Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

Large security concerns

Community Guru
Amanda F Member Since: Aug 8, 2015
1 of 10

I know in the past people have been able to get into accounts here and having security issues but I'd like to know if anyone is currently getting strange emails in gmail that look really suspicous from clients you have worked with here, like I mean clients I haven't talked to in over a year suddenly sending me 3-4 messages that seem legit but you can tell something is up and you refuse to download anything from them because you never heard anything from them before they send you a file without a message. They are actually trying to use stuff like what I am doing currently to incorporate, and not talking about projects, just sending invoice like files,etc. I did not download anything from these people, but it is super concerning me and I am not sure if it is my gmail that is compromised or if perhaps someone got my information from here. How else would they know how to use the clients I have had here? It's weird! 

 

I have read that gmail has been hacked into by people a while back and they make the messages look real. I am not sure what to think, but I do always know when it is wrong and that I shouldn't download. 

 

Btw, these emails are coming from the clients actual email addresses which is super scary! and no, it definitely is NOT the client, because I recently talked to one who I couldn't work with at the time because I was very busy, and right after I talk to "him" I get files from his gmail for a completely different project and an invoice for some reason that I refused to click on. 

 

Just wanted to make people aware of this obvious scam and be careful not to download anything unless you talk to your client first. Never download files or click links from them. I haven't and just opened the email itself, but I am super concerned! I am also changing my password for my email and here too so it hopefully blocks whoever this is! The funny thing too is I have a very big and juicy password that I doubt anyone could figure out, almost like a wordpress-generated-long password. 

Community Guru
Cheryl K Member Since: Jul 16, 2015
2 of 10

Amanda:

For what it is worth, I haven't received any strange emails from long lost clients.

Ace Contributor
Christopher H Member Since: Feb 1, 2019
3 of 10

I'll try not be too boring with the geek stuff...but as to your last point the protocol the use for emails is very old and not secure so it's actually really easy to send a mail from someone else (it's called spoofing) you can basically edit the email so it looks like it was sent from any mail address you want if you know how....this is why you should never trust emails.

 

From your description it sounds like scammers have been scraping upwork to try to find targets for their scams...oh goody

Community Guru
Amanda F Member Since: Aug 8, 2015
4 of 10

Yeah I know what it is Smiley Happy I just want to make people aware because I am seeing it a lot and I do know never to click it, but I brought it up here to inform people and to also be really careful and make sure you know the client is giving you something first. It isn't meant to scare but just to be really aware of the fact that there right now are for sure hackers who are definitely looking over upworks to fine victims and they not only are doing that but they are actually using the client's emails! It is scary to me because I'm just always so busy and I got to be extra cautious now because it seems to be very frequent at this time! Robot Sad

Ace Contributor
Christopher H Member Since: Feb 1, 2019
5 of 10

yea it is interesting that they have managed to get hold of client email addresses...if no one else reports having the same problem, you should probably run a scan and check your accounts for suspicious activity in case it's on your side

Moderator
Valeria K Moderator Member Since: Mar 6, 2014
6 of 10

Hi Amanda, 

 

I'm sorry to hear you've been getting suspicious emails. I just wanted to clarify, did you at any point share your email address with these clients? Or you never did and all your communication with these clients was on Upwork?

~ Valeria
Untitled
Community Guru
Amanda F Member Since: Aug 8, 2015
7 of 10

Well of course I have also worked through email when needed with some clients when this site didn't work for any reason (still got paid through here), but some of these clients were solely worked with through the upworks app and not email. That's why I am concerned in general. It has come from some who I used gmail with. Either way it is still super odd it is all coming from solely client-related things from Upworks and nothing else. My clients who I have who I found myself outside of Upworks, I am not getting weird messages from them or with any other email interactions and this is happening just about every week now that I get one from an Upwork client that I didn't speak to in over a year and who I am no longer associated with, even some that the project was closed and finished. All of this is why I am concerned it is someone trying to get into and target my upworks account and seemingly my clients too!

 

I don't think my actual account here is compromised though, but I have no idea! My account here seems just fine and everything else has been normal aside from these strange client emails that I suspect is phishing. To be clear, I have no virus or other issues, just a large concern that I am getting emails from "previous clients" that seems ultra suspicious.

 

Still, the fact that they have some of my clients emails from here is very strange indeed! My gmail password is changed often and is super long. If I was hacked, I have no idea how it is possible and why whoever this is seems to be using all upworks clients only within the obvious scam email. 

 

I'm going to put 2-step verification on here. 

Moderator
Valeria K Moderator Member Since: Mar 6, 2014
8 of 10

Amanda,

 

Somebody from our account security team will reach out to you for more information and double check. So far we haven't found any signs of your account being in any way compromised.

 

Thanks!

~ Valeria
Untitled
Community Guru
Amanda F Member Since: Aug 8, 2015
9 of 10

Okay thanks for checking into the account for me. What I am going to do is put on 2-step verification on all from now on just to be safe. I didn't have it on my gmail because I hate constantly using the cell phone. lol Nonetheless, I hope this thread reminds people to be on the watch for weird stuff this where you may possibly think it is actually your client checking in with you. Thankfully I was safe by not clicking into it, but for all I know my gmail could be hacked and I am taking steps to fix. If so, I can't believe they could get through my ever-changing, extremely long passwords that I put together myself if someone did get into it. 

 

This is what I think is going on possibly and I am most certainly being targeted for working on Upworks, no doubt in my mind there considering it is all client-related stuff! I defintiely haven't done anything myself that could compromise it - https://www.inc.com/joseph-steinberg/beware-this-new-gmail-scam-that-is-tricking-even-tech-savvy-use...

I am pretty sure they are getting smarter with how to hack password stuff even moreso since the article was written. 

Community Guru
Amanda F Member Since: Aug 8, 2015
10 of 10

Update here. The Upworks team did reach out to me, I sent them one of the malicious files to show them and they did confirm it was as I suspected and they said it was good I didn't open it of course. I am thinking this is spoofing so just wanted to let all know that there are people doing this to make themselves appear as the client. The simple way to tell these people doing this is that they give no info and a random file you never suspected to get from a client. Be on the lookout! 

 

To add: There isn't anything on my system and I have a lot of security. I had done all scans and nothing turned up. I also checked what devices were logged into my gmail in the last 28 days and all of them are mine, and also checked all the latest activity on the gmail account which is a button at the bottom of your messages. If any of you get this phishing scam stuff check that out and you can tell if someone was in your account. The activity on mine was only mine so my email doesn't seem compromised. I think this is spoofers for sure. 

TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS