Yesterday I was reading that a number of Fiverr seller's had their accounts hacked in the past.

[Guest amethystblac_]

When I read that people had their accounts hacked and lost money, at first I was thinking simplistically--that as no one was offering solutions, that there was none. Later I contemplated, and took the first step. I will take other steps, but for now I use 2-step verification. It's a start. I also stopped saving logins to my browser. I had to. I became very suspicious when I could not log into my own account, as if attempts were maxed out. Plus, someone tried to hack my FB account the other day. And here I sit, minding my own business, smh.

[vickiespencer]

@vickieito endured the misfortune of having her account hacked. Maybe she has some insight for you. 

[vickieito]

Hi @amethystblac_! 

As @vickiespencer mentioned, I did have my account hacked in May and I wasn't expecting it. I was already using two-factor authentication and always needed my phone nearby to log in to Fiverr, so I thought I was safe. I was also running regular security checks on my devices. However, it wasn't enough.

When I tried to open a "resume" file from a customer to provide a quote on their resume, I downloaded malware onto my computer. Any open tab that I had on my browser could then be accessed (the hacker didn't need passwords and could by-pass the two-factor authentications for all accounts).

This allowed the hacker to withdraw all my Earnings on Fiverr and shut my account down. The hacker also took the email address linked to my PayPal account  (made an educated guess) and immediately started opening online gaming and marketplace accounts in my name and started making charges to my PayPal account. 

Although Fiverr compensated me for my lost Earnings, PayPal and the other online sites rejected all my attempts to stop the pending charges because they couldn't stop me from making my own purchases. Anyone using my name and email address was considered me. Even if they were on the East Coast and I was located in Hawaii.

I was able to stop the bleeding by freezing my bank account connected with PayPal (and it's still frozen). I could also look up what online sites were charging my bank account and credit card - so I could find those online sites, request a password reset, disable my PayPal on those accounts, and quickly shut down those accounts. Even so, I did lose several thousand dollars.

I now run a continuous scan on all files that I download and have unique passwords on all online accounts (no two can be the same - this is an easy way for hackers to access more than one account). I also regularly update/change my passwords.

I did consult with an online security specialist and they let me know that hackers are lazy and depend on others being lazy as well. Even though I had several accounts with the same password, the online hackers didn't know which ones (and usually stopped trying after two password attempts). I try to keep only 1-2 tabs on my browser open at a time (I think I had 6 open when my account was hacked), so it does take more work to always log in and log out all the time.

[catwriter]

6 hours ago, vickieito said:

I was able to stop the bleeding by freezing my bank account connected with PayPal (and it's still frozen). I could also look up what online sites were charging my bank account and credit card - so I could find those online sites, request a password reset, disable my PayPal on those accounts, and quickly shut down those accounts.

Do you still use PayPal for Fiverr withdrawals? 

[vickieito]

5 minutes ago, catwriter said:

Do you still use PayPal for Fiverr withdrawals? 

I have both PayPal and Payoneer set up, so yes. The email that was hacked was my Hotmail account, so that is no longer associated with any of my accounts. My Gmail account is more secure, so that is what I currently use.

[priyank_mod]

Really sorry to hear about your ordeal @vickieito🫢

Though security mechanisms are in place but still one can never be cautious enough. I will be vigilant while downloading files from strangers.  

 

[Guest amethystblac_]

I see. In my security certification course, I was led to believe that 2-f authentication is the ultimate in security. Hence, I am surprised to read your response, Vickieito. Thanks. So the solution apparently lies in 2-f  and regular keyword changes. (Any other security a person chooses as well would be wise, but mainly those things.) Is that your experience? I am glad you know that it was a resume that gave you the problem.

It leaves me with a question. When you realized that a malware-laden document caused the problem, did you quickly find the virus with a regular security scan, or did you have to go further to prove your theory? How did you know for sure?

[vickieito]

Hi @amethystblac_, probably the best way to prevent an attack is just being aware that an attack could happen. That would help anyone be more mindful of social engineering attacks that may occur and they could be more cautious of what they click on and who is sending them the information (even links from apparently trustworthy sources need to be verified). My problem was that I felt safe, so I didn't take any precautions when clicking on links from my clients. I'm much more cautious now and will refuse to click on links or download files that are suspicious to me.

