I'm sad to say that guildwarsguru has either sold or lost positive control of their user data base. The very sad part is that it wasn't spam email, it was phishing for my non-existent runescape account. I'm informing the community so as to be aware of possible account thefts or other scams.
I track all of my email address that I give out. In this case [email protected] (mydomain.com is not the real domain name I use). This address was set to forward to my gmail account (again not my real gmail address being shown). Full headers below.
Code:
Delivered-To: Guildwars Guru - Sold / Lost my Email Address to Phishiers
sre
[email protected]
Received: by 10.204.226.70 with SMTP id iv6csp1577bkb;
Tue, 12 Mar 2013 19:45:13 -0700 (PDT)
X-Received: by 10.68.195.70 with SMTP id ic6mr41738777pbc.60.1363142712738;
Tue, 12 Mar 2013 19:45:12 -0700 (PDT)
Return-Path: <[email protected]>
Received: from p3plsmtp12-06.prod.phx3.secureserver.net (p3plsmtp12-06.prod.phx3.secureserver.net. [173.201.192.63])
by mx.google.com with ESMTP id tx10si32836315pbc.182.2013.03.12.19.45.11;
Tue, 12 Mar 2013 19:45:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 173.201.192.63 as permitted sender) client-ip=173.201.192.63;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 173.201.192.63 as permitted sender) [email protected]rver.net;
dkim=pass [email protected]
Received: (qmail 21342 invoked from network); 13 Mar 2013 02:45:11 -0000
Delivered-To: [email protected]
Received: (qmail 21339 invoked by uid 30297); 13 Mar 2013 02:45:11 -0000
Received: from unknown (HELO p3pismtp01-074.prod.phx3.secureserver.net) ([72.167.238.104])
(envelope-sender <[email protected]>)
by p3plsmtp12-06.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for <[email protected]>; 13 Mar 2013 02:45:11 -0000
Received: from nm24-vm2.bullet.mail.sg3.yahoo.com ([106.10.151.81])
by p3pismtp01-074.prod.phx3.secureserver.net with SMTP; 12 Mar 2013 19:45:09 -0700
Received: from [106.10.166.124] by nm24.bullet.mail.sg3.yahoo.com with NNFMP; 12 Mar 2013 21:42:48 -0000
Received: from [106.10.167.176] by tm13.bullet.mail.sg3.yahoo.com with NNFMP; 12 Mar 2013 21:42:48 -0000
Received: from [127.0.0.1] by smtp149.mail.sg3.yahoo.com with NNFMP; 12 Mar 2013 21:42:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1363124568; bh=5YpYi0iiWoLTClwbk4o++kFr+IzUZU71vS4cbTwO7DY=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:From:To:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE; b=Js3xTKefvlNsc5A1nVBiSig9xZz+95DoXDEag9FUWQsux1Nza06oWQZxlMVJ28Kl5EKkQguBaUsUqxi79h+dDwgZXKKF6wpbiwoqvEZmddgGYjYgKwLw5U0ADeo2SVNd9Osn1jGiQbfQdVD+y6Q8wgEul3iT2wkQBL98dbhzyXI=
X-Yahoo-Newman-Id: [email protected]
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: gksPRIYVM1kSfgdlE8BjVEr0r.Arl1YMWmQ8YDCAqBILzvp
OslbnZ4G1C4JVtl7AsPbxXUBLw._Bz9.0lbVwH3FqGK_DwgOVN5yAtSf5YhL
i_uerKbn1M.4pruE3Yn1tWHPSdxkFYPN6213AUq1sYPKdE7GYXNLTT463fa0
xtU4D8NEUA0MYTJUAvCJbZuJAD.OAEeKd1LBh8yBhBLl0SKGFFs_zEZPXZPC
.DSEHKEMZSfpHi6evGxFIkbhSR45uJ0R2NkXQ0fQ5IZA5ou_hSpTuNdtTCVy
6.Eo4l5yAChdDnWwCi7SmQ5HFjFJGHdRdRBY2UC6820zwK9JAjnSbBAwyTTs
_gaobydDbBkwukg3Je8bl.5sFYU0ISPimJ4Jf2Z_NrYupx2XgJj1N6M0bP72
mhw3sZJltZvhhGXndk8rJAe4awpi4k.ElJPxrwo5xwOMc2sLQhwc6iJCeHMU
.i5I2siyRyRQZnto7bjnS0YjZVeErMazB6kbTXtyHhIEnQHWKWFYy3jXSbcw
o97pCbtzVA_vg8mS2Lri9QYIBnJA21UY_COIveoKCLUT8YR0sTJHTZJcAhmc
TpBiM3og.svjwaDDLLz8d1ujXDD8aLCrEHX7r8o0vRMXK8LdbA0S4Qa1WtZx
wco6yFm0PmIs8WblZBCp3C0wI79NwKahPtkwozLYo3tf0qcTRGA--
X-Yahoo-SMTP: 1xt760qswBCVMXTol_7ZRF8ZOuXieZOljMXN7P4-
Received: from ulofyb ([email protected] with login)
by smtp149.mail.sg3.yahoo.com with SMTP; 12 Mar 2013 14:42:48 -0700 PDT
Message-ID: <[email protected]>
From: "RuneScape" <[email protected]>
To: <[email protected]>
Subject: RuneScape Account-Notice
Date: Wed, 13 Mar 2013 05:42:56 +0800
MIME-Version: 1.0
pkodyssey
This is very discouraging to hear. Thanks for posting.
cosyfiep
ANYone can get phished....yahoo accounts are notorious for that. my last old email account got it A LOT (I had to get rid of it since the domain dsl provider would do nothing about the 'failure' notices that I was getting--in excess of 10,000k a DAY).
