Aug 17, 2008, 12:11 AM // 00:11
|
#1
|
Wilds Pathfinder
Join Date: Jun 2007
Location: long a
Profession: Mo/
|
So, how DO some of these phishers get your information?
Simple thread premise. The shady goons behind the scene who spend the majority of their time trying to phish for your GW information for the purposes of scamming, hijacking, or the likes.
How do they ever manage to get it?
Most would suggest simple things like, "Have you given your information to anyone?" (No.) "Have you used any mods like Texmod, downloaded from an unreliable source (with the potential for keylogging)?" (No.) "Have you ever used or posted your GW account e-mail on a, in retrospect, shady looking GW site, or anywhere other than GWG?" (No.) "Do you use the same e-mail for your GW account as your GWG account and allow GWG users the option to e-mail you?" (No.)
I'm answering no to all of these things because I was the subject and current victim of an account hijacking by a Taiwanese user of all things, and while I'm still in contact with support trying to retrieve my account, one thought continues to linger. How DID they get my account? Nevermind that, how do they confirm the changes when the confirmation email is sitting in your inbox and both your GW and email passwords are different? Furthermore, why is ANet's system so fault-ridden and the security flimsy?
If this is the wrong section then please, mods, feel free to move it, but I thought this was fairly suiting for general discussion.
|
|
|
Aug 17, 2008, 12:44 AM // 00:44
|
#2
|
Jungle Guide
|
Most of the time? You. You let them in.
Whether that is due to downloading bad things, or having poor security, or a completely open system.
Even when people say "I DIDN'T DO ANY OF THAT!" 90% of the time, they did and they know it.
|
|
|
Aug 17, 2008, 01:06 AM // 01:06
|
#3
|
God of Spammers
Join Date: Oct 2005
Location: in the middle of a burning cornfield...
Guild: Scars Meadows [SMS] (Officer)
|
Sorry but you downloaded something and probably got it hacked that way. They could have forced their way into your account but that would have been a TON harder to do and highly doubtful...
|
|
|
Aug 17, 2008, 01:28 AM // 01:28
|
#4
|
Forge Runner
|
Yeah, you probably downloaded a keylogger..
|
|
|
Aug 17, 2008, 01:47 AM // 01:47
|
#5
|
Jungle Guide
|
Frankly - I still think it is bad security at NCSoft's end.
No proof - I'm just suspicious of any big company that assures it's customers that it's security it air tight and invulnerable.
|
|
|
Aug 17, 2008, 02:02 AM // 02:02
|
#6
|
Academy Page
|
Bottom line is, if they get your password, it's game over. Bad luck. Finished.
And what more protection can anet really give? A 2nd password? Come on. There's nothing wrong on their side. Though what does probably happen is some disgruntled employee sells account info to botters and such for a price.
|
|
|
Aug 17, 2008, 02:16 AM // 02:16
|
#7
|
Jungle Guide
Join Date: Jul 2008
Location: みやき町
Profession: Mo/A
|
well you could have 10 billion passwords for one account but then log in would be hard.
|
|
|
Aug 17, 2008, 02:32 AM // 02:32
|
#8
|
Lion's Arch Merchant
Join Date: Aug 2005
Guild: Theres A Frog On My [Cape]
Profession: W/
|
Well I could tell you exactly how it works and give you the steps to make your own phisher... But I might get in trouble
Although it IS fun going into a thousand peoples myspaces and changing all their stuff ^_^
But account info is stolen mainly in two ways:
1. Submitting your info on a fake website with a similar looking URL.
2. Downloading programs.
|
|
|
Aug 17, 2008, 03:33 AM // 03:33
|
#10
|
Jungle Guide
Join Date: Feb 2007
Location: Oregon, USA.
Guild: Zero Mercy [zm]
Profession: W/
|
Them: "[name] is quitting! PM him for free ectos!"
You: "I want free ectos!" /pm
Your PM: "Hey, give me free ectos!"
Their reply: "[name] is quitting! PM him for free ectos!"
Your 2nd PM: "WTF?"
