-= PHISHING WARNING - Please Read =-

Inde

Site Contributor

Join Date: Dec 2004

29 Dec 2007 at 22:55 - 1
Just as a heads up and warning, our friends at guildwars.incgamers.com have PM spammers who are phishing for username and passwords. The contents of the PM hold a link that looks as if they go to a thread on the site (same look, etc.) and then ask you to log in with your username and password. The URL will be incorrect. Please report any such PM's if you receive them immediately here on Guru.

Tips:
  • Always verify the URL of where a link is directing you. EVEN IF IT COMES FROM SOMEONE YOU KNOW.
  • If you are on a login page, even if it looks like Guru, please AGAIN verify that you are on this site.
  • Please do not use the same forum password as your GW login password.

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

29 Dec 2007 at 23:06 - 2
Clearly, it seems GW script kiddies have mastered the fine art of copying page source. Terrible danger, indeed.

On a serious note, please watch for these types of PMs folks, especially if your GWG/GWO password(s) are the same as your game account password (which isn't a good idea in the first place ).

Sir Seifus Halbred

Sir Seifus Halbred

Wilds Pathfinder

Join Date: Oct 2006

29 Dec 2007 at 23:12 - 3
Thanks for the heads up, who was doing this? Have they been banned yet?

Arkantos

Arkantos

The Greatest

Join Date: Feb 2006

W/

29 Dec 2007 at 23:16 - 4
Thanks for the heads up, Inde.

Inde

Site Contributor

Join Date: Dec 2004

29 Dec 2007 at 23:19 - 5
Well, it's a matter of getting compromised accounts password's changed really. If your friend "Joe" were to unknowingly click on the link and log in to see the thread then they would have his account information. There's no bells-and-whistles that go off alerting you that your account information is now in the hands of someone else. So you go about your day never being the wiser.

The phisher can then log into your friend "Joe's" forum account and send out another round of phishing PM's, even to you. Recognizing it's from a friend you could click on that link and fall for it yourself. Vicious cycle. So knowing who originally started it, and who's accounts are compromised is the real battle.

fRag_Doll

fRag_Doll

Lion's Arch Merchant

Join Date: Apr 2006

Australia

Prid of Ankh Morpork [Prid]

W/E

29 Dec 2007 at 23:22 - 6
Quote:
Originally Posted by Sir Seifus Halbred
Thanks for the heads up, who was doing this? Have they been banned yet?
There's no way to know who it is untill someone recognises a phishing attempt and reports it to Inde or a forum moderator.

Bowstring Badass

Bowstring Badass

Forge Runner

Join Date: Nov 2005

Character selection screen figuring what I want to play...

Purple Lingerie - :D

29 Dec 2007 at 23:24 - 7
Quote:
Originally Posted by fRag_Doll
There's no way to know who it is untill someone recognises a phishing attempt and reports it to Inde or a forum moderator.
qft.

/12 chars

Redfeather1975

Redfeather1975

Forge Runner

Join Date: Sep 2006

Apartment#306

Rhedd Asylum

Me/

29 Dec 2007 at 23:31 - 8
The PMs will come from legitimate accounts that unfortunately fell for the trick.

It starts with 'hey' and ends with 'hope to hear from you'.
Just for fun I did a whois thing on the site, but I have no idea how to use that.

Diddy bow

Diddy bow

Furnace Stoker

Join Date: Oct 2006

Jawsome!!!!!!!!!!!

looking for one :p

A/D

29 Dec 2007 at 23:34 - 9
Thanks for letting us know ^^.

Yanman.be

Yanman.be

Banned

Join Date: Dec 2005

Belgium

[ROSE]

A/

29 Dec 2007 at 23:35 - 10
Damn I get shitloads of pms each day..better watch out then...

You'd be surprised how many forum accounts use the same e-mail and same pw for GW as well.

Tamuril elansar

Tamuril elansar

Wilds Pathfinder

Join Date: Jul 2007

N/

29 Dec 2007 at 23:40 - 11
whoever does this must have nothing better to do.

Marty Silverblade

Marty Silverblade

Administrator

Join Date: Jun 2006

29 Dec 2007 at 23:43 - 12
Quote:
Originally Posted by Tamuril elansar
whoever does this must have nothing better to do.
Actually, in the chance that someone uses the same password/login for both Guru and GW, there is a potential for the scammer to get thousands of plat worth of stuff.