ANYONE can use your email addy and send stuff to people pretending to be you. So it may not be guru's issue at all. Though I would suggest contacting Kvinna about this as she is the only admin for this site (gw2 has more).
ANYONE can use your email addy and send stuff to people pretending to be you. So it may not be guru's issue at all. Though I would suggest contacting Kvinna about this as she is the only admin for this site (gw2 has more).
sre
Cosyfiep,
From your comments, it is clear I failed to clearly explain myself. I created a unique email address for my account here at Guildwars Guru (GWG). (I create unique email addressed for each website I create an account on.) The reason I do this is twofold: 1) I can track who has lost/sold my email address and 2) delete the offending email address so I don't get spammed.
What happened here is my unique email address for GWG, which I never shared or use anywhere else except here on GWG, received a phishing email. As you can see I hide my unique GWG email address so supposedly no one can email me except through GWG mail system.
Hope that clears this up for everyone.
Quote:
Originally Posted by cosyfiep
From your comments, it is clear I failed to clearly explain myself. I created a unique email address for my account here at Guildwars Guru (GWG). (I create unique email addressed for each website I create an account on.) The reason I do this is twofold: 1) I can track who has lost/sold my email address and 2) delete the offending email address so I don't get spammed.
What happened here is my unique email address for GWG, which I never shared or use anywhere else except here on GWG, received a phishing email. As you can see I hide my unique GWG email address so supposedly no one can email me except through GWG mail system.
Hope that clears this up for everyone.
Quote:
ANYone can get phished....yahoo accounts are notorious for that. my last old email account got it A LOT (I had to get rid of it since the domain dsl provider would do nothing about the 'failure' notices that I was getting--in excess of 10,000k a DAY).
ANYONE can use your email addy and send stuff to people pretending to be you. So it may not be guru's issue at all. Though I would suggest contacting Kvinna about this as she is the only admin for this site (gw2 has more).
ANYONE can use your email addy and send stuff to people pretending to be you. So it may not be guru's issue at all. Though I would suggest contacting Kvinna about this as she is the only admin for this site (gw2 has more).
cosyfiep
ANYone can USE your email addy to phish.
You have NOT made yourself clear. It is very easy to find out what addresses are 'usable' and send stuff to others using that email.
I routinely get crap from email addresses like that (and ones I OWN and KNOW for a fact are not CAPABLE of sending emails even! read have NEVER EVER BEEN USED for sending OR receiving email). And yes, you can find out what isp sent the emails, but that does very little (poland is popular this time of year for this). There is relatively little you can do about it.
It is very very easy to send stuff to people using fictitious emails and every once in a while the phishers get lucky and stumble across really addys in the process.
guildwarsguru.net is not above being used for this purposes as its a GMAIL account and just as easy to get phished as yahoo or hotmail etc. Your problem is not guru here, but GMAIL as guru has NO email servers to send things from, its all gmail.
Now if someone is sending pm's from guru THAT is something we have control over....and you should contact Kvinna regarding something of that sort.
You have NOT made yourself clear. It is very easy to find out what addresses are 'usable' and send stuff to others using that email.
I routinely get crap from email addresses like that (and ones I OWN and KNOW for a fact are not CAPABLE of sending emails even! read have NEVER EVER BEEN USED for sending OR receiving email). And yes, you can find out what isp sent the emails, but that does very little (poland is popular this time of year for this). There is relatively little you can do about it.
It is very very easy to send stuff to people using fictitious emails and every once in a while the phishers get lucky and stumble across really addys in the process.
guildwarsguru.net is not above being used for this purposes as its a GMAIL account and just as easy to get phished as yahoo or hotmail etc. Your problem is not guru here, but GMAIL as guru has NO email servers to send things from, its all gmail.
Now if someone is sending pm's from guru THAT is something we have control over....and you should contact Kvinna regarding something of that sort.
sre
Cosyfiep,
Quote:
Originally Posted by cosyfiep
Quote:
Quote: Originally Posted by cosyfiep
ANYone can USE your email addy to phish.It is very easy to find out what addresses are 'usable' and send stuff to others using that email. GWG did not send me the phishing email; that is *not* what I'm claiming. Nor am I claiming that someone used my GWG address claiming to be me (read the headers). What I am stating is this: A third party (not GWG) sent a phishing email to the unique email address provided to GWG and GWG is the only entity that has ever been given that email address.
Quote: Originally Posted by cosyfiep
It is very very easy to send stuff to people using fictitious emails and every once in a while the phishers get lucky and stumble across really addys in the process.
I don't believe the phisher got lucky and discovered my cryptic email address at my domain. The email address they sent the phishing address to was [email protected], where mydomain.com is a domain I own. When email is sent to guildwarsguru15376 it was forwarding on to my gmail account. The phisher has no idea what my "real" gmail account is and therefore remains safe from the phishing scams or other spam.Quote:
