New scam attempt (sophisticated)

[uk1000]

34 minutes ago, emmaki said:

I don't remember ever being told by email about this

And while it's now been fixed on the Fiverr site (it no longer gets put in the page source), nothing has been done about the Fiverr seller pages stored in archive.org from when the profiles were changed to the new format until before it was fixed (in late November last year). Maybe Fiverr could contact archive.org (or any other sites like that) to ask them to remove those captures if necessary.

Edited April 30 by uk1000

[emmaki]

So the evidence is still up. archive.org doesn't have a particularly clear policy here (I haven't looked at the linked pages yet), but it appears that their policy is "you can remove it yourself".

Not very much going on in the terms: https://archive.org/about/terms.php

However, it does mean that there is evidence. Did anyone living in the EU recieve an email about this data breach? I live in Greece, which is in the EU, and I did not. I've checked my emails. GDPR doesn't show up at all, data breach, or "sorry", or "we apologize" or "compromised" or any of the other stock phrases that usually arise when a company does an oopsie and doesn't want a large fine.

Somehow, I rather think that GDPR fines will overshadow any extra funds clawed back from "price alignments" to SPP (remember the EU consumer law violation?)

[yourbrandingpal]

28 minutes ago, emmaki said:

So the evidence is still up. archive.org doesn't have a particularly clear policy here (I haven't looked at the linked pages yet), but it appears that their policy is "you can remove it yourself".

Not very much going on in the terms: https://archive.org/about/terms.php

However, it does mean that there is evidence. Did anyone living in the EU recieve an email about this data breach? I live in Greece, which is in the EU, and I did not. I've checked my emails. GDPR doesn't show up at all, data breach, or "sorry", or "we apologize" or "compromised" or any of the other stock phrases that usually arise when a company does an oopsie and doesn't want a large fine.

Somehow, I rather think that GDPR fines will overshadow any extra funds clawed back from "price alignments" to SPP (remember the EU consumer law violation?)

All the more reason that people file a class action lawsuit

[emmaki]

And yet another post deleted.

Why am I not allowed to post informative posts, but it's OK for someone immediately above me to suggest a class action lawsuit - something that I haven't suggested at all?

My point remains the same. There is every chance that the source page breach is a high risk GDPR breach, which requires disclosure to affected parties.

Is there a problem with me suggesting that Fiverr has a legally required duty of care to its users?

[uk1000]

11 hours ago, markp said:

If you look at what is being sent they are sending it as an image and telling people to take a screenshot and then scan the QR code. Look at the messages above, you can see this. There is nothing for Fiverr to scan.  The only thing Fiverr should do is block every variation on Fiverr as a username

They can scan more stuff in the message itself (eg. new buyers telling people to "click this QR Code" or tell people "Your account is currently suspended. To restore your account...". There will be quite a few words/phrases they can add to their list to check for.

If there's no URL in the message but there is a QR code image, Fiverr could also check the images and if any contain QR codes they could check what they contain and what URL they might point to. There are sites which analyse a QR code (without someone having to scan it). I'm sure Fiverr could do the same with some code/using an API.

This is a bit of code perplexity.ai suggested for Python. Fiverr could use something like this to check images which might contain a QR code and see what URL they point to (I haven't checked them so don't know how correct they are):

Quote

import cv2

# Load the image
image = cv2.imread('qrcode.jpg')

# Create a QR code detector
detector = cv2.QRCodeDetector()

# Detect and decode the QR code
data, bbox, _ = detector.detectAndDecode(image)

if bbox is not None:
    print(f"QR Code data: {data}")
else:
    print("QR Code not detected")

Another way it suggested:

Quote

from pyzbar.pyzbar import decode
from PIL import Image

# Load the image
image = Image.open('qrcode.jpg')

# Decode the QR code
data = decode(image)
if data:
    print(f"QR Code data: {data[0].data.decode('utf-8')}")
else:
    print("QR Code not detected")

Edited April 30 by uk1000

[emmaki]

Just a question. If UK is allowed to show how Fiverr could use code to handle the QR code stuff, why is my post that suggests how Fiverr could handle "fancy text" not allowed?

What is the fundamental difference between the two posts? What makes one acceptable, the other not?

