Getting spooky email from "NCSoft?" Don't get phished! (Info & Security Guide)

Sierraa

Sierraa

Supastar~ ???

Join Date: May 2006

USA [GMT -7]

Sierraas Asian Harem [love]

Me/

Update: 1/20/2010

Quote:
Originally Posted by Regina Buenaobra View Post
NCsoft has published a message from our Game Surveillance Unit today, regarding account security. For the full message, please go to the NCsoft web site.


The uproar of compromised accounts both here on Guru, and on Wiki has long been an issue. Everyone always has a different answer or problem with various phishing attempts. We hope this answers any security questions you may have, as well as the legitimacy of URL's or websites. Original source of information, as well as inspiration for this thread with permission from the lovely Knite over at AionSource.

___________________________________

What is "Phishing"?

"In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication." - Wikipedia

To put it in simpler terms, phishing sites deliberately make very legit-looking addresses to provide the illusion that you're visiting the official site at first glance. They lure you into submitting delicate information with the intention to steal it. It is important that you ALWAYS check the URL of the site before submitting any information. The address bar is the only 100% way of detecting a phishing site.


Above is the ONLY legitmate NCSoft URL that you should ever put your information in. If the URL begins with something other than "https://secure.ncsoft.com/" then it's a phishing scam and entering your information could mean losing your account.

___________________________________

I received an email, is it offical?

Another popular way of phishing is emails that look official. They ask you to input your information for a various reasons, one is example would be an email asking you to verify your account. Most generally these emails will be filled with grammatical and spelling mistakes which is an easy way to spot a phishing email. You can use the 100% true method above (Checking the url) by hovering over the link in the email. If it's not what it should be, DO NOT CLICK ON IT and forward it to support.

Why do I have to hover? It says "secure.ncsoft.com"

Links can be formatted with any sort of text. For example: http://secure.ncsoft.com.

One more link related point to keep in mind; Reputable games companies will never use URL shortening services (such as bit.ly, tr.im, etc) in official email communication. If you receive an email asking you to click on a shortened URL it is almost certainly a phishing attempt.

If for some reason you've clicked on the link or gave them your account information, please contact support ASAP or attempt to change your password. Your account is at a high risk of being compromised.

REMEMBER: NCsoft employees will NEVER ask you for your password while trying to help you. NEVER give out your account information to ANYONE

The example in the image below shows the url to be "seouer-ncsoft.com" which is NOT a legitimate NCSoft site.


(Thank you Knite from AionSource for this <3)

What about this survey?

Offical NCSoft Support Answer

Quote:
If you submit a support request, you may receive an e-mail asking you to fill out a survey. The survey asks you to provide feedback regarding how your issue was handled.

Be sure to only include information related to your support experience. The survey will not ask you for your account or personal information.

IMPORTANT: Our support teams will never ask you for your password, and you should never provide it to anyone. If you receive any e-mail requesting your account passwords, you can be sure that it is not from NCsoft Support.

The above image is a legitimate survey, the email is apart of NCSoft support and none of the links ask you for any account information. When in doubt, simply forward the email to support or delete it.

Another safe way to check is to log in from the secure site, navigate to the page you need from a known and trusted website rather than using links from an email or an unfamiliar website.

Quote:
Originally Posted by Martin Kerstein View Post
I just checked with the Support department, and yes, it is a legitimate survey.
___________________________________

What else can I do to protect myself?

Gaile's Account Security FAQ covers most of the basics.
  • Do not buy gold or items from an RMT. (Real Money Trader)
  • Never sell anything for real money
    Includes game accounts, access keys (game, buddy, trial), gold, or items
  • Do not trade game accounts or access keys (game, buddy, trial) for in-game payment.
  • Do not share your game account.
  • Never buy a used account.
  • Use a unique user name and a unique, complex password for Guild Wars.
  • Do not use third-party programs
  • Keep your email secure.


Other ways to keep your information secure is to keep your computer secure:
  • Install an antivirus and keep it updated. (Avast! Home Edition & AVG)
    You can read about various other free antivirus here.
  • Scan your computer regularly.
  • Keep your operating system updated.
  • Never ever download anything from any site you're not 100% sure about.
    This goes for toolbars and software that ad's ask you to install to view their content.

No single antivirus is going to be enough to protect your computer. Consider installing additional security software such as SpywareBlaster, Malwarebytes Anti-Malware, SUPERAntiSpyware, and Spybot S&D. These are all available in Tarun's Anti-malware kit. Each of those programs, along with a good anti-virus will give you protection from different trojans/wurms/viruses, and using them all together will give you a much better chance of staying free of malicious software than just using one or two.

___________________________________

Helpful Links/Threads:

If you've clicked on a phishing email or your account has been compromised:
Submit a support ticket to NCsoft
Read this thread Hacked Fraud & Account Security
Read Gaile's Wiki

For more information on security:
Fril's guide to security
Tarun's Anti-malware kit
Play Smart information & Help