Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Iradlac Seited
|
Posted - 2008.06.12 18:35:00 -
[1]
I received the email below and it appears to be a phishing attempt for account information. The site is NOT in the 'eve-online.com' domain. The redirect actually took me to: http://www.vrtnar.com/slo/cache/https:/secure.eve-online.com/login.aspxReturnUrl=%252fAccountManMenu.aspx.htm
<email> Jun 12, 2008 7:19 AM subjectEVE Online: Important account information mailed-byafekt1.afektnet.net
Dear Players,
During today downtime, we discovered an issue to our database and we lost some user informations. Please check your account, and if you have any problem with your loggin name or password contact us. In order to verify your account information please do the fallowing: Go to account management: https://secure.eve-online.com/login.aspx?ReturnUrl=%2fAccountManMenu.aspx Log in using your username and password
If you have any problems with your account information please be patient and allow us up to 48 hours to solve that issue.We are working hard to solve that database issue.Please note that issue involved only our website access, not ingame access.
Thank you, Eve-Online Customer Support |
Miki Fin
Independant Union of Rangers
|
Posted - 2008.06.12 18:38:00 -
[2]
Originally by: Iradlac Seited I received the email below and it appears to be a phishing attempt for account information. The site is NOT in the 'eve-online.com' domain. The redirect actually took me to: http://www.vrtnar.com/slo/cache/https:/secure.eve-online.com/login.aspxReturnUrl=%252fAccountManMenu.aspx.htm
<email> Jun 12, 2008 7:19 AM subjectEVE Online: Important account information mailed-byafekt1.afektnet.net
Dear Players,
During today downtime, we discovered an issue to our database and we lost some user informations. Please check your account, and if you have any problem with your loggin name or password contact us. In order to verify your account information please do the fallowing: Go to account management: https://secure.eve-online.com/login.aspx?ReturnUrl=%2fAccountManMenu.aspx Log in using your username and password
If you have any problems with your account information please be patient and allow us up to 48 hours to solve that issue.We are working hard to solve that database issue.Please note that issue involved only our website access, not ingame access.
Thank you, Eve-Online Customer Support
You've obviously logged in to make this post, which means CCP hasn't lost your account info, so yeah, looks lke a phishing attempt
|
Jacob Mei
|
Posted - 2008.06.12 18:41:00 -
[3]
My money is on plishing attempt. IIRC, ligit mailings actually will include your name instead of something like player or customer.
Also note that they just want you to log in, they dont say to do anything after that. -------------------------------- To borrow a phrase:
Players who post are like stars, there are bright ones and those who are dim.
|
Iradlac Seited
|
Posted - 2008.06.12 18:41:00 -
[4]
uh NO. I logged into this forum by opening another browser and going to a trusted domain.
But if you don't believe me, your welcome to try the link in my post and see if it works for you ;) |
Jaronel
Abysmal Bottom Line
|
Posted - 2008.06.12 18:44:00 -
[5]
A real big clue is the fact that the email itself is riddled with spelling and grammar errors.
Oh, the sadness of brilliant schemes ruined by horrible schooling! --------------------
We love rocks. ISKx0 |
Iradlac Seited
|
Posted - 2008.06.12 18:46:00 -
[6]
Originally by: Jaronel A real big clue is the fact that the email itself is riddled with spelling and grammar errors.
True, but don't tell the Phishers that, or else they'll get better.
|
Arthalion Thoidon
Splint Eye Probabilities Inc. Dawn of Transcendence
|
Posted - 2008.06.12 18:50:00 -
[7]
There's also the simple fact( and I think a CCP employee will soon confirm this) that CCP wil never, ever, not in a million years, ask for your account info. And the fact the website redirect is wrong just makes it even more clear it's a phishing attempt.
|
Iradlac Seited
|
Posted - 2008.06.12 18:53:00 -
[8]
Originally by: Arthalion Thoidon and I think a CCP employee will soon confirm this
I was hoping to get this to CCP's awareness (I'm sure it happens regularly). Is there a more direct route than forums/petitions?