EDIT: Thank you for approving this. But at the expense of comments that directly addressed what other users were saying, further discussed the issue, and provided deeper insights to continue the discussion. At the moment, it appears all I can post on this thread is complaints on how other people can post stuff that I can't, which doesn't really help the conversation at all, nor deliver any particularly great insight into the topics at hand.

Edited April 30 by emmaki

[daraodwyer]

Just got hit with one of these within an hour of creating my account. Naturally, I scanned the QR code but backed out once it started looking for payment information, it was a big red flag! Is there anyway to report the message/account?

[uk1000]

8 hours ago, daraodwyer said:

Is there anyway to report the message/account?

In the inbox put your mouse over the message. It should show 3 dots on the top right of the message. Click that and a menu should show with an option to report and one for "mark as spam".

So Fiverr still haven't stopped people changing their display names to "Fiverr Support" despite the previous reported accounts and posts about it.

Edited May 3 by uk1000

[geckotechgpt]

Hi All i'm new to Fiverr

I have received the same message I went to the QR code and saw they wanted my CVC number which in itself is highly unlikely to be requested.

I didn't put any details in but now wondering if the site has been hacked have people started to change their passwords as it's probably a wise thing to do.

If people have been scammed take screenshots of everything and contact your bank immediately, so anyone that has entered their details to the QR site, you have given your details to scammers by contacting your bank immediately they can freeze your account if you do it in time.

I have clicked back on he message and by clicking on the user you can see the account has no responses and was created in May 24 so if you do receive messages again, click on where it says fiverr support and it will give you a clue as to if the message is real or a scam 

 

Edited May 4 by geckotechgpt
updated my reply with important information

[maxivated]

Dear Fiverr Community,

I feel compelled to share a concerning encounter I recently had that I believe is part of a scam targeting Fiverr users. I received what appeared to be a legitimate message from Fiverr Support asking me to verify a payment due to suspicious activity on my account. Initially, it seemed legitimate, especially considering the swift response from Fiverr Support.

However, upon closer inspection, I noticed red flags. The message requested my email stating that "Fiverr" was holding a payment before confirmation. Additionally, I was instructed to verify transaction details to receive funds. This raised suspicions as I know that legitimate transactions on Fiverr do not require divulging sensitive information like payment card numbers or CVV2 codes.

Realizing the potential threat, I decided to investigate further online and stumbled upon similar reports of fraudulent activities targeting Fiverr users. It's evident that scammers are impersonating Fiverr Support and sending phishing messages to deceive unsuspecting users.

I consider myself fortunate not to have fallen victim to this scam. However, it's crucial to raise awareness within our community as many others may not be as vigilant. Always remember to scrutinize messages carefully, checking domain names and verifying the authenticity of requests. Legitimate transactions on Fiverr should always be conducted within the platform, with no need to disclose sensitive financial information.

I urge all Fiverr users to remain vigilant and report any suspicious activity immediately. Let's work together to safeguard our community against such malicious schemes.

Stay safe and alert,

Kamil K

Quote

 

 

 

[smartdezigns]

2 hours ago, maxivated said:

I urge all Fiverr users to remain vigilant and report any suspicious activity immediately. Let's work together to safeguard our community against such malicious schemes.

Report this to Fiverr Support. They'll take an action against that account.

[uk1000]

8 hours ago, maxivated said:

However, upon closer inspection, I noticed red flags.

Their message saying "The parcel has already been paid for by the buyer" would also have been a big clue that it was fake.

[aminul_design]

Pure Scam, I have received a website address with a QR code . Never scan this.

[faruqueahmad39]

Greetings!

I am a newbie in Fiverr.

Today I received a suspicious message in my inbox, asking to verify my payment method through an external link provided via QR code.

Screenshots are attached for your kind review and prompt advice.

Thanks in advance.

Regards,

 

[uk1000]

Since you've already reported the message you can ignore it, since it's a scammer.

You could also contact CS if you wanted and report it there and ask them to prevent people calling themselves "Support Fiverr" in their display name (maybe they're using that now if Fiverr's stopped people writing "Fiverr Support" in the display name).

You could also ask CS to prevent people sending those QR code messages in attachments since they still are allowing scammers to do that.

Maybe Fiverr could also put a check in for users using the text "id" + a number for their usernames as a lot of the QR code scammers seem to be doing that, so Fiverr could check those users manually.

