Beware of Phishing Attack

[numansyed2212]

I receive 2 emails from Fiverr that i have Got orders, but nothing in my Dashboard… I got emails from this email address, noreply@e.fiverr.com And the link provided in that is
http://www.five**.com.ru/linker/?order_id=FO4B836727&view=order
http://www.five.com.ru/linker?order_id=FO4**B836727&view=order
If i open the Root domain It redirects to Payoneer Account Page. While opening above link takes me to a login page. I m attaching the screenshots for both Emails. Order numbers provided in emails are
Order #FO466B836727
Order #FO466B836727

Beware of this kind of Emails, that might be a phishing attack. Keep Your Email address Safe, and Report instantly if you found any Email related to it.

Moderator Note: The exact links have parts removed to ensure no one will go to an unsafe link.

[theratypist]

Thank you for sharing this! Hope everyone will be informed so no one will fall victim to this.

[numansyed2212]

The Login Screen is just same as of Fiverr original one. Have a look at the attached screenshot for the Phishing Page.

http://i.imgur.com/f3Dqbsg.jpg

f3Dqbsg.jpg1531×761

[jonbaas]

The “.com.ru” domain extension is a dead giveaway to the spam nature of those links. This places the copy-cat domain in Russia, as “.com.ru” represents the Russian Federation. Legitimate Fiverr links will always be “fiver.com” – nothing else. Subdomain elements might exist before the name, but nothing after the .com…

Don’t fooled by pretenders. Fiverr is not a Russian company, nor does it have a Russian domain.

[adsensewizard]

Thanks for the heads up! Wonder how they got your mail address that is associated to your Fiverr account? You might want to change that address, if possible.

[Anna]

You should consider submitting a ticket to CS to let them know. Just in case! Thanks for sharing.

[magellon]

Thanks for sharing numansyed2212 and for the additional details jonbaas
If I may ask a question, what happens if you follow through? I clicked on the links and it just goes to my dashboard. Perhaps CS has already done something about it.

[misscrystal]

I see no way to tell the difference aside from the message: “You session has expired. Please login again.” The links I am seeing do not end in com.ru. Maybe they’ve been change recently. Thanks for the warning.

[jonbaas]

I’m guessing that Fiverr put a redirect in place to protect users.

[frostypinkyph]

Main website has SSL (Secure Socket Layer) the green lock icon besides the address… except for its subdomain.

[signature19]

Thank you for the heads up.
BTW, here is a piece of advice. I never ever click a link from the emails that I get from fiverr. If I receive an email saying I have a new order/inquiry, I would directly login to my account from fiverr.com and check it. Or if I’m on mobile, I will always to go the app to see what’s up.

That’s the simplest thing everyone can do to protect yourself from phishing attacks.

Hope this helps. 🙂

[lesmeursault]

Thank you for the heads up!

[magellon]

Yes, that´s wise. I do the same as well 🙂

[numansyed2212]

Already notified Fiverr Safety Team, and they told that will look after this Phishing attempt.

[numansyed2212]

Just don’t enter your Login Credentials on this Page, as they will stole your Private information and they can Misuse about it.

[numansyed2212]

As you can See Moderator Note on the Post, that they have Changed the links to protect users from Going to unsafe site.

[mudasir84]

thanks for sharing '‘Beware of Phishing Attack’'
today i also receive a fake order e-mail from fiverr.com.ru

[catharine0940]

I click on the link and it ask for login. To my surprise I got the email to email address which is not associated with Fiverr.

Can they steal credentials which are saved in my browser?

[catharine0940]

Update: Below are Email details which I received. Hope it will help.

========================================
Subject: Fiverr: Congrats! You have a new order from ashley19s.
X-PHP-Script: www.djamaa-el-djazair.com/site/rsp.php for 41.142.167.86
From: Fiverr <noreply@e.fiverr.com>
Received: from suzuki.websitewelcome.com ([192.185.2.175])
by cm4.websitewelcome.com with
id aBql1s00J3mZUjk01Bqmwy; Fri, 25 Mar 2016 06:50:46 -0500
Received: from djamaa by suzuki.websitewelcome.com with local (Exim 4.86_1)
X-AntiAbuse: Primary Hostname - suzuki.websitewelcome.com
X-AntiAbuse: Original Domain - gmail.com

X-AntiAbuse: Sender Address Domain - suzuki.websitewelcome.com
X-Source-Dir: djamaa-el-djazair.com:/public_html/site
X-Source-Sender:
X-Source-Auth: djamaa

[adelinewinata]

Wow, is this why when I go to Fiverr a few days ago it asked me to log in again? (I never log out of my account). Thankfully I didn’t check the URL in the email, I directly went to fiverr.com and logged in. Thanks for the tip!

[heatherwrites]

This is Serious!

[z_farrukh]

Wow! This is bad! Thanks for the warning.

[seochick786]

We can’t thank you enough for sharing this thing. We’d no idea it could happen here at fiverr.

[seochick786]

If you’d clicked on the phishing link then you have already been hacked I guess. Because your password reaches to a hacker as you click on any phishing link.

[numansyed2212]

Hope that you didn’t click anywhere on that email, and report it as Phishing.