Since we reported last week that there was a scammer pretending to be an artist you were supposed to be in contact with, we have learned a lot and we’d like to share the news we had.
The scam is commonly known as BEC (Business email compromise) in which a malicious person pretends to be a person you’re supposed to be in contact with to collect the payment for a transaction.
If you would like to know more about how these scams work and how huge the impact of them is I would love to recommend this video on the topic. It focuses on a recent case, but it sheds a lot of light on the topic.
We sadly had no luck working with Paypal. Paypal’s policy is to not act on issues like these until the actual victims come forward. So if you have been scammed, there is a good reason to pursue a refund, even if the amount seems irrelevant. You could help saving somebody else.
Also, this is important, the scammer has changed their mode of operation. Since we updated CRM to warn customers when they are being invited into a conversation that may be spoofed, the scammer as proceeded to send emails to their victims.
If you receive an email that claims to be sent from Commishes or an artist on our site, follow these steps to stay safe:
1. Commishes staff will never reach out to you via email asking for payment details. No exceptions. Never.
This means we are also no longer sending emails due to failed wallet transfers. If your transfer takes more than 7 days, please reach out to [email protected] to resolve the issue. We won’t do so.
2. If an artist contacts you via email, please carefully verify the claims the artist makes. Make sure you recognize the artist’s username, the auction you supposedly bid on and the amount they request.
4. Continue to never send money using Family and friends (Paypal), wire transfer, or any other payment mechanism that does not provide a way for you to contest the payment. This makes sure that the scammer at least doesn’t get away with it so easily.
5. Be careful. Take a moment to read every email carefully. If you’re not sure, reach out to our support staff or community. We want to make sure you’re safe!
Recently, we’ve seen a wave of impostors trying to scam people on Commishes. If you’re a buyer, you may be affected. This does not affect the artists directly.
Who is affected: Predominantly buyers. Artists will be affected by the collateral damage of a disgruntled customer.
How does the scam work: A scammer will look for a successful auction, and once it’s ended, they will register an account with a similar name to the original artist and contact the winner.
They will ask for the payment and once they have received the payment, they will not reply.
How can you protect yourself: There’s a few simple measures that you can take to protect yourself from this scam, and many other similar scams.
1. Do check the username carefully. If the username is typed incorrectly. They will often replace a uppercase i with a lowercase l or similar.
2. If you get contacted by multiple people, make sure that you are cautious. If you have a hard time deciding if / whether the user is legit, just contact an admin or the support community. The links are on our help page.
3. Do, under no circumstance, send Paypal payment as family and friends. If you do this, your money is gone, forever, and there is nothing that you, Commishes or Paypal staff can do for you. When sending money with family and friends you waiver your buyer protection.
You must never use family and friends on Commishes. Artists collecting money using family and friends will be suspended.
4. Take your time, keep your calm. Scammers will attempt to pressure you into paying quickly, claiming that your commission slot will be gone if you do not pay up within a given amount of time. This is not true, a reputable artist will work with you to resolve the issue.
5. One giveaway that you’re in a conversation with a scammer is that you will be listed as the artist under “People”, while the person claiming to be the artist is marked as client.
We’re doing our best to fight the scam, but the short lived nature of it means that most of the time we notice the scam after they have gotten the money and deserted the account. So we need your help, keep your eyes open and be careful.
Update: We have more information on the scam, feel free to learn more here:
This week we will be performing scheduled maintenance on the servers which will cause Commishes to become offline for a short periods of time.
We need to upgrade three databases, which will be upgraded in three separate sessions. The service will therefore shortly become unavailable on Monday, Tuesday and Wednesday (Oct. 26th to Oct. 28th)
Running auctions will be extended to account for the downtime.
Hey there everyone. This last week we’ve been upgrading the character set of our databases to be more compatible with modern standards.
We’ve been upgrading one of our servers every day, up until now without any downtime. The upgrade we’re performing today is taking longer and seems to degrade database performance so badly that commishes is timing out.
I want to apologize for anyone having issues accessing Commishes. We’re aware of it and will hopefully be back real soon.
Have some coffee. We’re hard at work. It may not look like it, but Commishes receives code changes and updates daily. New features and improvements are coming! <3
To celebrate that we launched we selected three lucky people to win promoted auctions. Our winners are:
Thanks everyone for participating. This was a lot of fun and I hope we’ll be doing this soon again.
Hey there everyone,
this week we received reports of a vulnerability that may have given a stranger access to a CRM thread with potentially sensitive information. This issue affects you if all the following hold true:
1. You were bidding as a guest.
2. You won an auction.
3. Your email address begins with a number.
In this case, the system sent a notification of you winning to a registered user instead of you, allowing them access to the conversation with the artist.
The issue is now fixed, if you believe you were affected by this issue please reach out to us via email.
Due to the recent update we’ve received a lot of support tickets. We’re doing our best to manage them and will get back to you as soon as possible. I apologize for the inconvenience and thank you for the trust you all place on us.
C# - Admin
This is a bit of a nerdy post, so if you’re into tech you’ll find it more interesting.
Over the last few weeks we have been working on deploying a system that gives us better insight into the inner workings of Commishes. One of the huge challenges when developing software as large as Commishes is that we get overwhelmed with the amount of small recurring tasks that need to be performed.
When you run a website that grows this large, you start becoming unaware of issues that happen on components you may have set up months ago and that you forgot to closely watch.
Right now, we rely on user reports to tell us that our applications are messing up, but we rarely are able to proactively tell whether something is wrong. This is where I’m happy to report that we’re making a lot of progress!
We’ve put together a tool that will give us better insight into what’s happening on the servers and whether one of the machines is acting strangely, giving us the opportunity to fix issues that most people may not even be aware of yet.
Our new tool will allow us to have an overview of the server stats, log files, and other stats on the servers to allow us developers, admins and mods to quickly tell if something is off somewhere on the system. Reducing the amount of effort we have to put into daily recurring tasks and focus on fixing actual issues that need to be addressed.
I am, again, awfully grateful for all your support. And I’m awfully sorry that we’ve been this buggy lately for a bunch of users. But we’re still here, still dedicated and working every day to get better. And I think this is going to be a massive step.
Feels like new beginnings. Sebastian joined our engineering last summer and is finally getting his own first Commishes related project. It’s been a feature that has been sorely missing from our site. Stay tuned for more updates.