Fiverr.com recently suffered a Cross Site Request Forgery attack (CSRF attack). Below you’ll see a video posted by Mohamed A. Baset, a hacker that demonstrates how easy is to steal the account credentials of an anonymous user on a well known website, fiverr.com .
What is CSRF? Or XSRF?
XSRF, also known as Cross Site Request Forgery or CSRF can be used to trick a user logged in to make some unintended changes on the site. It takes advantage of the trust that your website offer to users already logged. CSRF is also known as one-click attack or session riding. Unlike XSS ( Cross-Site Scripting), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
What is Fiverr?
Fiverr.com is the largest online marketplace for services that start at $ 5. Basically it’s a site where you can post some services that others come to buy. A lot of people buy and sell services (and products) every day through Fiverr.
It is estimated that over 2,000,000 people per month using Fiverr and this figure gives the title of leader in the field. Services available on Fiverr is a very wide range. You can find the service to promote a business, social networking and advertising to comic videos, graphic design, translations and more.
Observation
This article was written just to help you to understand how easy hackers can steal your accounts information. Be aware of all the spam emails, don’t click on strange links, even if it seems that the website is a well-known website. You can check to see on what website the click will send you to, just go with the mouse pointer above the link, and, on the bottom of your browser you’ll see the link that will be opened. If the domain is different than the one where you should be redirected, I suggest you to don’t click on such links. It’s all up to you. Use a good email provider and cases like this one won’t appear.
These are phishing attacks, and once you’ll click a link like this, lots of bad things can happen. Use an antivirus with web protection and everything will be ok. If you have email protection, you won’t have to worry about such email attacks.