Email from play nc or phishing attempt?

I just received an email supposedly from plaync asking me to update my privacy settings. The link appears to direct through listserv.plaync.com and guildwars.com when hovered over but I am very hesitant to click the link.

Anyone else received these?

Well, if there actually is a privacy concern, you can always update by going to PlayNC's site by yourself and not through the e-mail.

I have not.

However I would guess it is a phishing scheme. Mainly I do not remember needing to do anything outside of the game engine so I do not know what good going to plaync or guildwars.com would do.

Yeah I strongly suspected it would be, what is concerning is where they could have gotten the address from as i've never given it out anywhere. Anyways, if any of you get this email, be careful!

Phish. I get them all the time. I delete them since Anet apparently isn't concerned about them. Paypal aggressively shuts down phishers, but NCSoft has always blown me off when I have reported these emails.

Hey, apologies for the alarm, guys. This is a legitimate email from us, [b]but please be sure that the link you follow goes to [url]ht tp://listserve.plaync.com/ (without the space in http )

The reason for the email is that we're putting together a newsletter and we want to make sure that you'd like to receive it.

Again, apologies for not forewarning you about this, and Jeff tells me that in the future, they'll let me know in advance so that I can give you all a heads up on an incoming message.

ahhh, well that's a relief, thanks for letting us know Gaile

It is never a good idea to follow links in an email regardless of the knowledge it may be legitimate, it may not be also.

Always go to the site by opening the browser yourself and going to the site, don't use the link in your email.

Never, ever, ever, under any circumstances, use the link in an email to get the page you're supposedly supposed to update. EVER. Seriously, never. There is no, absolutely no, not even one possible case where a company needs to email you the link to the place you should go to change anything. If any company ever does this, stop doing business with them. (Or, at least, never click the links and enter sensitive information)

Anet: Stop sending that kind of thing. Instead of sending a link, send instructions. (And follow it up with non-retarded website design. This shouldn't be hard, since your website is already decidedly non-retarded.) Seriously, there's too many hacks, javascript, cross site scripting attacks, etc. to ever make links in email reliable, as the email sytem stands. It is not good enough to rely on users to read the link location in the lower status bar of the browser. Most don't, and they get phished that way.

All it takes is one innocently misclicked link to <a href="My hacker site here">http://www.guildwars.com</a> with a fake guildwars.com site backing it to trick someone into revealing account details. Keep in mind when hovering, some browsers let javascript override what should be displayed in that little bar at the bottom. It's dumb, but they're still out there.

I'm just saying, anet, don't send links like that in email, as that leads people to fall prey to phishing. Anyone with a SMTP server can spoof from: headers, hostnames, etc. and there's no authentication on it. (If you need proof, I *ahem* know a guy who can send you email "from the president" Anyone who can send email can send phishing-styled messages.

Sorry if I sound out-of-sorts, but part of my job duties involve security, and I just overall personally hate to see poor security concepts in action, and hate more, to see people fall prey to the easy tricks.

Until there is a strong public key infrastructure for email, with a chain of trust you can .... trust, links in email should be considered potentially tainted. Know What You Are Clicking, and if you're a company sending emails, do this kind of thing right.

mr goat did you get this email yourself? Your making it seem as if Anets email is so un-profesional.Yes yes your points is valid , your just going overboard.I Did click the link after some hesitation adn checking and guess what, i didnt have to enter any details like you said....They just knew it was me.

classic anerf

I've recieved this too

I agree with mrgoat. Anet should handle this better. I just received the mail as well, read it, thought: "hey, cool a GW newsletter", and clicked it. Then I went to GWGuru, saw this thread, and my heart skipped a beat at the first posts... I'll be more carefull in the future now, and hope Anet will too.

You make excellent points about greater security, and I will definitely be passing those along. But doesn't everyone mouseover and really look carefully at the URL of the link, or right click and check "Properties" to be sure it is going where they assume it's going? If I see an "eBay" link that goes to http://www.ebay.somethingsfishyandyoushouldbecareful.com I know it's not exactly legit.

However, I'm squeamish about this whole thing, and I don't have a copy of the email. Could someone post the exact link to which that email leads? If we post that, then everyone can check the linkand only click after they are satisfied it's the right one.

