This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help

I just got hacked via Zazzle customer support chat!!

DesirableDots
New Contributor II

‎03-17-2024 06:50 AM

I just woke to an email from zazzle telling me i have a message on zazzle, i log in and i see a message telling me i have made my first sale but as its my first i need to verify my id before they can show details and add to my account balance! seems normal so far..  

so i click ed the link provided in teh chat which is a payment.zazzle domain..     where i was asked to enter my card details and my balance to verify my id..     i did this with 2 cards as the first didn't work...   

i then receive a flurry of calls from barclaycard regarding registering my card with apple pay and trying to spend 2400!!  i then open email to find my bank email saying my apple pay registration was successful! 


It seems zazzle has been compromised and they are tricking users to verify their account  through zazzles message center!  

I have now cancelled my cards but wanted to warn the community to hopefully stop anyone else falling victim to this. I find websites that trade 7 days but only offer 5 days customer support super frustrating!i cant seem to contact zazzle at all so here i am!!

please be careful

0 Kudos
8 REPLIES 8

MasterpieceCafe
Valued Contributor II

‎03-17-2024 07:04 AM - edited ‎03-17-2024 07:05 AM

I'm sorry you were scammed, but Zazzle does have this message at the top of the message screen ... "Zazzle employees are labeled with an official badge. We never ask for your password, payment or personal info. Suspect a fake? Report, block and do not reply."  

I think it would be helpful if that message were in larger font and highlighted in red, it's easy to miss.

_______________________
Twitter Pinterest Facebook
masterpicecafe@gmail.com

DesirableDots
New Contributor II
In response to MasterpieceCafe

‎03-17-2024 07:56 AM

hi, yes i did notice it after i initially started to be suspicious...  i'm sorry but zazzle server is insecure if you need to post banners stating that admin are labelled differently! or it should be a popup that has to be verified as read before you can interact with messages!  


this must be an ongoing issue for them to post such a banner and what have they done about it other than add a small banner?   i spend weeks adding my artwork to the site and jumping through hoops to get my account noticed then get scammed via an internal message system!  never before! If this happened to my users I would implement a secure chat service to counteract any further hack attempts!  and why no customer service at weekends? so these hackers have free reign all weekend to deceive zazzle users! dear me..

 

 

0 Kudos

MasterpieceCafe
Valued Contributor II
In response to DesirableDots

‎03-18-2024 07:04 AM

The server isn't insecure, anyone can sign up and send messages. This is a messaging system designed for Zazzle customers to contact Zazzle designers.

Zazzle would email you if they needed to send you information or needed you to fill paperwork. That said, NEVER click links, always go to the source to verify.

_______________________
Twitter Pinterest Facebook
masterpicecafe@gmail.com

Malissa
Valued Contributor

‎03-17-2024 08:26 AM

I am so sorry you were scammed.  That is truly awful and a huge hassle on top of it all.

The notification email you got was just a standard notification that you have a message on Zazzle.  I am quite sure that Zazzle's servers themselves are secure, but there are a lot of dishonest people that are signing up and are using the messaging system to try and trick users into clicking links and/or giving our personal information.   I hope Zazzle can find a way to secure the messaging system better.  Maybe by not allowing outside links to be posted to at least prevent this kind of thing from happening.

Zazzle only pays out by Paypal and check only so a message asking for credit card information should raise a red flag with everyone. Make sure you report and block the message from the scam sender. 

Here is a link to the creator news article showing what the official badges look like.  https://community.zazzle.com/t5/creator-news/new-user-labels-know-who-you-re-chatting-with/ba-p/1396...

My Zazzle StoreMy Art WebsiteMy PinterestMy Art InstagramMy YouTube ChannelTiktok Icon

DesirableDots
New Contributor II
In response to Malissa

‎03-17-2024 10:38 AM

The scammers were there in a chat window  that pops up when you click the link so you are actually still on zazzle it seems.. very devious, but only possible because they contacted me via zazzle!! using a domain payment.zazzle.co.uk or something similar..    guiding you through the process, congratulating me on my first sale..!!  😞 I was so happy, i just don't get why users can message each other? unless engaged in a sale together so once a sale is generated messaging between the two parties is activated!  i had no idea i could just randomly message other sellers on zazzle! shocking to me that is a blatantly obvious security concern! 

