This past Sunday morning I received a rather disturbing email from a client related to someone he hired on Fiverr.
Below is part of the interaction with the person he had hired on Fiverr.com to help him update the design of his WordPress website.
My client has been working with the Fiverr seller the week prior. And each time a portion of the work was completed, the Fiverr seller would demand more money before continuing.
After the third demand for more money, my client canceled the work order and wrote a one-star review.
Below, and at right, is the actual chat response from the seller:
…
I was floored. I mean nearly every interaction I’ve had with someone selling their services on Fiverr has been friendly and helpful.
What we did after the Fiverr seller’s blackmail attempt.
So we took all of the usual precautions, changed all the passwords, ensured all was updated and did a general check for potentially malicious back doors and the like. All was well.
The client later reported the alarming chat he had with the Fiverr support team. Fiverr replied responsively and removed the seller from their network that same day.
So what does this really say about Fiverr?
I’ve had several anecdotal discussions with clients over the past few years about their websites’ being hacked relatively soon after they had outsourced work to Fiverr. And I have to admit, my tendency has been to downplay these scenarios as likely coincidental. But now I have to wonder.
It does make me think, what are we giving away when we outsource work to an anonymous person in another country in order to save money?
Let’s talk security before and after using Fiverr (or similar services).
Prior to using any outsourced service, I recommend:
- Changing all of your passwords using a random password generator. Both 1Password and LastPass are well regarded password management options.
- Consider the level of access you are providing.
For instance, if the person you are working with is simply editing WordPress content on your website, be sure to set up a separate administrative account for them within WordPress. - Carefully review of the ratings and number of reviews of the Fiverr seller you are considering hiring.
During and after the purchase and delivery:
- Keep careful notes of your interactions and take screenshots of chat interactions whenever possible.
- Once the work has been completed, be sure to delete the user account you set up for the seller and change all related passwords once again using a password generator.
Do you have other recommendations as well, or have you experienced similar unscrupulous behavior from sellers on Fiverr?
…
Please post your comments below.