Btw, thanks for the warning.

Fril Estelin

Fril Estelin

So Serious...

Join Date: Jan 2007

London

Nerfs Are [WHAK]

E/

29 Dec 2007 at 23:45 - 13
GJ Inde. This message should be stickied to the top of ALL forums on GWG. People that do not read Riverside may miss this. Furthermore, you may want to indicate who the information should be forwarded to, just to make it clearer.

To all GWGers: manage your password using solid and robust Password Managers (such as Password Safe for example). Your personal security depends on the strength, the variety and the frequency of change of your passwords. Also of interest, an old but still relevant article from the antivirus creators Sophos:
http://www.sophos.com/pressoffice/ne...ordadvice.html
Advices by Microsoft:
http://www.microsoft.com/protect/you...rd/create.mspx

DarkGanni

DarkGanni

Forge Runner

Join Date: Mar 2006

Malta

[CuTe]

E/

29 Dec 2007 at 23:50 - 14
Thanks, will watch out for these ratbags

Arkantos

Arkantos

The Greatest

Join Date: Feb 2006

W/

29 Dec 2007 at 23:59 - 15
I'd like to add that if you get a PM, make sure to contact an admin. If no admin is on, contact a super moderator. If no super is on, contact a moderator.

Lady S Shiva

Lady S Shiva

Desert Nomad

Join Date: Dec 2005

CA

LOD???

W/Mo

30 Dec 2007 at 00:02 - 16
received some msg about winning real cash by playing gw games, blocked him right the way, just be careful out there, guys.

Fril Estelin

Fril Estelin

So Serious...

Join Date: Jan 2007

London

Nerfs Are [WHAK]

E/

30 Dec 2007 at 00:02 - 17
Quote:
Originally Posted by Arkantos
I'd like to add that if you get a PM, make sure to contact an admin. If no admin is on, contact a super moderator. If no super is on, contact a moderator.
And the list is here I believe:
http://www.guildwarsguru.com/forum/showgroups.php

HayesA

Krytan Explorer

Join Date: Sep 2006

Pennsylvania

E/

30 Dec 2007 at 00:05 - 18
Here's a pretty safe bet.

If someone, and I mean anyone, asks for a name/pass it's a phising attempt. As to my understanding, the only information Anet will EVER ask from you is a account name.

So, best bet? don't give it out.

Bryant Again

Bryant Again

Hall Hero

Join Date: Feb 2006

30 Dec 2007 at 00:39 - 19
So we're getting keyloggers now?

/sigh. At least it's a sign that we're getting popular, I guess.

fRag_Doll

fRag_Doll

Lion's Arch Merchant

Join Date: Apr 2006

Australia

Prid of Ankh Morpork [Prid]

W/E

30 Dec 2007 at 00:46 - 20
Quote:
Originally Posted by HayesA
Here's a pretty safe bet.

If someone, and I mean anyone, asks for a name/pass it's a phising attempt. As to my understanding, the only information Anet will EVER ask from you is a account name.

So, best bet? don't give it out.
Quote:
Originally Posted by Bryant Again
So we're getting keyloggers now?

/sigh. At least it's a sign that we're getting popular, I guess.
The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.

Bryant Again

Bryant Again

Hall Hero

Join Date: Feb 2006

30 Dec 2007 at 00:48 - 21
Quote:
Originally Posted by fRag_Doll
The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.
At least the same rule applies: Trust your links!

Thankfully, all my passwords are different due to the fact that I bash my face against the keyboard to generate my passwords.

Roo Ella

Roo Ella

Krytan Explorer

Join Date: Jun 2007

Australia

Oz

E/R

30 Dec 2007 at 01:00 - 22
Thanks for the heads up will keep an eye out.
But who is dumb enough to use the same logging info here for GW your only asking for trouble
if you do that.
Play safe.

