing their hacking fingers take.I initiated the withdrawal myself right after I realized what had happened. But he seems to be trying to reset my password or something because I got verification codes on my mobile number like 20 times.Yes, I did report it to the fiver, but his account still seems up.
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 I received a similar message about wanting me to transcribe a video and that he was unable to download, however I have since forwarded the message to Fiverr Customer SupportI just used the report function on the chat page and explained what had happened.
webbguy Posted April 6, 2017 Posted April 6, 2017 I don’t see how he would have got your password, unless you clicked on and ran an executable (.exe) file or something (eg. you unknowingly installed a keylogger or something), or unless you typed your password into a fake site (eg. one made to look like a site you normally use).I don’t see how he could have got your password from you just clicking on a link and it running scripts (javascript) * (maybe I’m wrong but I don’t really see it). Unless it could install some keylogger or you typed it into a fake site, it just shouldn’t be possible I think (JavaScript just shouldn’t have access to your password - there just shouldn’t be a way for it to.).I’d also ensure you have anti virus set up on the machine, and if possible anti-spyware/anti-malware - and run them to ensure you have no viruses/spyware/malware. You could also have something like NoScript running (a Firefox plugin/extension) that would stop it from automatically running scripts (if also set that way in the browser) unless you told it to do so.Cross Site Scripting (XSS) attacks require no user interaction, beyond visiting the malicious page.I have a separate, NoScript enabled Firefox profile for sensitive sites, such as Fiverr.Also, I always make sure that I am never logged into more than one site at a time.Cumbersome, but every little helps.
adityasharma3d Posted April 6, 2017 Author Posted April 6, 2017 Cross Site Scripting (XSS) attacks require no user interaction, beyond visiting the malicious page.I have a separate, NoScript enabled Firefox profile for sensitive sites, such as Fiverr.Also, I always make sure that I am never logged into more than one site at a time.Cumbersome, but every little helps.I too use FF with noscript for most of my browsing but I use Chrome for my freelancing work, maybe I will switch this to FF too. Thanks for the input tho, always good to learn something new.
hardlogic Posted April 6, 2017 Posted April 6, 2017 Never Open url directly ,check it first using online scanners unless it was popular site
Recommended Posts
Archived
This topic is now archived and is closed to further replies.