New scam attempt (sophisticated)

[zoeycraig]

Hi can anyone help 

I’m new and usually pretty savvy but I got this email about half a day after I posted my first gig, the payment scam took 0 for verification and then drained my account without my consent 😞 

then once I realised as attatched called me a sucker! 

I am usually very savvy but got done over and now got no money for my outgoings! I’ve alerted my bank but is there anything fiverr can do? 

Quote

 

 

[warrencejd]

I also almost got scammed just now.. had to check on google if it was a scam before going on with the procedure. It looked real.. something needs to be done about it.

[ashrafuliasif]

Fiverr Visa Card Verify, is it scam?

Hello there, I'am new to fiverr, is it scam?

[ana_tomy]

Hi @ashrafuliasif, this is a scam so I hope you didn't proceed. Please read our Terms of Service, Community Standards and Forum Rules to get all the information needed for this journey. It will help you stay safe and avoid any violations, as they lead to a restricted/blocked account. Hope this helps and good luck 🍀

[shahzebhaider1]

I WAS APPROACHED BY FIVER HELP CENTER AND ASKED FOR MY BANK DETAILS AND CARD DETAILS ALONG WITH THE  VERIFICATION CODES SENT BY MY BANK. MY 150 EUROS HAVE BEEN DEDUCTED. IT WAS A MESSAGE FROM FIVER SUPPORT CENTER. I HAVE CONTACTED FIVER HELP CENTRE BUT NO RESPONSE SO FAR.

Quote

 

 

[michmikaia]

It looks like a scam.

@ana_tomy can you check this please?

Edited April 25 by michmikaia

[rawque_gulia]

4 hours ago, shahzebhaider1 said:

I WAS APPROACHED BY FIVER HELP CENTER AND ASKED FOR MY BANK DETAILS AND CARD DETAILS

You were approached by a scammer who was pretending to be a Staff Member of Fiverr. Fiverr never approaches you through inbox and asks for personal details, especially credit card details. Here are some steps you can take:

- Refrain from entering any personal information or credit card information.
- Block the user (it's just a normal user who is pretending to be Fiverr support).
- Report the profile to Fiverr so they can ban that fake profile.

Also the website you're visiting is "fiverr.id487514.com". Please note that "fiverr" is just a sub-domain and anyone can have it (or literally any random keyword) on their primary domain. The real domain here is "id487514.com" and this domain is not affiliated with Fiverr in any way.

[akib0079]

at a glance - it should be normal Fiverr support team doesn't usually ask for credit card details seems like a scammer in action!
Please take proper action - fiverr support doesn't approach you through inbox - if 150 euros were DEDUCTED from your account please take action through your bank and explain the situation.

[donnovan86]

Scam. Fiverr doesn't have a live chat system. So that is the first sign of a scam. Asking for bank details is the second clear sign.

[ana_tomy]

15 hours ago, michmikaia said:

can you check this please?

Thanks for bringing this to my attention. 

Hi @shahzebhaider1, this is a clear scam, our Customer Support team will get back to you shortly, however, I recommend contacting your bank directly, since this cannot be resolved by the CS team. I also recommend reading our Terms of Service, Community Standards and Privacy Policy, even though nobody wants to 'waste time' with that, knowing the information would have prevented you from providing your bank details. Hope your bank will be able to reverse the transaction when you report this. Good luck 🍀

[hygge24]

Just in case you ever will be contacted by a Fiverr team member. They always have this green badge with the Fiverr logo. In all other cases, it would be a scam. And I'm sorry for what happened to you @shahzebhaider1. 

[ashrafuliasif]

On 4/25/2024 at 2:45 PM, ana_tomy said:

Hi @ashrafuliasif, this is a scam so I hope you didn't proceed. Please read our Terms of Service, Community Standards and Forum Rules to get all the information needed for this journey. It will help you stay safe and avoid any violations, as they lead to a restricted/blocked account. Hope this helps and good luck 🍀

Thanks,

[emmaki]

100% a scam. The QR code will take you to a fake Fiverr site and you'll be asked to do things that will eventually drain your bank account. Fiverr also uses your username or displayname, not "Dear User" in a weird font that is slightly out of alignment with the rest of it.

People should also be aware of RMT Workshop (which may be behind this, though I have no plans to open the QR code), although these people target people off-Fiverr pretending to be staff and it's more of an elaborate review ring/pyramid scheme that people actually think is from Fiverr because... well, IDK why, but they do.