|
|
CCP Mitnal
C C P
|
Posted - 2008.06.12 18:58:00 -
[9]
Consider us aware |
|
Miki Fin
Independant Union of Rangers
|
Posted - 2008.06.12 18:58:00 -
[10]
Originally by: Iradlac Seited I was hoping to get this to CCP's awareness (I'm sure it happens regularly). Is there a more direct route than forums/petitions?
email [email protected] |
|
DGWabbit
The Illuminati. Pandemic Legion
|
Posted - 2008.06.12 19:02:00 -
[11]
Also, petitions tend to work very quickly when its this type of situation. I think harassment is the topic, unless there is a more appropriate choice. Also, I would xxxxxx the proper website so people don't get ideas and copy/paste/goto type deal since ya....ppl aren't the brightest and you may inadvertently put them at risk =)
CCP is aware \o/ yay! \o/ Lets hope they aren't like cyberdyne AI =x |
Bleeshtar
|
Posted - 2008.06.12 19:03:00 -
[12]
Originally by: Iradlac Seited from afekt1.afektnet.net
Your first clue |
Angela Toren
Toren Shipyards
|
Posted - 2008.06.12 19:18:00 -
[13]
Quote: During today downtime
Quote: and we lost some informations
Your Second clue. _______
Oh Mindy... |
KingOzar
Brute Strength THORN Alliance
|
Posted - 2008.06.12 19:18:00 -
[14]
Originally by: Jaronel A real big clue is the fact that the email itself is riddled with spelling and grammar errors.
Oh, the sadness of brilliant schemes ruined by horrible schooling!
Lol, you would think if they were going to do this, they would try just a bit harder...
|
Dreadchain
PROGENITOR CORPORATION Intrepid Crossing
|
Posted - 2008.06.12 19:45:00 -
[15]
I bet a load of people will still fall for it Well, atleast it's not as bad as back in WoW, chinafarmers would post keylogger links which were followed by 15 pages of "ZOMG I CLICKERED IT, WTF 2 DEW".
|
Ferrosa
Federal Defence Union
|
Posted - 2008.06.12 19:45:00 -
[16]
I got the same mail... this is the trace:
1 <1 ms <1 ms <1 ms . [192.168.1.1] 2 23 ms 23 ms 23 ms 1.197-64-87.adsl-dyn.isp.belgacom.be [87.64.197. 1] 3 25 ms 25 ms 25 ms 13.255-244-81.adsl-static.isp.belgacom.be [81.24 4.255.13] 4 25 ms 24 ms 25 ms ge0-0.intlmar1.isp.belgacom.be [194.78.0.47] 5 25 ms 25 ms 25 ms 80.84.20.210 6 32 ms 113 ms 32 ms 80.84.18.106 7 40 ms 42 ms 45 ms 80.84.18.227 8 40 ms 40 ms 40 ms linx-gw1.enta.net [195.66.226.151] 9 40 ms 40 ms 39 ms te5-2.global-switch.core.enta.net [87.127.236.42 ] 10 40 ms 50 ms 40 ms gi1-0-3.rt02.gsl1.as34282.net [84.45.248.251] 11 40 ms 41 ms 40 ms afekt1.afektnet.net [85.92.73.80]
CCP... find this f*cker ^^
|
Guillame Herschel
The Graduates Brutally Clever Empire
|
Posted - 2008.06.12 19:50:00 -
[17]
Originally by: Jaronel A real big clue is the fact that the email itself is riddled with spelling and grammar errors.
Yeah, it's totally unlike anything to do with EVE.
-- The Theorem Theorem: If If, Then Then --
|
Layla McScout
|
Posted - 2008.06.12 19:52:00 -
[18]
If you received such an Email then you committed one of those critical error in keeping your account safe.
NEVER EVER use your primary mail account (the one you used to create your Eve account) to sign up to fansites, forums, guild or other Eve sites.