Them1: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
Them2: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
Them54: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
You: "Oh shit."
|
|
|
Aug 17, 2008, 03:39 AM // 03:39
|
#11
|
Furnace Stoker
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
|
don't answer any unnecessary and suspicious questions on the forum? every time people ask this sort of question, i automatically think they are trying to find a way around all the usual thing/scamp you know like collecting data to make a even more good way to phis lol
|
|
|
Aug 18, 2008, 06:41 AM // 06:41
|
#12
|
Wilds Pathfinder
Join Date: Jun 2007
Location: long a
Profession: Mo/
|
Quote:
Originally Posted by Kumu Honua
Whether that is due to downloading bad things
|
Specifically for Guild Wars or utilities for other applications? If only for GW, no, never.
Quote:
Originally Posted by Kumu Honua
or having poor security
|
Sygate Personal Firewall Pro
Quote:
Originally Posted by Kumu Honua
or a completely open system
|
Mine is the only account on this computer, as it is my computer, and it was always password protected. If that was what you implied. Otherwise, I always have Sygate running and have a daily NOD32 scan at 4 am which I am sure would indicate any nasties.
Quote:
Originally Posted by I pwnd U
Sorry but you downloaded something and probably got it hacked that way. They could have forced their way into your account but that would have been a TON harder to do and highly doubtful...
|
Nope, didn't download anything (again, only for GW). Of course, the utilities I download for other games are always open source and if not, administrators of said boards inspect every file for any nasties before giving it the go-ahead to download for the users. What perplexed me is that they only requested a change in email and somehow verified it on my email account. Both my GW and email had separate passwords, and secure ones at that.
Quote:
Originally Posted by Xunlai Guru Agent
Yeah, you probably downloaded a keylogger..
|
Included in a Guild Wars mod? Impossible. For a completely different game? Highly unlikely, in reference to what I just mentioned to I pwnd U.
Quote:
Originally Posted by The Primeval King
1. Submitting your info on a fake website with a similar looking URL.
2. Downloading programs.
|
Never did either (Again, 3rd party application downloads, I expect you only mean for GW.)
Quote:
Originally Posted by Thizzle
/image snip
warm me up some chicken.
|
lol.
Quote:
Originally Posted by Lady Raenef
Them: "[name] is quitting! PM him for free ectos!"
You: "I want free ectos!" /pm
Your PM: "Hey, give me free ectos!"
Their reply: "[name] is quitting! PM him for free ectos!"
Your 2nd PM: "WTF?"
Them1: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
Them2: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
Them54: "NEED GOLD? BUY OFF BLAHBLAHBLAH.COM!"
You: "Oh shit."
|
Not only do I never see this, I would never answer their ridiculous call anyways.
Quote:
Originally Posted by pumpkin pie
don't answer any unnecessary and suspicious questions on the forum? every time people ask this sort of question, i automatically think they are trying to find a way around all the usual thing/scamp you know like collecting data to make a even more good way to phis lol
|
I have no motive to do such a thing, I rarely play the game as it is. I just wanted my account back out of availability to play the game should my interest ever be sparked again.
In any event, all the things I expected to be mentioned were mentioned, and as I expect, I had a big old "no" to go with every one of them. This is where my confusion lies. Regardless, ANet did reset my account information for me and I have my account back, I'm still wondering how it happened. As much as I know I'll never be certain about it, there has to be something that someone will bring up that I can actually amount to a "yes" with.
Last edited by BLOODGOAT; Aug 18, 2008 at 06:44 AM // 06:44..
|
|
|
Aug 18, 2008, 07:25 AM // 07:25
|
#13
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
Quote:
Originally Posted by BLOODGOAT
SOtherwise, I always have Sygate running and have a daily NOD32 scan at 4 am which I am sure would indicate any nasties.
|
Don't trust antiviruses that much!
first, it takes time to identify virus, analyze it and add it to detection database and for you to update software. It can take hours/days during which you are vulnurelalble.
seccond, rare "nasties" - i.e. keylogger which was made to target GW and is only on dozen of computers worldwide - might never be discovered because they are simply under radar.
there is more, but point is that you can only trust your AV to protect you from past threats that are no longer really dangerous.
|
|
|
Aug 18, 2008, 08:15 AM // 08:15
|
#14
|
Furnace Stoker
|
Quote:
Originally Posted by avisotin
Bottom line is, if they get your password, it's game over. Bad luck. Finished.
