I got this message just recently.
"Dear, trcvrs!
A virus alert was noticed on your computer.
We highly recommend you to check your computer and perform online virus check at our site immediately: http://*****.com
----------------------------------------------------
Sincerely, Forum Administration www.guildwarsguru.org. "
Phishing/scamming by GWG notifications
AtomicMew
maxxfury
had the exact same message on gwo yesterday, ofc replacing who the management was :P
was from a new account with zero post count. obvious lol.
So it seems they are targeting more than one forum.
was from a new account with zero post count. obvious lol.
So it seems they are targeting more than one forum.
Bob Slydell
That must be the database thing that was hacked a little bit back.
I also noticed, guildwarsguru[DOT]org? I didn't know .org could even work. I inspected it (since im on OS X, no windows based keyloggers, no harm to GW over on windows) It works n' shit... just...weird.
Weird in the fact that, changing it to .org reveals the same page, but with a logged off user, that dosen't make sense.
Guru, please look into this NOW. Both of these were taken at the same time, on both ".extensions" for the website. If it was the same site, it would keep Me logged on, not off.
I also noticed, guildwarsguru[DOT]org? I didn't know .org could even work. I inspected it (since im on OS X, no windows based keyloggers, no harm to GW over on windows) It works n' shit... just...weird.
Weird in the fact that, changing it to .org reveals the same page, but with a logged off user, that dosen't make sense.
Guru, please look into this NOW. Both of these were taken at the same time, on both ".extensions" for the website. If it was the same site, it would keep Me logged on, not off.
Odinius
...so that you log in with your info and they got your pass
karlik
If I ping the .com and the .org address they both come back with the same IP address.
Also whois comes back with the same basic info for both addresses.
The problem is, while the link in the actual email may appear to go to the .org address, it may actually be taking you to a totally different address. A copy/paste of the text into this forum will only show the text that was copied and not any the actual link associated in the email. I don't think I'd log in to guru at that link.
My personal guess? I think this is the result of the attack on guru - they got your email address. The real threat is the "online virus check link". That's the one that'll install a key logger and/or some other nasty.
I checked the email I used here at guru and I don't have this yet.
Also whois comes back with the same basic info for both addresses.
The problem is, while the link in the actual email may appear to go to the .org address, it may actually be taking you to a totally different address. A copy/paste of the text into this forum will only show the text that was copied and not any the actual link associated in the email. I don't think I'd log in to guru at that link.
My personal guess? I think this is the result of the attack on guru - they got your email address. The real threat is the "online virus check link". That's the one that'll install a key logger and/or some other nasty.
I checked the email I used here at guru and I don't have this yet.
JR
Just to be clear, this was sent via email, not a private message on the forum?
Assuming email: It's quite possible that these are related to the recent compromise of our database. Again, I'd advise everyone to check out this guide to avoid phishing emails. I'll confer with Inde, but I'm not sure there's much we can do to prevent this happening, other than urging members to be vigilant.
What address was the email sent from?
Assuming email: It's quite possible that these are related to the recent compromise of our database. Again, I'd advise everyone to check out this guide to avoid phishing emails. I'll confer with Inde, but I'm not sure there's much we can do to prevent this happening, other than urging members to be vigilant.
What address was the email sent from?
AtomicMew
Quote:
Originally Posted by JR
Just to be clear, this was sent via email, not a private message on the forum?
Assuming email: It's quite possible that these are related to the recent compromise of our database. Again, I'd advise everyone to check out this guide to avoid phishing emails. I'll confer with Inde, but I'm not sure there's much we can do to prevent this happening, other than urging members to be vigilant.
What address was the email sent from? No, it was sent by private messages, not by e-mail.
Assuming email: It's quite possible that these are related to the recent compromise of our database. Again, I'd advise everyone to check out this guide to avoid phishing emails. I'll confer with Inde, but I'm not sure there's much we can do to prevent this happening, other than urging members to be vigilant.
What address was the email sent from? No, it was sent by private messages, not by e-mail.
JR
Could you please PM me the username of the person who sent the PM?
I believe they need a taste of my banhammer.
I believe they need a taste of my banhammer.
Smarty
Because the admins of guru can tell just by your browsing the forums that you have a virus on your computer! Man you guys are leet.
Faer
Quote:
Originally Posted by Smarty
Because the admins of guru can tell just by your browsing the forums that you have a virus on your computer! Man you guys are leet.
To be fair, a lot of Guru users do get viruses quite often, so it'd be a safe assumption to make.
To be fair, a lot of Guru users do get viruses quite often, so it'd be a safe assumption to make.
Glaed
I'm probably just paranoid, but though I should get it out there just in case it's not paranoia...
I received a private message on this board from someone saying, "Hey, I'm new here, what's up?" then had some quote and a link to a website. I checked their profile and they have never posted, but they are not new here, they have been registered since 2008.
Anyone else getting this? Or is it just a person trying to reach out? Funny thing is I'm not a regular poster, I'm more of a lurker.
I received a private message on this board from someone saying, "Hey, I'm new here, what's up?" then had some quote and a link to a website. I checked their profile and they have never posted, but they are not new here, they have been registered since 2008.
Anyone else getting this? Or is it just a person trying to reach out? Funny thing is I'm not a regular poster, I'm more of a lurker.
tmakinen
If it sounds like a phish ... in my opinion, you should contact an admin right away.
Xntryk1
I got that message too. Nuff said. I didn't respond.
Kattar
Any time you get a message you're unsure about, forward it to the admins. One of them will take a look at it. We try to stay on top of stuff like this, but when it comes to pm's we have to rely on the affected users to give us a heads up.
Thanks.
Thanks.
Age
Yeah.I got phishy.
JR
Age
No.I got in the form of an e-mail not a pm.