Edited May 13 by uk1000

[ana_tomy]

Hi @faruqueahmad39, since you're new here, I highly recommend reading our Terms of Service and Forum Rules. I've edited your post since you've provided a screenshot of a private chat, even though it's a scam, it's still a violation of our Forum Rules. Make sure that you avoid these violations in the future, since they'll most probably lead to having the account restricted/blocked. Good luck 🍀

[faruqueahmad39]

On 5/13/2024 at 5:39 AM, uk1000 said:

Since you've already reported the message you can ignore it, since it's a scammer.

You could also contact CS if you wanted and report it there and ask them to prevent people calling themselves "Support Fiverr" in their display name (maybe they're using that now if Fiverr's stopped people writing "Fiverr Support" in the display name).

You could also ask CS to prevent people sending those QR code messages in attachments since they still are allowing scammers to do that.

Thank you for your advice.

On 5/13/2024 at 5:41 AM, ana_tomy said:

Hi @faruqueahmad39, since you're new here, I highly recommend reading our Terms of Service and Forum Rules. I've edited your post since you've provided a screenshot of a private chat, even though it's a scam, it's still a violation of our Forum Rules. Make sure that you avoid these violations in the future, since they'll most probably lead to having the account restricted/blocked. Good luck 🍀 

Thanks a lot.

[reemfire]

@phillip_element i fell for this scam and the mistakenly confirmed the payment from my bank after entering my bank details. Do i need to change my bank account 

[uk1000]

49 minutes ago, reemfire said:

i fell for this scam and the mistakenly confirmed the payment from my bank after entering my bank details.

You'd need to contact your bank right away. Tell them about what's happened and about the fraudulent transaction(s). Try and dispute the charges.

Your bank should let you know what to do. Maybe they can block the credit/debit card (if you entered that info). Maybe they can put the account on hold or something.

You can also then contact Fiverr support about it through the helpdesk (eg. after you've contacted the bank).

Edited May 18 by uk1000

[reemfire]

1 hour ago, uk1000 said:

You'd need to contact your bank right away. Tell them about what's happened and about the fraudulent transaction(s). Try and dispute the charges.

Your bank should let you know what to do. Maybe they can block the credit/debit card (if you entered that info). Maybe they can put the account on hold or something.

You can also then contact Fiverr support about it through the helpdesk (eg. after you've contacted the bank).

Does that mean the scammer has my bank details??, because before the transaction was made i got a request from my bank asking me to confirm the transaction and the scammer(disguised as a chat box) told me to confirm it. Does that mean he has my details recorded??

[uk1000]

6 minutes ago, reemfire said:

Does that mean the scammer has my bank details??

They could have whatever you entered in their screen. If you entered your card number they might have that. If you entered your bank account number they might have that. Just speak to your bank about it like I said. I don't know exactly what they have. Try and cancel the transactions (if any have gone through). Let them (your bank) know what happened and they'll properly advise you. And like I said, contact Fiverr customer support about it (the real support through the help desk, not someone through the inbox).

Edited May 18 by uk1000

[reemfire]

Just now, uk1000 said:

They'll probably have whatever you entered in their screen. If you entered your card number they might have that. If you entered your bank account number they might have that. Just speak to your bank about it like I said. I don't know exactly what they have. Try and cancel the transactions. Let them (your bank) know what happened and they'll properly advise you.

i guess i'm screwed then because i entered my account number and cvv 

 

[uk1000]

4 minutes ago, reemfire said:

i guess i'm screwed then because i entered my account number and cvv 

I can't say for sure if they have. Just contact your bank ASAP and tell them, like I said. They'll advise you.

[reemfire]

2 minutes ago, uk1000 said:

I can't say for sure if they have. Just contact your bank ASAP and tell them, like I said. They'll advise you.

i am doing that right now. Fiverr really needs to step up

 

[reemfire]

24 minutes ago, reemfire said:

i am doing that right now. Fiverr really needs to step up

 

 

27 minutes ago, uk1000 said:

I can't say for sure if they have. Just contact your bank ASAP and tell them, like I said. They'll advise you.

I contacted my bank and it turns out they have my details. My card has been cancelled and a new card with different details is on its way. The transaction is still pending so it can't be cancelled. Is there still a chance of me getting my money back??