I told CS about it and they can't do anything 🙂 Which, fair enough, it's off-platform, but 1) Fiverr is not educating people about this 2) affiliates are not educating people about this 3) gurus are not educating people about this 4) there's very little information about it online.

Plus RMT Workshop changes their name every so often because things get a bit hot. Their IP address is in Iceland, which has A1+ privacy laws.

Then there's the triad.... trust me, they wouldn't be on Fiverr if they weren't making good money.

[markp]

Look at the domain. it's not a Fiverr domain. The domain is activate-user dot net and dont go opening it, even if nothing appears to be on there.  they probably switch domains frequently and create a sub-page called Fiverr. Some of these people are smart enough to use geo-targeting scripts on the sites and then go from one country to the next, targeting people and blocking access from countries not yet being targeted to prolong the length of the scam.  I've seen this scam on restaurant menus where they have put QR code stickers on all the menus in a restaurant and emptied everyone's accounts.

[catwriter]

Just now, markp said:

I've seen this scam on restaurant menus where they have put QR code stickers on all the menus in a restaurant and emptied everyone's accounts.

Sorry, what? How would it even work? Why would the restaurant allow someone random to put stickers on all their menus? Or is the restaurant itself doing it?

[markp]

here read this.

https://www.connexionfrance.com/news/beware-new-scams-involving-qr-codes-in-france/623847

 

[metkatmarketing]

I was scammed today and I am horrified! It says on their website that they will keep your information safe, yet they allow users to join who have their name is the new username. That is completely negligent behavior! Looking through these threads, this has been an ongoing problem for years. I am completely new to this company and I trust that they are doing what they can to protect me. I don’t feel that way at all and I will probably never recommend a marketing freelancer to use this company because of this experience.

[markp]

people really need to use common sense here.

If your account was suspended, you would get an email from Fiverr saying it's suspended. not an inbox message.

how does a bank card verify your account when your account is not created with a bank card? the bank card could belong to anyone. There is no verification here at all.  it's just a phishing attempt.

Regardless of what the user name is, if someone sends you a message asking for your credit card details via your inbox alarm bells should start ringing. Any legit customer support on any platform will not ask for credit card numbers at all. Payments are sent by encrypted means to meet PCI requirements. Not by a  QR code linking to a Mickey Mouse website.

look at the website address. you dont need to be a security consultant to realize it's a Mickey Mouse address. 

[visualstudios]

2 hours ago, metkatmarketing said:

It says on their website that they will keep your information safe, yet they allow users to join who have their name is the new username.

They do keep your information safe. That has nothing to do with what other people can pick as their display name. Those scammers didn't have access to ANY of your information, other than your (public) display name.

You gave them your credit card details, wth where you expecting?

[visualstudios]

1 hour ago, markp said:

people really need to use common sense here.

If your account was suspended, you would get an email from Fiverr saying it's suspended. not an inbox message.

how does a bank card verify your account when your account is not created with a bank card? the bank card could belong to anyone. There is no verification here at all.  it's just a phishing attempt.

Regardless of what the user name is, if someone sends you a message asking for your credit card details via your inbox alarm bells should start ringing. Any legit customer support on any platform will not ask for credit card numbers at all. Payments are sent by encrypted means to meet PCI requirements. Not by a  QR code linking to a Mickey Mouse website.

look at the website address. you dont need to be a security consultant to realize it's a Mickey Mouse address. 

Maybe this is what we actually needed to get rid of all the clueless meksells. People who fall for this have no business being freelancers. It's not personal, it's simply they don't have the skills required. If they don't have the common sense not to fall for this, how can they navigate running a business online and dealing with clients? It's simply not possible.

I mean, it's challenging for me, it takes a lot of work and effort, and I look at these scam attempts like child's play. That people falling for them can make a single $ online puzzles me deeply.

Edited April 29 by visualstudios

[uk1000]

24 minutes ago, visualstudios said:

They do keep your information safe.

by not doing more to block people putting their display name as "Fiverr Support" (when it's happened again today (edit: or maybe 3 days ago, which is still a long time after someone else reported the same display name being used for a scam), when it's already been stated to them that the fraudsters are putting their display name as that), attaching Fiverr logos to their messages and asking new users to "click on" (or scan) QR codes they're not doing the best they can to avoid people getting contacted scammers trying to take their info, and they're not really educating people enough about this in case their systems can't detect those users.