Emotional rollercoaster day, from elated i made a sale 😞 to depressed and confused how this can happen through internal messaging.  Oh and to answer point regarding zazzle only pay out a certain way, i had selected paypal and they said they cant verify paypal instantly it isn't convenient for the customer as the customer that purchased my item couldn't proceed till i am verified, so they use 3d secure via visa..   it was extremely believable, i have never been scammed before i am always checking urls etc..   but once i land at zazzle.co.uk inside the message center from an account called SUPPORT with a blue Tick after it! which mean zazzle haven't even bothered to filter any usernames as reserved so to protect from this sort of behaviour, its a common feature on most e-commerce platforms now,  reserved usernames, so; admin, support, zazzle staff etc.  cant be used by anyone other than admin!!  

But i find the system allowing strangers to message me via a site I trust is a massive concern! they get straight through my suspicion barrier as the initial message is in my inbox on zazzle! from Support! they knew i hadn't made a sale yet!! This is sensitive, should be private information that made me believe i was really speaking with a support member.   So, I hope Zazzle will contact me to discuss this matter further as it really does need discussing further.

very upset 😞


0 Kudos

Connie
Honored Contributor
In response to DesirableDots

‎03-20-2024 02:03 PM

I'm sorry that you were scammed, and I know you are very upset. But it is not Zazzle's fault, and Zazzle was not hacked. Any user of the site can log in and contact any designer through Chat. This is a good feature because it allows potential customers to contact us with questions about our designs, or ask us to make additional matching products. I've gotten huge sales of multiple products through customer inquiries through Chat. There are no security issues- scammers can't get hold of your information unless you give it to them.

PenguinPower
Valued Contributor II

‎03-17-2024 05:48 PM - edited ‎03-17-2024 06:26 PM

Z’s message system allows customers to interact directly with us designers. The users are not all internal (it’s not just Z employees communicating with designers) and the system has not been hacked. It has unfortunately been discovered by scammers who are using it to trick people the same ways they do via email or over the phone… you should be as careful, if messages there, as you are on any other platform. 

DesirableDots
New Contributor II

‎03-22-2024 08:19 AM

thank you for all your input but i feel you miss the point entirely...

zazzle haven't protected their users at all by reserving sensitive usernames. i was tricked by a user called zazzle support! with a zazzle logo, I am a  new user so was totally unaware users could contact me through an internal messaging system which then shows up in my email as trusted! from zazzle! with a congratulations you've sold your first product!!   why does such information need to be public knowledge..  they allowed a scammer to join with a username zazzle support!!  and they allow outbound links in messages which is a blatant security flaw! and he knew i hadn't made a sale yet!! so could take advantage of me not knowing procedure!

I have never used a website that allows new users to contact members, even just for spam protection let alone security!   First access of the messaging center should invoke a popup message pointing out that any user can send messages and to be careful of imposters and show official staff badges so I would of immediately realised it was a scammer but as new accounts are obviously not moderated before they can contact members and as they haven't reserved sensitive usernames , ie staff, support etc..   Zazzle are totally guilty of putting their users at risk of these scammers.

a proper security procedure should be as follow..
1. New users are moderated to ensure they aren't creating accounts that are obviously designed to trick users into believing they are staff!!  

2. a popup informing members that they are aware of these scam attempts happening so be vigilant and displaying examples of staff badges!!  this message must be confirmed like a cookie popup before you can read your messages. at least for the first time using the message center.

3. Allowing outbound links is very dangerous and could lead to severe loss to the user! internal links are acceptable to discuss designs, product listings, yes, totally agree!  but external links are a huge security risk and no-one could be scammed if this was not allowed!

4.  i feel contact between members should be associated with specific products only! ie, a user wants to contact a creator regarding a design/product, he/she could click contact seller about this design and a pre-formatted message could be sent for you to then contact the potential customer armed with the product info.   

The above simple steps would STOP all scams from happening and discourage scammers as its pointless if they cant get you to follow an external link to their scam. 

The hackers, created a domain   zazzle-verify.com which combined with the fact it was sent to me knowing i hadn't made any sales yet and from a user called zazzle support! with a zazzle logo in my zazzle inbox, made me believe i was speaking with zazzle staff. 
what really troubles me is the fact i contacted support and no-one has even offered an apology for the massive headache its caused me and could of cost me a lot of money! But I would of expected a contact requesting as much info as possible so they could make steps to stop this happening to any more users!  Not one question as to how they tricked me, no request of info..  no apology, I now know this has happened numerous times.

I really think new users of zazzle NEED to be made aware of the fact anyone can send them messages. it is a very unusual function you cannot directly send messages on any other platform i am aware of.. canva, ebay, vbulletin, on my forums users must make a few posts that have to be moderated by a human before they can message other members but then outbound links are disabled as standard.

thank you for your replies.

 

regards

 

DD

0 Kudos
Top Solution Authors
View all
Copyright © 2024 Khoros, LLC