And what more protection can anet really give? A 2nd password? Come on. There's nothing wrong on their side. Though what does probably happen is some disgruntled employee sells account info to botters and such for a price.
|
Simple. They could add a 4 digit security pin like Maple Story uses. You enter the pin by clicking in the four digits on a randomised virtual keyboard, so keyloggers are completely hopeless and unable to detect your pin.
I wish that all MMOs could have a pin like Maple Story does.
|
|
|
Aug 18, 2008, 08:45 AM // 08:45
|
#15
|
Jungle Guide
|
It is possible that you were the direct target of malicious and evil ninja hackers.
However Occam's Razor tends to disagree.
The chance of being the direct target of a malicious hacker (especially since you are a security expert and all) is so infinitesimally small that you should go out and buy a lottery ticket. Not two of them. You only need one.
However to play devils advocate: Do you brag about being the richest person in Guild Wars? Do you cycle through all your permatonics? Do you randomly show random people 8 stacks of armbraces? Do you wander around town with a panda and raincaller and assasin and...
You must have done something that got the attention of the evil ninja hackers. They don't come out into the light for 20g and a purple broadsword...
|
|
|
Aug 18, 2008, 10:04 AM // 10:04
|
#16
|
Academy Page
Join Date: Mar 2008
Location: U.K
Guild: Tiny Tag
Profession: D/E
|
i saw a vid by whitesword on youtube about him almost giving all his WoW(I know that WoW isn't gw but he makes funny vids(i think WoW sucks btw)) details to someone over an email that said somethig like YOUR WOW ACCOUNT WILL BE REMOVED UNLESS IMMEDIATE ACION IS TAKEN + he thought that the fact that he'd bought gold a while back was finally catching up with him. so he filled out his details, then glanced down at the URL and realised that it wasn't a real WoW website. if he'd sent it off he could have lost his account so BEWARE EMAILS LIKE THAT & ALWAYS CHECK THE URL! did you reply to an email like that?? 0.0
|
|
|
Aug 18, 2008, 10:10 AM // 10:10
|
#17
|
Frost Gate Guardian
Join Date: Apr 2007
Location: England
Guild: The Khaotic Empire (TKE)
Profession: Me/Mo
|
Quote:
Originally Posted by Kumu Honua
They don't come out into the light for 20g and a purple broadsword...
|
Don't be foolish! Purple broadswords are the leet weps of Ninja PKing Hackers of doom!
On topic: I'm sorry your account was hacked... I'm sure no one enjoys having all their stuff rifled through by some random person. I hope you get it back! At least NCSoft seems vaguely concerned about it.
This is why I'm hesitant about downloading textmod... I need it to complete cartographer, but when I read threads like this...
|
|
|
Aug 18, 2008, 10:42 AM // 10:42
|
#18
|
Krytan Explorer
Join Date: Aug 2007
Location: The Netherlands
Profession: W/
|
[/QUOTE] This is why I'm hesitant about downloading textmod... I need it to complete cartographer, but when I read threads like this...[/QUOTE]
I concur. 0,6% left for GMC; scrape, scrape scrape. Better safe than sorry. Besides nothing beats the feeling of acomplishing something the way it was meant to be.
|
|
|
Aug 18, 2008, 10:45 AM // 10:45
|
#19
|
Ascalonian Squire
|
Well, as long as you download it from a legitimate site, there really shouldn't be a problem.
|
|
|
Aug 18, 2008, 11:05 AM // 11:05
|
#20
|
Forge Runner
Join Date: Dec 2007
Profession: E/
|
i use texmod: no problems
finished almost all 3 continents without problems
i got an avast! free edition running and i got no problems with it
and i avoid any suspicious pm's
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
Thread |
Thread Starter |
Forum |
Replies |
Last Post |
Gather hm uw information.
|
MercenaryKnight |
The Campfire |
6 |
Apr 23, 2007 02:22 PM // 14:22 |
van helblaze |
Questions & Answers |
4 |
Feb 16, 2007 08:06 AM // 08:06 |
need some information
|
HOMICIDE |
Questions & Answers |
3 |
Nov 07, 2006 05:29 PM // 17:29 |
SiLKy |
Questions & Answers |
4 |
Feb 09, 2006 03:45 PM // 15:45 |
Beware the PHISHERS
|
Aniewiel |
Off-Topic & the Absurd |
16 |
Sep 14, 2005 10:54 PM // 22:54 |
All times are GMT. The time now is 11:43 AM // 11:43.
|