So awareness of socially engineered attacks and using proper precautions (e.g., 2-factor authentication, unique passwords, regular updates of passwords, and continuous scanning on devices) should handle most issues.

[Guest amethystblac_]

So it remains a prominent but unproven theory then, you mean?

Edited August 29, 2023 by amethystblac_

[vickiespencer]

A precaution I take is to have the usernames on all my accounts be something other than my name. For example, I will use something like "Butterfly" for a unique username in addition to individual passwords. 

[vickieito]

25 minutes ago, amethystblac_ said:

When you realized that a malware-laden document caused the problem, did you quickly find the virus with a regular security scan, or did you have to go further to prove your theory?

Once I found out I was hacked, malware was easy to find via security scan.

However, it took me several days to figure out I was hacked - all I knew was that Fiverr shut down my account:

Quote

The email was in my junk mail, and it said the following:

Quote

I then had to reach out to CS and my success manager. My success manager said that I made the request because "I had multiple accounts." It took a couple of days for CS and I to get on the same page that I did not make the request and I did not have multiple accounts. Then CS looked into my account and found out a withdrawal was made immediately before the shutdown - so at that point, I knew I had been hacked and lost my Earnings. 

Update: By then, several online accounts and purchases had already been made as well.

Edited August 29, 2023 by vickieito

[pro_designer946]

I have suffered a similar issue recently and my ticket is still under process. I had to verify my account again. My account is safe and running fine now.

I realized within seconds(as I was online) that someone else had the access to my account and he/she withdraw the earnings immediately.
I reset all my passwords right away but my earning were gone.

Did Fiverr refund your lost earnings? If yes, can you please tell me how much time did it take for the Fiverr to process all this.
My ticker regarding the refund is still under process and I am worried if I will get back my earnings or not.
 

[raziya550]

It's unfortunate to hear about any instances of online accounts being hacked, including those of Fiverr sellers. Account security is a concern on many online platforms, and it's important for users to take steps to protect

 

their accounts. Here are some general tips to help safeguard your online accounts, including Fiverr:

Use a Strong Password: Create a unique and complex password for your Fiverr account. Avoid easily guessable passwords like "123456" or "password."

Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your Fiverr account. This adds an extra layer of security by requiring a one-time code from your mobile device or email in addition to your password.

Regularly Update Passwords: Change your password periodically, and avoid using the same password across multiple platforms.

Beware of Phishing Attempts: Be cautious about clicking on links or downloading files from suspicious emails or messages. Phishing attempts often aim to steal your login credentials.

Use a Secure Connection: Ensure that you are using a secure and encrypted connection (HTTPS) when accessing Fiverr or any other online platform.

Monitor Your Account: Regularly review your Fiverr account activity to detect any unauthorized access or suspicious activity.

Keep Software Updated: Keep your web browser and any security software up to date to protect against known vulnerabilities.

Use a Reputable Email Service: Your email account is often tied to your online accounts. Make sure your email service provider has strong security measures in place.

Avoid Public Wi-Fi: Be cautious when using public Wi-Fi networks, as they may not be secure. If necessary, use a VPN to encrypt your internet connection.

Report Suspicious Activity: If you suspect that your Fiverr account has been compromised, report it to Fiverr's support team immediately.

Remember that account security is a shared responsibility between the platform and the user. Fiverr and other reputable online services continuously work to enhance their security measures, but it's essential for users to be proactive in protecting their accounts as well.

 

[vickieito]

4 hours ago, pro_designer946 said:

Did Fiverr refund your lost earnings?

Yes, but it took 2 days for CS to respond to each message I sent them - so it was a total of 6 days when I received compensation for my loss, and my seller level and stats were restored. It took 1 month to qualify for Seller Plus again, 2 months to get the Early Payout feature back, and a total of 4 months for my account to fully recover. 

Edited September 4, 2023 by vickieito