I generally use 3-4 dummy mail accounts which I use for such things. Should I get any fishing mail then it will rot in the inbox of those accounts until hell freezes over.
And please don't tell me you used the same login / pass as for the game to sign up to that fansite where the phishers got your Email.
|
NO CARRIER
|
Posted - 2008.06.12 20:50:00 -
[19]
Originally by: KingOzar
Originally by: Jaronel A real big clue is the fact that the email itself is riddled with spelling and grammar errors.
Oh, the sadness of brilliant schemes ruined by horrible schooling!
Lol, you would think if they were going to do this, they would try just a bit harder...
That's like saying, "You'd think that if these squirrels were going to try to get into my attic they'd buy a power drill or a circular saw or something..." The phishers have as much chance of doing it well as a squirrel has of buying a power tool at Home Depot and using it on your house to gain entrance.
The phishers are incompetent. They are low-IQ. English is not their first language. They are from cultures where the obviousness of phishing messages is mysterious and unfathomable; they don't get it. To anyone with a clue the phishing messages contain loud billboard announcements of their false nature. But in the end they don't care how bad their presentation is if enough people fall for it. The take from phishing is appalling.
As to using different email addresses for different things.. I don't care how many phishing messages come to my principal email address -- not a one has a prayer of ever getting a click, much less getting me to log in to some false site. |
Asantte
|
Posted - 2008.06.12 21:31:00 -
[20]
Originally by: Layla McScout If you received such an Email then you committed one of those critical error in keeping your account safe.
NEVER EVER use your primary mail account (the one you used to create your Eve account) to sign up to fansites, forums, guild or other Eve sites.
I generally use 3-4 dummy mail accounts which I use for such things. Should I get any fishing mail then it will rot in the inbox of those accounts until hell freezes over.
And please don't tell me you used the same login / pass as for the game to sign up to that fansite where the phishers got your Email.
I have a trash email account that I sign up for various websites if they require registration. I do this for everything, not just EVE. This way I keep my other emails clean while spam mail folder of this account is often in the 100s. Imagine my surprise when I got an email advertising ISK for sale at one of my email accounts signed up during EVE Online registration. This account was not signed up for any fan websites or anything of the kind because i always used my other account for such stuff. It doesn't get any spam at all. And suddenly I get an email advertising ISK for sale there, I mean wth?
|
|
Aclyn Seriy
Center for Advanced Studies
|
Posted - 2008.06.12 21:35:00 -
[21]
That e-mail seems to have come from a domain registry company based in slovenia, using an english based IP address, according to whois.net. There have also been reports of phishing attempts by this company regarding UK based banks, namely the attempt to obtain passwords and user names for internet banking.
WHOIS link
Originally by: techzer0 I'm the failboat captain
|
Kobushi
OCForums
|
Posted - 2008.06.12 22:22:00 -
[22]
whois reports as
Registry Whois Domain Name: vrtnar.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com
Expiration Date: 2008-08-16 Creation Date: 2002-08-16 Last Update Date: 2007-08-02
Name Servers: ns1.afektnet.net ns2.afektnet.net
It is NOT CCP for sure
|
Trind2222
Soliders Of Eve Atlas Alliance
|
Posted - 2008.06.12 22:58:00 -
[23]
Edited by: Trind2222 on 12/06/2008 23:00:53 http://www.eve-online.com/pnp/eula.asp
http://www.eve-online.com/pnp/namepolicy.asp
NOTE: No employee of CCP nor one of its authorized representatives will ever ask for your password. Should someone claiming to be a CCP associate request your password, DO NOT GIVE IT. Instead, notify the support team immediately by sending an in-game petition or by using the ôAsk a questionö form on our Support website. Please retain all related documentation in the event it is needed during a possible investigation
Hope this helps. |
Tzar'rim
|
Posted - 2008.06.12 23:06:00 -
[24]
Originally by: Kobushi whois reports as
Registry Whois Domain Name: vrtnar.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com
Expiration Date: 2008-08-16 Creation Date: 2002-08-16 Last Update Date: 2007-08-02
Name Servers: ns1.afektnet.net ns2.afektnet.net
It is NOT CCP for sure
Joker.com, aren't those the same guys that the EVE DEV killboard link now redirects to? |
Patch86
Di-Tron Heavy Industries Atlas Alliance
|
Posted - 2008.06.12 23:08:00 -
[25]
Im not certain, but if you send me your account name and password I'd be happy to investigate for you. |
Tzar'rim
|
Posted - 2008.06.12 23:09:00 -
[26]
Sorry, already gave it to the guys that make BACON, hoping they might get it to work for me again. I really can't play without BACON helping me. If they fail I'll close all of my 26 accounts because it's just not fair.