Better still, I will suggest that in the future we have people insert the link themselves -- follow instructions, as you say, rather than click a link. The problem is, people may not do so because it takes more effort on their part, or they forget, or they're busy, or whatever. However, the greater security will be worth us offering the option in that way.

Frankly, I'm a lot more comfortable with an active sign-up on our website. I will definitely pass along your security concerns and your suggestions for handling this better in the future. In fact, I'm writing an email right now.

The link looks like this:
h.ttp://listserv.plaync.com/c?id=3184334A&u=http://www.guildwars.com/support/newsletter/confirm_en_add.php?email=*myemailedited*@*alsoedit ed*.com

I had to add a "." in http because guru shows it as a "clickable" link otherwise.

And, I did the same thing as Sjeng. I should be more careful next time, and I'm reliefed it's legitimate. Thanks for reacting so fast, Gaile

Thank you. I've amended my post above to point out that the link should be
ht tp://listserv.plaync.com/ (without the space between ht and tp and with a string of characters after the .com/ ) It seems to me that phishing would not succeed with that much verified, because the slash breaks at the end of the plaync.com and therefore someone would be on the legitimate site at that point.

When I read this messages, I am happy that at least some people know how to check the links in their e-mail.
But, as stated above, e-mail with URL's is not really safe.

For future e-mails (I don't mind getting them) you could better send an e-mail pointing to the website (no url, just goto our website, and the buttons to click) and explicitly state that ANet and other parties involved will never, ever, ever ask for login-names and passwords to guildwars accounts (or other privacy related stuff).

And, thanks Gaile for the quick reply.

Assuming people are wise enough to not follow links without checking them isn't really security. The assumption should be that people will not =P. In terms of eBay/online banking/paypal, they will request you visit the site and login to access the feature, rather than following links through the email. They also use methods such as addressing the body of the email to the name of the account holder, as an added security check.

People are right to be wary of direct links within emails requiring you to login. It's just too big a risk, especially with online game/mmo accounts becoming more and more of a target for theft.

It's good to see you taking feedback in this regard.

Clicking links in emails is perfectly safe, entering your details and credit card numbers on a page you cannot verify is genuine isnt.

Common sense, people, common sense. Its not that hard.

I'd like to know why we have to create a PlayNC account in order to change our game passwords. Especially considering PlayNC's complete lack of security. We can no longer use numbers or special characters. Even though PlayNC doesn't appear to give a damn about my account, I sure do.

Unfortunately that's not always true.

But like it's been stated before, always check sites once you're in them if you do click on email links- I had this happen once with another site where a phishing copy was very very well duplicated- all links went to the original site except the login page and account info stuff. I had fun entering all sorts of bogus crap and you're gonna get it crap

I think, i remember an ArenaNet official writing: "We will NEVER user your login email other than to send you a new password". (or was this email to NCSoft accounts only?)

Please don't sacrifice our accounts security for marketing like newletters.
Spreading our email adresses over several systems or creating multiple entries for software to your database increase the risk of a security hole.

Although listserv is a matured piece of software it already had a CERT alert this year: http://www.kb.cert.org/vuls/id/841132

should i be concerned if i have not received this email??

I came here immediately after opening my email (and without clicking on the link) and was sure there would be a thread about it! Nice to be able to get good information so quickly.

I have seen some nice exploits for a couple of browsers, that allowed the owner of a website to put some software on your pc and run it.
Those are not wide spread and I doubt they will be targeted against GW users (since they don't have our e-mail addresses and mass-mailing would trigger attention they don't want).

I do follow the news on these kind of topics, because I'm working in the financial world (and information security is part of my job) and we are more of a target than GW players.

But, online games are more and more financial attractive to bad people.
Recently read an article on stolen WoW accounts, just to sell the stuff on e-bay and other places.
That's hard cash for virtual stuff.
And I have seen enough e-bay topics here to know there is also an e-bay circuit around GW.

Also, your e-mail address is worth money.
Clicking a link, confirming it is a valid addres, makes your address worth more to spammers.
And the latter is what you do when you click the link in the mail.

I think I am probably more paranoid than most other users, but it's not as simple to state clicking links in e-mails is perfectly safe.

Even worse, it can get your email on a list of valid accounts for brute force attacks on your NCSoft master account, that shares the same password as your GuildWars account.

