MicrostockGroup Sponsors


Author Topic: Scam/Pishing on Shutterstock ?  (Read 5131 times)

0 Members and 1 Guest are viewing this topic.

« on: October 16, 2015, 15:26 »
+1
This message is normal? It goes to an unsecure page. I don't want to try forward .. Please see attachments.
« Last Edit: October 16, 2015, 15:29 by photostockad »


langstrup

« Reply #1 on: October 16, 2015, 15:42 »
0
I just experienced the same. Has already mailed support.

Anybody know if Shutterstock is being hacked?


Noedelhap

  • www.colincramm.com

« Reply #2 on: October 16, 2015, 15:56 »
+1
That's odd, I'm curious what Shutterstock has to say about this.

« Reply #3 on: October 16, 2015, 16:07 »
0
Here's what I see when I click on the email verify link:

« Last Edit: October 16, 2015, 16:33 by rimglow »

« Reply #4 on: October 16, 2015, 16:12 »
+1
I've got the same message. Wondering, if it could be really necessary to confirm the email address after almost 7 years (in my case).  So I think, this must be phishing!

« Reply #5 on: October 16, 2015, 16:23 »
0
I don't see the message. The only weird thing was having a batch fully aproved after review  :P

« Reply #6 on: October 16, 2015, 16:34 »
+1
I've got the same message. Wondering, if it could be really necessary to confirm the email address after almost 7 years (in my case).  So I think, this must be phishing!

Well, if it's a phishing scam, I just fell for it.  And I got a "confirm your email" link back that appears to be entirely legitimate.

Who knows why they might do this after so many years of accepting a certain email (like mine or yours), but IMHO it does appear to be legit.
« Last Edit: October 16, 2015, 17:20 by marthamarks »


« Reply #8 on: October 16, 2015, 17:20 »
+5
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent

Vincent, as long as you're here can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?

That's a fairly new wrinkle at SS, and it's not especially appealing.

Thanks!

« Reply #9 on: October 16, 2015, 17:23 »
0
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent

Thank you, Vincent! Done!
« Last Edit: October 16, 2015, 17:31 by roede-orm »

« Reply #10 on: October 16, 2015, 17:38 »
+1
I'm not sure anyone has ever gotten a Captcha right on their first try anywhere in the world.

« Reply #11 on: October 16, 2015, 18:03 »
0
It's fixed now.
« Last Edit: October 16, 2015, 18:05 by rimglow »

« Reply #12 on: October 16, 2015, 22:03 »
0


Vincent, as long as you're here can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?

That's a fairly new wrinkle at SS, and it's not especially appealing.

Thanks!
[/quote]

+10 . i hate those capcha the first time. now the pictures are even more ridiculous.
yknow, even banks do not use capcha, so how necessary is this for stock agency. no one uses capcha   because they are hopelessly illegible.
not one financial site uses this capcha thing. if it is that safe, banks , financial business,etc would use them.

« Reply #13 on: October 16, 2015, 22:11 »
0
Vincent, as long as you're here can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?

That's a fairly new wrinkle at SS, and it's not especially appealing.

Thanks!

+10 . i hate those capcha the first time. now the pictures are even more ridiculous.
yknow, even banks do not use capcha, so how necessary is this for stock agency. no one uses capcha   because they are hopelessly illegible.
not one financial site uses this capcha thing. if it is that safe, banks , financial business,etc would use them.

+10  :(

They used to be food items: pizza, donuts, drinks, steak, hamburgers, etc. That was pretty easy to get right.

Now, though, you have to squint to figure out which 2-3 lo-res snips from a set of lousy photos show a construction vehicle or an RV, a car or a sailboat, a tricycle or a bicycle, street signs or business signs, etc. The images are almost always terrible and certainly not good examples of the quality work that SS supposedly sells.