Malice Black

Site Legend

Join Date: Oct 2005

30 Dec 2007 at 01:02 - 23
I do! I do!

Steal it..don't care lol I have 3 accounts last time I checked. GW accounts are cheaper then a girl at the local cattle market.

Stormlord Alex

Stormlord Alex

Grotto Attendant

Join Date: Dec 2005

Beyond the Forest of Doom, past the Cavern of Agony... on Kitten & Puppy Island

Soul of Melandru [sOm]

W/E

30 Dec 2007 at 01:08 - 24
Quote:
Originally Posted by Malice Black
Steal it..don't care lol I have 3 accounts last time I checked. GW accounts are cheaper then a girl at the local cattle market.
I'm lonely.
Where do you live?

ensoriki

ensoriki

Forge Runner

Join Date: Aug 2006

Canada bro.

A/D

30 Dec 2007 at 01:35 - 25
They can phish all they want.

Im an endangered species....and you cant phish endangered species =P


Anyways TY for the heads up

Eviance

Eviance

Desert Nomad

Join Date: Nov 2005

Eh I forget... o_O

Biscuit of Dewm [MEEP]

R/

30 Dec 2007 at 01:37 - 26
Yeah Indie our board was hit by some script kiddies about a month ago if even that. Our board was crashed for several hours till Red found the script error. I was highly pissed!

The fact of the matter is, you can BAN them all you want but if they are true script kiddies then they have an IP router, meaning that they will just pop up on different IPs over and over doing the same crap. Just be careful about having too much info in your profiles and such as well.

Bowstring Badass

Bowstring Badass

Forge Runner

Join Date: Nov 2005

Character selection screen figuring what I want to play...

Purple Lingerie - :D

30 Dec 2007 at 01:46 - 27
Quote:
Originally Posted by Stormlord Alex
I'm lonely.
Where do you live?
off topic much? lol

acerbity

Frost Gate Guardian

Join Date: Nov 2007

30 Dec 2007 at 04:13 - 28
Quote:
Originally Posted by Eviance
Yeah Indie our board was hit by some script kiddies about a month ago if even that. Our board was crashed for several hours till Red found the script error. I was highly pissed!

The fact of the matter is, you can BAN them all you want but if they are true script kiddies then they have an IP router, meaning that they will just pop up on different IPs over and over doing the same crap. Just be careful about having too much info in your profiles and such as well.
if you're smart you can stop that
google is your friend

ThunderStruck

Krytan Explorer

Join Date: Feb 2006

The Arctic Marauders [TAM]

30 Dec 2007 at 04:42 - 29
Thanks a bunch for the tip!

jaeharys targaryen

Wilds Pathfinder

Join Date: Oct 2006

USA

Picnic Pioneers[asian characters]

E/Mo

30 Dec 2007 at 05:16 - 30
Quote:
Clearly, it seems GW script kiddies have mastered the fine art of copying page source. Terrible danger, indeed.
possibly the best post ever on this forum. ever.



but in all seriousness... why didnt i think of this?

chowmein69

Forge Runner

Join Date: Jan 2007

30 Dec 2007 at 05:18 - 31
thanks for letting us know Inde

jaeharys targaryen

Wilds Pathfinder

Join Date: Oct 2006

USA

Picnic Pioneers[asian characters]

E/Mo

30 Dec 2007 at 05:20 - 32
Quote:
Originally Posted by fRag_Doll
The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.
a.k.a. a keylogger, but not in the highly inacurate sense portrayed by the media.

you dupe a page(i.e. copy paste), and you embed your own script that sends the nice cleartext password to a hard drive somewhere.
host guiidwarsguru.com or soemthing like that... and voila!

its really possibly the most simple scam ever.