[QUOTE=seut]I think, i remember an ArenaNet official writing: "We will NEVER user your login email other than to send you a new password". (or was this email to NCSoft accounts only?)

QUOTE]

I seem to recall this too. I guess NEVER has ended.

Sigh.... I found a page on the official GW site about the newsletter
http://www.guildwars.com/support/newsletter/
and it looked like it was in latin which I thought was cool as I took five years of latin. Then I poked around and found this:

No. Everyone does not. Everyone should, and everyone should also have javascript support turned off in their email client (which is often a web browser), but they don't. So you can't rely on that. In fact, you can't rely on *anything* about the user-end.

This makes me a happy goat. If making people do a little tiny bit more work will protect them better from phishing, I'm all for it. It's ultimately less work for you too Gaile, since you won't have to explain to some angry group of GW players who had their accounts stolen that they should have moused-over the link in the email better.

I too was wondering if this was a phishing email as soon as I got it.

In a day and age when phishing emails are received constantly, a wise person would never click on any links from such emails even if they may be legit. Simply not worth the risk. I personally get phishing emails related to eBAY, Paypal, Bank of America and all other sorts of things several times per week; I bet that is typical for many email users.

Glad to see Anet now realizes this.

give me your account details and i'll make sure you get sent one


that is a joke by the way, dont send your details

Just got this as well...real or not it still gets deleted.

I'm with you on this. Even though we (supposedly) know this was sent by Anet, I don't want my account details kept in a seperate database for marketing purposes. That's pretty outrageous.

Even had I seen the link posted I still would have said "phishing". For one thing it has two URL's in it - that is usually something phishy going on trying to hide what is going on.

As to clicking links in e-mail - there are tons of things it can do. Javascript, Activex, and general security issues. All of them can access private data, install keyloggers, Viruses, and all sorts of things.

Essentially any attack that goes through websites can be gotten that way. Of course, just plain browsing is unlikely to ever hit these attacks, however following links from e-mail is quit likely to get you to one of those places. That is why most places send you instructions and have you do it from their main website.

If you really want to send a link because people are lazy (and I know what you mean - I also develop software and it is surprising both what people will and will not do) do like we do - at the end also include the link. That way people like me, who are pretty security conscious can do it the correct way and other people who do not care can still hit the link.

QFT.

Theres a lot of knowledgeable who play GW, but theres also a lot of people that just starting GW and putting in a user and pass is the extent of their knowledge. These peoples accounts are just as dear to them as to the guy who knows all about internet security.

You said about people being lazy not doing what is required to recieve your newsletter. Well if they are, they probably dont care to recieve it, will probably consider it "spam" and delete it anyway. If we can assume they will be too lazy to do it follow a few simple steps by reading that email, I think we can safely assume they will be too lazy to read anything else too.

Putting a few simple steps to follow is a much safer and smarter idea.

I got this email, laughed, and deleted it. I thought it was phishy. Coincidentally, I added that address to my "spam" list while I was laughing. I guess Ill consider taking it off now that I know it was official.

Its MY account! *hugs it tightly*

I thought something fishy was going on as soon as I read the beginning of the e-mail.

"Please take a moment to update your privacy settings for your Guild-wars account"...or something like that.

What the heck?! I ain't going to update any of my privacy settings through clicking on a link in an e-mail! I asked a friend if he also had got an e-mail like this, at which he replied he haven't. So I deleted it and only now when I've read this post I understand that it might have been legitimite.

However, since the e-mail is now deleted, what do I do if I want the newsletter anyway?

While I think it's cool that Anet will be publishing a newsletter, I very rarely click on any links in an e-mail even after checking the porperties. I've seen too many legitimate LOOKING e-mails from Amazon, Bank of America and so on to take any chances. I think that maybe sending an e-mail simply announcing it a long with an official announcment on the MAIN page of the GW site would have been sufficient.

I received this e-mail and we sceptical as well. But I also received it on the email used for my second account, which I just recently opened and that email doesn't have an junk coming yet. So I clicked and found they only wanted to know if I was interested in receiving their publications or whatever. The followup was a page in the GW format that made it obvious it was legit.

damn right,, I had JUST clicked the link before reading this thread..