Jump to content

Question

Posted

A few days ago, I received a message from a client requesting design work and shared a ZIP file containing PSD files to review their requirements. After downloading and extracting the file, I noticed a quick process running on my computer, but I didn’t think much of it at the time. The following day, I noticed I had been logged out of all my accounts, which felt suspicious. I brushed it off until later when I received a Fiverr notification stating that a recent order had been delivered and marked as complete — an order I hadn’t placed.

Fully alarmed, I immediately contacted Fiverr support and explained the situation. After a week, I discovered in my email’s trash folder that a $1500 cash advance had been taken from my Fiverr account. Apparently, the hacker had blocked Fiverr’s emails to keep me from receiving any account notifications in my inbox.

I’ve since changed all my passwords and contacted Fiverr support again, but I’m still unsure if the hacker retains access to my account. The most puzzling part is that two-factor authentication was enabled on my account, so I’m unsure how they bypassed it.

Has anyone experienced something similar? Any insights on how this might have happened, or additional security tips would be appreciated!

  • Like 12
  • Sad 1

13 answers to this question

Recommended Posts

  • 0
Posted

Hello @mluqmanabbasi 

Unfortunately, you are not the only one. We are aware of the issue and are actively working to resolve it. We strongly recommend not opening suspicious links, QR codes, or files from senders you have not contacted directly. Please be aware that Fiverr will never contact you via inbox to request payments, passwords, or private information. Please check out this article on Avoiding spam and staying safe on Fiverr. In addition, check out our Forum posts as well. 

Hope this helps. Stay safe! 

  • Like 7
  • 0
Posted (edited)
2 hours ago, mluqmanabbasi said:

Any insights on how this might have happened, or additional security tips would be appreciated!

Did you not have any antivirus running at the time? Did you run antivirus after?

You could run an antivirus scan on the .zip file if you want to check it/what part of the contents contained a virus.

2 hours ago, mluqmanabbasi said:

After downloading and extracting the file, I noticed a quick process running on my computer

Did you open any of the files or just extract them? I don't know why it would run the process if you just extracted them but didn't click to open/run anything.

Could there have been malicious scripts inside the .psd files?

They could have installed a key-logger and maybe got login info from that or used or other malware. If you haven't run a full virus scan since the hack the malware/keylogger could still be there.

Edited by uk1000
  • Like 8
  • 0
Posted

Yes, after extracting the file, I clicked on the PSD file to open it, and then a process briefly ran on my PC. I currently use Microsoft Windows Defender as my antivirus. Do you think that’s sufficient, or should I consider using dedicated antivirus software?

  • Like 5
  • 0
Posted
2 hours ago, mluqmanabbasi said:

Do you think that’s sufficient, or should I consider using dedicated antivirus software?

Since it missed that virus/malware/keylogger then I'd use one that can properly detect most of them. They might not be able to detect all.

So I'd run a proper antivirus if you haven't as until you do then that malware/keylogger could still be on your device.

Maybe check online for other things you could do to reduce the risk too.

  • Like 4
  • 0
Posted
11 hours ago, uk1000 said:

Since it missed that virus/malware/keylogger then I'd use one that can properly detect most of them. They might not be able to detect all.

So I'd run a proper antivirus if you haven't as until you do then that malware/keylogger could still be on your device.

Maybe check online for other things you could do to reduce the risk too.

If I format my entire PC and install a new Windows, will that eliminate the risk of hacking?

  • Like 3
  • 0
Posted (edited)
2 hours ago, mluqmanabbasi said:

If I format my entire PC and install a new Windows, will that eliminate the risk of hacking?

It will probably get rid of any malware/virus/keyloggers that are already on the system. It won't eliminate the risk of future hacks (though it will prevent them accessing the system through any existing malware/keyloggers on it)- it won't stop someone sending malicious files (that could be inside a zip file) in future.

So you could back up your important files and then if you wanted to format your pc and re-install windows then after that you could install a good antivirus that should reduce the risk of getting infected in future from bad files (and to check anything restored from backup).

Edited by uk1000
  • Like 4
  • 0
Posted
2 hours ago, mluqmanabbasi said:

There too many antiviruses available at internet, which one would be better?

Maybe look through independent reviews of the latest ones and then decide which seems best for you taking into account those and any costs of them.

  • Like 5
  • 0
Posted

Same happened with me on Sep 6, 2024. Hacker took cash advance 1000 and 133+ earning from my account total of 1133+ transaction.
Fiverr Support and Pa'yoneer both not helped in this case even It's been 3 months. They are not ready to agree on compensation or reversal amount.
Now finally I asked them to close this issue with 2 of my conditions.

1. Block Cash advance option in my ID. ( reason: in our region interest is prohibited )
2. Only LOCK on my 1 pa'oneer account for withdraw Until I chat myself back to support to change anything.

Fiverr Support not ready for this also. Their Security is zero. and I am worried again.

@mluqmanabbasi @Lena @uk1000

  • Like 1
  • 0
Posted
15 hours ago, masad01 said:

1. Block Cash advance option in my ID. ( reason: in our region interest is prohibited )
2. Only LOCK on my 1 pa'oneer account for withdraw Until I chat myself back to support to change anything.

Fiverr Support not ready for this also. Their Security is zero. and I am worried again.

I don't know why they can't do those things (maybe CS can't do those 2 things individually for sellers). Or try asking to speak to another CS person/escalating it.

You could check you're doing everything you can to keep your devices secure though. Up to date antivirus, 2FA (which you're probably already doing), having security questions & answers that a hacker would have no way of knowing. A strong unique password that you don't use on any other site. You're probably doing that though.

Hopefully staff can help you.

  • Like 1
  • 0
Posted

@uk1000 fiverr staff never helped, when my account was hacked, Everything was on (Unique Password, 2FA) everything but still this happed. And I never recovered my amount of 1133+ and that month earning due to my account was disabled.

And For the antivirus I used window's defender that comes originally with windows. and I send all the screenshots of my scanning to CS that was completely clear.

Now I think no hope. Because It's been 3 months.

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...