So, how DO some of these phishers get your information?

Simple thread premise. The shady goons behind the scene who spend the majority of their time trying to phish for your GW information for the purposes of scamming, hijacking, or the likes.

How do they ever manage to get it?
Most would suggest simple things like, "Have you given your information to anyone?" (No.) "Have you used any mods like Texmod, downloaded from an unreliable source (with the potential for keylogging)?" (No.) "Have you ever used or posted your GW account e-mail on a, in retrospect, shady looking GW site, or anywhere other than GWG?" (No.) "Do you use the same e-mail for your GW account as your GWG account and allow GWG users the option to e-mail you?" (No.)

I'm answering no to all of these things because I was the subject and current victim of an account hijacking by a Taiwanese user of all things, and while I'm still in contact with support trying to retrieve my account, one thought continues to linger. How DID they get my account? Nevermind that, how do they confirm the changes when the confirmation email is sitting in your inbox and both your GW and email passwords are different? Furthermore, why is ANet's system so fault-ridden and the security flimsy?

If this is the wrong section then please, mods, feel free to move it, but I thought this was fairly suiting for general discussion.

Most of the time? You. You let them in.

Whether that is due to downloading bad things, or having poor security, or a completely open system.

Even when people say "I DIDN'T DO ANY OF THAT!" 90% of the time, they did and they know it.

Sorry but you downloaded something and probably got it hacked that way. They could have forced their way into your account but that would have been a TON harder to do and highly doubtful...

Yeah, you probably downloaded a keylogger..

Frankly - I still think it is bad security at NCSoft's end.

No proof - I'm just suspicious of any big company that assures it's customers that it's security it air tight and invulnerable.

Bottom line is, if they get your password, it's game over. Bad luck. Finished.

And what more protection can anet really give? A 2nd password? Come on. There's nothing wrong on their side. Though what does probably happen is some disgruntled employee sells account info to botters and such for a price.

well you could have 10 billion passwords for one account but then log in would be hard.

Well I could tell you exactly how it works and give you the steps to make your own phisher... But I might get in trouble

Although it IS fun going into a thousand peoples myspaces and changing all their stuff ^_^

But account info is stolen mainly in two ways:

1. Submitting your info on a fake website with a similar looking URL.

2. Downloading programs.

warm me up some chicken.

Them: "[name] is quitting! PM him for free ectos!"

You: "I want free ectos!" /pm

Your PM: "Hey, give me free ectos!"

Their reply: "[name] is quitting! PM him for free ectos!"

Your 2nd PM: "WTF?"

Them1: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
Them2: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
Them54: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"

You: "Oh shit."

don't answer any unnecessary and suspicious questions on the forum? every time people ask this sort of question, i automatically think they are trying to find a way around all the usual thing/scamp you know like collecting data to make a even more good way to phis lol

Specifically for Guild Wars or utilities for other applications? If only for GW, no, never.
Sygate Personal Firewall Pro
Mine is the only account on this computer, as it is my computer, and it was always password protected. If that was what you implied. Otherwise, I always have Sygate running and have a daily NOD32 scan at 4 am which I am sure would indicate any nasties.
Nope, didn't download anything (again, only for GW). Of course, the utilities I download for other games are always open source and if not, administrators of said boards inspect every file for any nasties before giving it the go-ahead to download for the users. What perplexed me is that they only requested a change in email and somehow verified it on my email account. Both my GW and email had separate passwords, and secure ones at that.
Included in a Guild Wars mod? Impossible. For a completely different game? Highly unlikely, in reference to what I just mentioned to I pwnd U.
Never did either (Again, 3rd party application downloads, I expect you only mean for GW.)
lol.
Not only do I never see this, I would never answer their ridiculous call anyways.
I have no motive to do such a thing, I rarely play the game as it is. I just wanted my account back out of availability to play the game should my interest ever be sparked again.

In any event, all the things I expected to be mentioned were mentioned, and as I expect, I had a big old "no" to go with every one of them. This is where my confusion lies. Regardless, ANet did reset my account information for me and I have my account back, I'm still wondering how it happened. As much as I know I'll never be certain about it, there has to be something that someone will bring up that I can actually amount to a "yes" with.

Don't trust antiviruses that much!

first, it takes time to identify virus, analyze it and add it to detection database and for you to update software. It can take hours/days during which you are vulnurelalble.

seccond, rare "nasties" - i.e. keylogger which was made to target GW and is only on dozen of computers worldwide - might never be discovered because they are simply under radar.

there is more, but point is that you can only trust your AV to protect you from past threats that are no longer really dangerous.

Simple. They could add a 4 digit security pin like Maple Story uses. You enter the pin by clicking in the four digits on a randomised virtual keyboard, so keyloggers are completely hopeless and unable to detect your pin.

I wish that all MMOs could have a pin like Maple Story does.

It is possible that you were the direct target of malicious and evil ninja hackers.

However Occam's Razor tends to disagree.

The chance of being the direct target of a malicious hacker (especially since you are a security expert and all) is so infinitesimally small that you should go out and buy a lottery ticket. Not two of them. You only need one.

However to play devils advocate: Do you brag about being the richest person in Guild Wars? Do you cycle through all your permatonics? Do you randomly show random people 8 stacks of armbraces? Do you wander around town with a panda and raincaller and assasin and...

You must have done something that got the attention of the evil ninja hackers. They don't come out into the light for 20g and a purple broadsword...

i saw a vid by whitesword on youtube about him almost giving all his WoW(I know that WoW isn't gw but he makes funny vids(i think WoW sucks btw)) details to someone over an email that said somethig like YOUR WOW ACCOUNT WILL BE REMOVED UNLESS IMMEDIATE ACION IS TAKEN + he thought that the fact that he'd bought gold a while back was finally catching up with him. so he filled out his details, then glanced down at the URL and realised that it wasn't a real WoW website. if he'd sent it off he could have lost his account so BEWARE EMAILS LIKE THAT & ALWAYS CHECK THE URL! did you reply to an email like that?? 0.0

Don't be foolish! Purple broadswords are the leet weps of Ninja PKing Hackers of doom!

On topic: I'm sorry your account was hacked... I'm sure no one enjoys having all their stuff rifled through by some random person. I hope you get it back! At least NCSoft seems vaguely concerned about it.

This is why I'm hesitant about downloading textmod... I need it to complete cartographer, but when I read threads like this...

[/QUOTE] This is why I'm hesitant about downloading textmod... I need it to complete cartographer, but when I read threads like this...[/QUOTE]

I concur. 0,6% left for GMC; scrape, scrape scrape. Better safe than sorry. Besides nothing beats the feeling of acomplishing something the way it was meant to be.

Well, as long as you download it from a legitimate site, there really shouldn't be a problem.

i use texmod: no problems
finished almost all 3 continents without problems
i got an avast! free edition running and i got no problems with it
and i avoid any suspicious pm's