Keeping your account safe from malware and phishing

The online shopping industry is booming worldwide, and showing no signs of slowing down. As such, it also attracts some abusive behaviors. Two of the most common abusive behaviors are malware (malicious software) and phishing attempts. In this article, we'll review what both you and Fiverr can do to minimize the risk of being exposed to such behavior. 

Preventing malware

Computer malware can be spread in a variety of ways - whether through Fiverr messages, as email attachments, malicious websites, or fake antivirus software. The safety of your Fiverr account and the privacy of your data is of utmost importance to us. Fiverr uses antivirus software that scans all files; however, if you identify something suspicious or feel that you've fallen victim to malware, please click the report/flag icon right away. To prevent malware from infecting your PC, follow these tips:

  • Always keep your antivirus software up to date.
  • Adjust your antivirus software settings and firewall so that outside connections can't be made and no programs can be installed without your permission.
  • Back up your files.
  • Use strong, varying passwords for any websites you access.
  • Never open files if they look suspicious.

Preventing phishing

A phishing message (or email) is designed to capture the user’s credentials for multiple reasons, some of which may be illegal. The attacker may be looking for the user’s credit card information, passwords, government issued ID number (i.e. Social Security number in the U.S.), and much more. 
 
Phishing messages might also include malicious files (or links, which are also known as URLs), that can be used by hackers to extract your personal information. These files might have innocent names or standard endings, but they might also be embedded with malicious functionalities that are hard to detect. By downloading or opening these files, you might grant hackers access to your personal info. 
 
Fiverr wants to assist its users to better identify potential attempts to extract personal information.
  • Make sure you only insert your login details (password and security questions) on the Fiverr.com homepage or login page.
  • Always be cautious when clicking a link which redirects you to a different login page.
  • It is recommended that you always check a link before you click on it. You may do so by hovering your mouse over the link and looking at the address, which it redirects to (seen at the bottom of the browser).
 
While the site may be set up to look like Fiverr, it may be a phishing site that will steal your login details. We’re constantly working on strengthening the levels of security for your Fiverr account, but it's also important that you stay alert. So if you ever receive something you weren’t expecting, or if something seems not quite right, think twice before opening it.
If you’re not sure about a link, you can always open a new window and simply insert the Fiverr.com address by yourself rather than clicking on the link you received. This way, you will know that you are logging into Fiverr’s actual website.
Here are several tips to protect your password online:
  • When you log in to Fiverr, you will always see the “https” prefix (or a lock sign) at the beginning of the URL (the website address).
  • In the example below, a phishing site (pretending to be Fiverr.com), was reported and closed. It looked like this and lacked the mentioned “https” prefix or lock sign:
 
phishing2.png
 
So, you may be wondering, “how can I know I was redirected to a potential phishing site?” Well, the bad guys sometimes try to imitate the look of a real website. However, in most cases, phishing sites won’t be updated and will have fewer features than the original site’s home page.
 
Here is an example of how a phishing version of Fiverr’s login page looks:
 
phishing.png
 
Here are a few easy ways that might be used by the bad guys to try and lure you to a fake webpage (by sending you phishing links and or messages):
  • Emails or chat messages claiming that you’ve won a prize, a discount or a special offer.
  • Email warnings that your information has been compromised and you need to click the link and log in to secure it.
  • Fake messages from Fiverr staff: Look out to see if Fiverr is spelled wrong (e.g. fivver, feverr, etc.). Email addresses can also sometimes have foreign or alternative domain suffixes (e.g. .it, .de, .ru, .so).
 
If you ever receive a phishing link or a suspicious message, click the report/flag icon right away.
 
This article was written to provide our community with further knowledge and is aimed at increasing awareness. While Fiverr takes the security of its customers very seriously, neither Fiverr nor any person associated with Fiverr makes any warranty or representation with respect to third parties’ acts or omissions. Fiverr will not be responsible or liable for any unauthorized access, breach of firewalls or other hacking by third parties.
 
 

Was this article helpful?