Fiver already scans links, surely an added check could be made to see if it's a url that starts with "fiverr." but goes to a totally different site than Fiverr  (which is probably a scam site so Fiverr's system could flag the message and not show it to other Fiverr users unless checked and accepted by the trust & safety team).

Edited April 29 by uk1000

[markp]

30 minutes ago, uk1000 said:

Fiver already scans links, surely an added check could be made to see if it's a url that starts with "fiverr." but goes to a totally different site than Fiverr  (which is probably a scam site so Fiverr's system could flag the message and not show it to other Fiverr users unless checked and accepted by the trust & safety team).

if you look at what is being sent they are sending it as an image and telling people to take a screenshot and then scan the QR code. Look at the messages above, you can see this. There is nothing for Fiverr to scan.  The only thing Fiverr should do is block every variation on Fiverr as a username

[visualstudios]

3 hours ago, uk1000 said:

y not doing more to block people putting their display name as "Fiverr Support" (when it's happened again today (edit: or maybe 3 days ago, which is still a long time after someone else reported the same display name being used for a scam), when it's already been stated to them that the fraudsters are putting their display name as that), attaching Fiverr logos to their messages and asking new users to "click on" (or scan) QR codes they're not doing the best they can to avoid people getting contacted scammers trying to take their info, and they're not really educating people enough about this in case their systems can't detect those users.

I agree that Fiverr should block all users from using "Fiverr" on their profile names, as well as the fiverr logo for their profile pictures. Obviously.

However, the user I replied to was implying that Fiverr does not keep user's personal information safe, and that's not true. Fiverr does not share or disclose any user information other than the information the user chooses to show (such as profile name, profile picture, etc.), so their assertion is incorrect. 

Fiverr should definitely institute better systems to control scammers, but that's very different from saying "Fiverr doesn't keep your personal information safe". That's not up to Fiverr (unless the platform itself shares that data, which is not the case), that's always up to you. Now, it's true that many internet users have no clue what they're doing, but then maybe they shouldn't be on the internet. You need a driver's license to drive a car. Maybe it's time to start requiring a license to use the internet. The amount of people falling for the most obvious scams is insane. It's not a security problem - it's a literacy / education problem. Fiverr can't fix that.

Edited April 30 by visualstudios

[uk1000]

4 hours ago, visualstudios said:

Fiverr does not share or disclose any user information other than the information the user chooses to show (such as profile name, profile picture, etc.), so their assertion is incorrect. 

They did though for a while when the new profile format got displayed. They shared the "full name" field in the page source, even though it's in the "settings" menu and it doesn't show that that will be in the public part of the profile (above the screen that shows the "full name" and email it says "Need to update your public profile? Go to My Profile) - indicating the "full name" field wouldn't get displayed/accessed publicly (and that for changig what will be shown/accessed publicly you'd need to go to a different place, the "My Profile" page to change them), even though, before I told CS about it, it was).

Fiverr also automatically enabled the option to make seller plus members see your past average purchase info and most frequently bought category. That was enabled for all users without informing them. You had to go to the bottom of the profile page to turn it off. Now there's no way to turn it off (so it's giving out what could be private info with no option to disable it), so all seller plus members you contact will be able to see a user's average purchase info and most frequently bought subcategory without their full knowledge or consent (sellers might be able to guess that that might be shown by the advert for seller plus features, but buyer-only users probably aren't told about it).

Also there's a lot of tracking info on the site that the user doesn't really opt in to. Using Fiverr Neo or when the Grammarly option that was there might be/have been sending info to certain other companies (through APIs). The privacy policy says they send stuff to 3rd parties (we have no Fiverr option over which 3rd parties they send out info to). There's a "do not track" option in some browsers. Fiverr say "We do not honor browser requests not to be tracked online". Why would a company say/do that?

Edited April 30 by uk1000

[emmaki]

It seems Fiverr didn't like my last post, which mentioned GDPR.

Was it because I used ChatGPT and correctly sourced it, then asked ChatGPT about what the fines were for this sort of thing?

EDIT: I'm going to take that immediate approval of this post as a "yes". Thing is, though, I don't remember ever being told by email about this breach that @uk1000 mentioned, which is in itself a breach of GDPR.

Fiverr - this isn't about "transparency" in the marketing sense of the word where it can mean whatever you want it to, including nothing at all. It is a legal requirement. As will the EU AI Act be. As EU consumer laws are.

Edited April 30 by emmaki