Jump to content

Beware of Phishing Attack


Recommended Posts

I receive 2 emails from Fiverr that i have Got orders, but nothing in my Dashboard… I got emails from this email address, noreply@e.fiverr.com And the link provided in that is
http://www.five**.com.ru/linker/?order_id=FO4B836727&view=order
http://www.five
.com.ru/linker?order_id=FO4**B836727&view=order
If i open the Root domain It redirects to Payoneer Account Page. While opening above link takes me to a login page. I m attaching the screenshots for both Emails. Order numbers provided in emails are
Order #FO466B836727
Order #FO466B836727

Beware of this kind of Emails, that might be a phishing attack. Keep Your Email address Safe, and Report instantly if you found any Email related to it.

Moderator Note: The exact links have parts removed to ensure no one will go to an unsafe link.

Link to comment
Share on other sites

The “.com.ru” domain extension is a dead giveaway to the spam nature of those links. This places the copy-cat domain in Russia, as “.com.ru” represents the Russian Federation. Legitimate Fiverr links will always be “fiver.com” – nothing else. Subdomain elements might exist before the name, but nothing after the .com…

Don’t fooled by pretenders. Fiverr is not a Russian company, nor does it have a Russian domain.

Link to comment
Share on other sites

Thanks for sharing numansyed2212 and for the additional details jonbaas
If I may ask a question, what happens if you follow through? I clicked on the links and it just goes to my dashboard. Perhaps CS has already done something about it.

Link to comment
Share on other sites

Thank you for the heads up.
BTW, here is a piece of advice. I never ever click a link from the emails that I get from fiverr. If I receive an email saying I have a new order/inquiry, I would directly login to my account from fiverr.com and check it. Or if I’m on mobile, I will always to go the app to see what’s up.

That’s the simplest thing everyone can do to protect yourself from phishing attacks.

Hope this helps. 🙂

Link to comment
Share on other sites

  • 3 weeks later...

Update: Below are Email details which I received. Hope it will help.

========================================
Subject: Fiverr: Congrats! You have a new order from ashley19s.
X-PHP-Script: www.djamaa-el-djazair.com/site/rsp.php for 41.142.167.86
From: Fiverr <noreply@e.fiverr.com>
Received: from suzuki.websitewelcome.com ([192.185.2.175])
by cm4.websitewelcome.com with
id aBql1s00J3mZUjk01Bqmwy; Fri, 25 Mar 2016 06:50:46 -0500
Received: from djamaa by suzuki.websitewelcome.com with local (Exim 4.86_1)
X-AntiAbuse: Primary Hostname - suzuki.websitewelcome.com
X-AntiAbuse: Original Domain - gmail.com

X-AntiAbuse: Sender Address Domain - suzuki.websitewelcome.com
X-Source-Dir: djamaa-el-djazair.com:/public_html/site
X-Source-Sender:
X-Source-Auth: djamaa

Link to comment
Share on other sites

  • 5 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...