|
Pardack
Caldari Provisions
|
Posted - 2008.06.12 23:40:00 -
[27]
Edited by: Pardack on 12/06/2008 23:41:12
Originally by: Patch86 Im not certain, but if you send me your account name and password I'd be happy to investigate for you.
Originally by: EULA B. Passwords and Names ... You may not obtain, attempt to obtain, use or attempt to use the password of anyone else. ...
Beware of GMs who may be one or more of the following: 1. Lawyer (technicality) 2. In a Bad MoodÖ (because they can) 3. Incompetent (duh!) 4. Hungover (duuuh) 5. Someone you've ticked off in-game (I got your bounty right here) 6. Someone you've ticked off on the forums (*click*)
P.S. Iradlac Seited you should really get rid of that URL from your post.
|
Ralle030583
The Wild Hunt Pure.
|
Posted - 2008.06.13 07:57:00 -
[28]
Edited by: Ralle030583 on 13/06/2008 07:57:11
Originally by: Tzar'rim
Originally by: Kobushi whois reports as
Registry Whois Domain Name: vrtnar.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com
Expiration Date: 2008-08-16 Creation Date: 2002-08-16 Last Update Date: 2007-08-02
Name Servers: ns1.afektnet.net ns2.afektnet.net
It is NOT CCP for sure
Joker.com, aren't those the same guys that the EVE DEV killboard link now redirects to?
joker.com is only an hoster but youshould contact their pishing/spam department through this: Report Spammers/Phishing so they close this phishing site
You need a free Killboard? check: http:\\www.eve-kill.net
Originally by: CCP Sharkbait i have untrashed this bug report and i will take car |
Ralle030583
The Wild Hunt Pure.
|
Posted - 2008.06.13 08:05:00 -
[29]
Originally by: Ralle030583 Edited by: Ralle030583 on 13/06/2008 07:57:11
Originally by: Tzar'rim
Originally by: Kobushi whois reports as
Registry Whois Domain Name: vrtnar.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com
Expiration Date: 2008-08-16 Creation Date: 2002-08-16 Last Update Date: 2007-08-02
Name Servers: ns1.afektnet.net ns2.afektnet.net
It is NOT CCP for sure
Joker.com, aren't those the same guys that the EVE DEV killboard link now redirects to?
joker.com is only where the domain was registred but youshould contact their pishing/spam department through this: Report Spammers/Phishing which are registered by joker.com so they close this phishing site
You need a free Killboard? check: http:\\www.eve-kill.net
Originally by: CCP Sharkbait i have untrashed this bug report and i will take car |
Andrue
|
Posted - 2008.06.13 10:18:00 -
[30]
Edited by: Andrue on 13/06/2008 10:19:46 No-one seems to be asking how the sender managed to get the email address. It's unlikely that they would be spamming random global emails. Either CCP leaked it (very unlikely IMO I hasten to add) or else the recipients advertised it some other way.
Personally I have my email system set up so that I can give everyone their own unique address to use. That way I always know exactly where the information came from and can block that specific address if I have to. It's kept me spam-free for over four years now. After all that time I think I've got six or seven incoming address on my blacklist. |
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |