UPDATE: CONTEST IS NOW OVER. WINNERS ANNOUNCED HERE!
Phishing & Scamming Alerts
We wanted to encourage everyone to be extra vigilant about phishing and scamming attempts that guise themselves as official Envato communications or products. As time goes on it would seem these kind of attempts to compromise personal account details are becoming more intelligent and more prevalent. Always be cautious and aware of e-mails and Web sites purporting to be Envato related, and if you’re never sure about something, refrain from clicking a link you’re not sure about and check with us via a Support Ticket or a tweet to @envato_support.
The following are just a couple of new instances we’ve seen recently to be mindful of but there are obviously many other attempts to try and trick users out there. This announcement is not meant to be an exhaustive list of examples but just to serve as a general reminder.
Here’s a screenshot one of our community members kindly shared with us via a Support Ticket showing an e-mail they received purporting to be from Envato. At a quick glance it looks legitimate, expecially visually, but on closer examination (note the poor grammar) it’s not something that we would send out:
Typos in URLs
We’re not going to mention the name of the site (and there are probably numerous examples anyway), but be very careful about phishing sites that contain a subtle typo in the domain name. On first glance at the hyperlink name it might look like the site is one of our Marketplaces and even if you click it, the site you go to may look identical to our Marketplaces, but because of the typo in the domain name, you’ll have been tricked. If you then attempt to log into that fake Web site, there’s a chance that your username and password may be stolen or compromised. So please, be very safe and vigilant out there!
Tips to Stay Safe and Secure
We’re planning on developing an article of tips on how to stay safe and secure as a community member and we’ll let you know when that goes live. In the meantime, and without linking to or mentioning specific examples or sites please feel free to share general tips, ideas or ways that your fellow community members can stay extra safe and vigilant when it comes to avoiding scams and phishing attempts.
Let’s make this interesting: The members who post the top 3 suggestions we like the most in this thread will each win an Envato T-shirt! We’ll pick and announce the winners week commencing August 4th. We hope we can all work together to ensure we have a healthy awareness and attitude towards staying safe and secure online and being vigilant toward dubious attempts to scam our fellow Marketplace community members. We look forward to hearing your ideas and suggestions!
Stay safe out there!
This is simple tips to Avoid Phishing:
The first one you try to do is to use some kind of software anti-phishing. This software usually automatically integrates with web browsers and email clients. Anti-phishing will help you to identify the contents of a website or an email. Some anti-phishing program following may help you:
Beware of email sent in bulk or even completely empty.
The next tips you should do before you fill out a form or an online transaction activity, make sure the website address of the page that you are currently using HTTPS ,make sure it contains HTTPS web pages, if not immediately leave the website.
If possible, do not provide your detailed personal information in the pages of your personal profile on a website. Such as Facebook, on your profile page that you should limit the access of your important information. Such as an email address, mobile number or phone, address,etc.
And for the last tips, if you do have the ability to learn or find out more about Phishing, why not? You know with the latest techniques used by Phishers then you also can immediately save important information belonging to you from phishing attacks.
Sorry for my English! The point is always Vigilant guys!
My advice – Be REALLY CAREFUL even with REAL buyers if you never communicated with them before!
What happened to me lately:
Received an e-mail sent via my profile page contact form from a buyer asking why there is a …. problem on his site.
Being an author for more than 3 years, I have already built a reflex – always checking the purchase confirmation link BEFORE even read the entire mail. Well – this one was a REAL buyer.
My answer was – “I am afraid I can’t just guess what could be wrong. Could you please at least provide a link to your store, so I would be able to check this?”
So far – nothing strange and unusual!
The client answers:
Here is the link to my site …... The front page show a lot of PHP errors!
Well… this is where the fun begins!
Clicking on the link results on immediate anti virus alert and page blocked! Nothing scary as far as your AV software is good enough and up to date. Not even suspicious – there are many sites infected and their owners doesn’t knew about it. There are even themeforest item’s demos infected!
I am answering to the client:
Unfortunately I can’t check your problem as your site is infected with a Trojan Horse and I can’t/won’t open it.
AAAAAND The client answers back:
” :))))))))) May be next time “
Never heard from him again!
NEVER let your browsers save ANY passwords and use a paid and reliable AV! It’s worth it!
2. No legitimate website/business/organisation will EVER ask for your password or any other private details over email. Never. If they do, then they’re most likely scammers.
3. Make sure your Anti Virus Software is up to date.
It would be nice and more secure if Envato would integrate the 2 step verification. I think all the sites that involve money should do that.
Those kind of emails will always be present and, unfortunately, there will be users (maybe not many) who will think it’s real. I think a 2 step verification process would solve this issue.
I want to mention that only a few users (I think so, not sure) visit the forum or read articles from envato notes and you could write hundreds of suggestions and only a few authors will read them. You, Envato, will have to assure that at least all active authors will read those suggestions.
Now, a suggestion… No one will ever judge you if you post a thread in the forums when you’re not sure about something.
All the best!
1. Always check for URLs, if they contain mismatched or misleading links or domain names, don’t click on them. If email contains poor, check them well it can be fraud.
2. Don’t give personal information like password, bank account etc to anyone. No big company like envato never ask for such information.
3. While making payment always check for secure URLs ( https:// ). If possible user virtual keyboards while entering the sensitive data.
I always report any e-mails that ask me to confirm my account or any emails that have words to the effect of “your account will be closed/deactivated” etc. As mentioned above, just hover your mouse over any links in e-mails and you can tell if the url or domain is dodgy/different to the supposed sender.
There is no patch for human stupidity (excuse my S word!)
1. Tell every mail provider about you. When sending out emails please ensure your email is DKIM. This will teach the email services that you use DomainKeys and that emails claiming to be yours but without the correct passage are possible spam mails. Once SPF and DomainKeys are configured, we would have minimized the number of scammers from reaching the inbox. Gmail, Hotmail, etc adheres to DMARC (http://dmarc.org/).
2. Create a habit. Enable 2-way authentication and make it mandatory, when you apply such rules people tend to get in a habit of logging in that way. Let us encourage this annoying good habit. If they see a step missing, their instincts will tell them the otherwise.
3. Be the thief and a teacher. Buy a domain and set a sub-domain that says : Envato-Com.securelg.in/ (securelg.in is available) and send an email from that domain asking people to login – once they login tell them it was a test, if they fall for this they will loose their money and that you will never ever send such emails asking the user to login.
Use reputed mail service providers only.