Neo Nugget

Neo Nugget

Site Contributor

Join Date: Jan 2006

R/

30 Dec 2007 at 05:24 - 33
Thanks for the tip Inde

HayesA

Krytan Explorer

Join Date: Sep 2006

Pennsylvania

E/

30 Dec 2007 at 05:28 - 34
Quote:
Originally Posted by fRag_Doll
The scam is actually a link to a fake login page for the forums, which records your username and password.
It's based on the fact that many people use the same info for their forum and game accounts.
Still tho, what a LOL idea. Same passwords. I use many different password layers. 2 for forums, and minor sites. 2 layers for business sites like newegg/GWs, 2 layers for high-risk sites like paypal/ebay/bank etc. All ranging from mid-high, to high-extreme-wtf-high-i-cant-remember-my-effing-password

jaeharys targaryen

Wilds Pathfinder

Join Date: Oct 2006

USA

Picnic Pioneers[asian characters]

E/Mo

30 Dec 2007 at 05:46 - 35
Quote:
Originally Posted by HayesA
Still tho, what a LOL idea. Same passwords. I use many different password layers. 2 for forums, and minor sites. 2 layers for business sites like newegg/GWs, 2 layers for high-risk sites like paypal/ebay/bank etc. All ranging from mid-high, to high-extreme-wtf-high-i-cant-remember-my-effing-password
that whole password strength thing is something to not get totally bought into. alpha-numeric passwords with one symbol:

1example!


are (depending on how many keyboard symbols are allowed) 46(or more) to the power of the password length

46^(1example!=9 characters)=
922190162669056 possibilities

dont go crazy, just remember examples like that show how damn near impossible it is to lose an account to things like brute force password cracking.

Fril Estelin

Fril Estelin

So Serious...

Join Date: Jan 2007

London

Nerfs Are [WHAK]

E/

30 Dec 2007 at 10:22 - 36
Quote:
Originally Posted by jaeharys targaryen
dont go crazy, just remember examples like that show how damn near impossible it is to lose an account to things like brute force password cracking.
The art of brute force attack escapes you it seems. It's not about stupidly trying all possibilities, but "tree pruning", i.e. guiding the exhaustive exploration of the password space. Even if you don't use for your GW account the same password as for GWG, a cracker will use the second to guess the first. Anyway, don't think that "l33t ub3r" is a good password .

And don't forget to run an antivirus, a firewall (out if possible) and update your windows every month. Security is a harsh matter, you only learn how bad it can be when you lose something worth. (and if you're rich like Malice Black, give me your money! )

fenix

fenix

Major-General Awesome

Join Date: Aug 2005

Aussie Trolling Crew HQ - Event Organiser and IRC Tiger

Ex Talionis [Law], Trinity of the Ascended [ToA] ????????????????&#

W/

30 Dec 2007 at 12:18 - 37
I feel sorry for people who fall for phishing. It's always so obviously fake. Guru is never going to ask you for your details, hell, they're never gonna ask you to go to a link. And if they were, they'd use a Global Announcement, like the current Phishing one. If you fall for this, you should have Internet lessons...

Squishy ftw

Squishy ftw

Desert Nomad

Join Date: Aug 2007

Your backline

W/

30 Dec 2007 at 12:23 - 38
Thanks for the warning.

Hobbs

Hobbs

Desert Nomad

Join Date: May 2006

Organised Spam [OS]

W/

30 Dec 2007 at 13:33 - 39
Quote:
Originally Posted by fenix
Guru is never going to ask you for your details
Err...I have to give Guru my username and password everytime I login....which from what I understand is how this website works, it looks like guru, you try to login to in and bam your password is whisked away to someones hard drive.

jaeharys targaryen

Wilds Pathfinder

Join Date: Oct 2006

USA

Picnic Pioneers[asian characters]

E/Mo

30 Dec 2007 at 15:12 - 40
Quote:
Originally Posted by fenix
I feel sorry for people who fall for phishing. It's always so obviously fake. Guru is never going to ask you for your details, hell, they're never gonna ask you to go to a link. And if they were, they'd use a Global Announcement, like the current Phishing one. If you fall for this, you should have Internet lessons...

you miss the point of this totally. guru has already asked you for your details when you registered. i'll quote myself:


Quote:
a.k.a. a keylogger, but not in the highly inacurate sense portrayed by the media.

you dupe a page(i.e. copy paste), and you embed your own script that sends the nice cleartext password to a hard drive somewhere.

host guiidwarsguru.com or soemthing like that... and voila!

its really possibly the most simple scam ever.
it looks the same. and judging from the content of your post, you'll be the first to fall for it.