Do customers have to jump through these same ridiculous hoops? Or is it just us lowly contributors?
« Last Edit: October 16, 2015, 22:17 by marthamarks »

« Reply #14 on: October 17, 2015, 01:54 »
+1
There is actually a bigger problem. The default log in page is not encrypted, it uses http rather than https. Chrome says the identity of the web site cannot be confirmed. The http site should automatically route users to the https site to ensure encryption is used to protect the data entered during log in by the user. This is web security 101.

Additionally when you manually enter the https vs http Chrome says the site uses weak security (SHA-1). Again Web Security 101. This was not the case previously. I suggest whoever is in charge needs to take a look at what is going on very carefully and users be very cautious.

« Reply #15 on: October 17, 2015, 02:38 »
+2
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent

Vincent, as long as you're here can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?

That's a fairly new wrinkle at SS, and it's not especially appealing.

Thanks!

Well that's kind of strange anyway - first thing I did is to come here and check why there's a need to verify long ago verified mail. Whenever I see somewhere in the internet "we pay you but you just need to click this" makes me feel uneasy. Also you send the "welcome new user" template that says it's a first step on becoming new contributor. "Thank you for taking the first step in becoming a Shutterstock contributor." -> I was kind of surprised and this made me suspicious that my account was somehow hacked. Would be nice to get the real message explaining like, "Hi _our dearest and most precious and we love you so much_ ;) user. We need to re-verify your mail, because of the reasons. [Put reasons here]. It's all ok, just click here and here."

Noedelhap

  • www.colincramm.com

« Reply #16 on: October 17, 2015, 04:49 »
+2
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent

The way it's worded reminds me a lot of regular spam e-mails. What if I don't want to click it? What happens then?


« Reply #17 on: October 17, 2015, 04:58 »
+1
I also just noticed that my Paypal email address has been removed from my details on Shutterstock. This getting more concerning.

« Reply #18 on: October 17, 2015, 11:38 »
+2
I verified my e-mail address as Vincent requested - and I too think that getting a "welcome" screen telling me I'm on the way to becoming a contributor is just amateur hour stuff. Harmless but indicates no one was paying attention to the details when doing this.

I did change my password, just as a precaution.

I also added my e-mail address for PayPal - which had become blank.

The first attempt gave me an error message saying the e-mail address wasn't properly formatted (it was). I did the same thing a second time and it succeeded and then I got this genius e-mail (I've changed the actual e-mail address):

Hi,
This email is to inform you that your account information below has recently been changed:

"Paypal/Moneybookers Email Address" was changed from "" to "[email protected]"

If you did not make these changes, please contact Shutterstock Support immediately.

Regards,
Shutterstock Support


It's possible that when the PayPal address is blank it will use your main e-mail address (which would be fine in my case), but it doesn't say that and I'd rather avoid payment problems next month.

« Reply #19 on: October 17, 2015, 11:59 »
+2

« Reply #20 on: October 17, 2015, 16:41 »
0
Sad that they take so little precautions with our security. Strange to see a site being thanked for exposing our accounts to theft.

I also just noticed that my Paypal email address has been removed from my details on Shutterstock. This getting more concerning.

There is actually a bigger problem. The default log in page is not encrypted, it uses http rather than https. Chrome says the identity of the web site cannot be confirmed. The http site should automatically route users to the https site to ensure encryption is used to protect the data entered during log in by the user. This is web security 101.

Additionally when you manually enter the https vs http Chrome says the site uses weak security (SHA-1). Again Web Security 101. This was not the case previously. I suggest whoever is in charge needs to take a look at what is going on very carefully and users be very cautious.
« Last Edit: October 17, 2015, 16:57 by gbalex »


 

Related Topics

  Subject / Started by Replies Last post
10 Replies
5353 Views
Last post November 12, 2007, 23:30
by alpy7
10 Replies
5057 Views
Last post August 23, 2010, 16:11
by cmcderm1
11 Replies
7916 Views
Last post May 14, 2012, 11:56
by stockastic
0 Replies
1298 Views
Last post October 02, 2012, 11:48
by RacePhoto
3 Replies
1231 Views
Last post February 25, 2021, 10:01
by trabuco

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors

3100 Posing Cards Bundle