Curse

furpigs · Jan 04, 2010, 03:45 AM // 03:45

With all the hacker problems recently, I wanted to share a spam email I've received. Keep your eye out for it. I did forward to Anet as well. No response from them yet.

The spam arrived from an email address that was definitely not Anet (sina.com). Also, I do not have an Aion account. And the web link they sent to check my login was not correct.

**********The Email Below***************
Password Reset Success‏
From: NCsoft Support ([email protected])
Sent: Sun 1/03/10 5:31 AM
To: (my email address)

Someone at 210.259.232.57 has reset your Aion Game Account password for account . If you did not make this change, please contact support immediately.

shoyon456 · Jan 04, 2010, 04:04 AM // 04:04

I've been getting the same spam emails about my WoW account (hint, I do not have a WoW account now or ever).

It's just fishing for someone to hit their fake link and put in their account info. Notice how the url is "ncsofts" not "ncsoft." You're just one of many that's getting them. All they need are a few people who have accounts to click on the link and put in their info to make sure their account is ok, then its gone.

I've forwarded them to Blizzard, but I get so many now, its just easier to delete them all.

Ninja Ninja · Jan 04, 2010, 04:05 AM // 04:05

If this really is a hacker email you really shouldn't post a link to the website.

Saph · Jan 04, 2010, 04:31 AM // 04:31

Good thing you pointed out the extra s on ncsoft. Someone might panic if they receive an email saying their account info has been changed, and overlook that small detail.

Martin Alvito · Jan 04, 2010, 05:36 AM // 05:36

Nasty.

I agree that you should take the URL code out, or at least break it so it doesn't work.

Arduin · Jan 04, 2010, 05:56 AM // 05:56

Quote:

Originally Posted by furpigs

**********The Email Below***************
Password Reset Success‏
From: NCsoft Support ([email protected])
Sent: Sun 1/03/10 5:31 AM
To: (my email address)

Someone at 210.259.232.57 has reset your Aion Game Account password for account xxxxxx. If you did not make this change, please contact support immediately.

Did you just post your accountname?

Bob Slydell · Jan 04, 2010, 06:11 AM // 06:11

Quote:

Originally Posted by Arduin

Did you just post your accountname?

I think he said he doesn't even own an Aion account. These hackers are getting desperate now just shooting out random emails to random people hoping to get a bite.

LOL..I also just noticed the IP is totally fake. 259 is an impossible range. its 0-255, (preferably 0-254).

zwei2stein · Jan 04, 2010, 06:54 AM // 06:54

Did you use email address that this was sent to for something aion or gw related? Fansite, etc.

pumpkin pie · Jan 04, 2010, 07:41 AM // 07:41

210.259.232.57

on one IP lookup, says the ip address is invalid

another one says the ip is from SOFTBANK TELECOM CORP, Yokohama, Japan,

gone · Jan 04, 2010, 10:33 AM // 10:33

I expect a lot more people will be getting hit this way. In their hack panic, they will give away their account(s) info.

Fril Estelin · Jan 04, 2010, 12:13 PM // 12:13

Quote:

Originally Posted by flubber

I expect a lot more people will be getting hit this way. In their hack panic, they will give away their account(s) info.

In particular if they've been reading the security threads on Guru. Everyone must be feeling like everyone else is a potential hacker by now ;P.

EDIT: Security-induced brain explosion: what if the OP is a hacker attempting to cause more trouble by pointing to a fake phishing attempt?

Riot Narita · Jan 04, 2010, 12:20 PM // 12:20

General advice:

Use a text-only email client, do not enable html or any kind of executable.

Don't click links in emails, forum posts etc. Ever. Use your own favourites/bookmarks, to make sure you land on genuine sites - or carefully type the URL's yourself (beware of fake sites created using common mispellings of URLs).

If you MUST click on links...

...Use Firefox with Noscript, Adblock, Flashblock (or an equivelent browser setup), to help prevent infection by malware

...Do not enable script, or flash for ANY site unless you absolutely HAVE to, and even then - only after you are sure the site is genuine and trustworthy.

...Make sure you are running respectable anti-malware (firewall, antivirus, antispyware, antirootkit)

...Double-check the spelling of URL's - especially if the site is asking for any information.

Does that sound inconvenient or complicated? It really isn't. Make it a habit, and it's like driving a car - you won't even notice you're doing it.

isildorbiafra · Jan 04, 2010, 12:23 PM // 12:23

Use an email filter and get rid of the garbage before it ever hits your pc.

Big_Iron · Jan 04, 2010, 03:32 PM // 15:32

Quote:

Originally Posted by pumpkin pie

210.259.232.57

on one IP lookup, says the ip address is invalid

another one says the ip is from SOFTBANK TELECOM CORP, Yokohama, Japan,

One quick glance will tell an IT guy this isn't a valid IP address. The second octet is invalid. It's outside of any IP range.

furpigs · Jan 04, 2010, 04:34 PM // 16:34

Sorry, I realize that I should not have posted the bad link. I was trying to help.

I do not own an Aion account and the account name in the email was not any account that I have for anything.

The email address they sent it to was at one time associated to an NCSoft master account, but no longer. The email address was not the login to the gw's account.

gone · Jan 07, 2010, 05:21 PM // 17:21

Quote:

Originally Posted by Fril Estelin

In particular if they've been reading the security threads on Guru. Everyone must be feeling like everyone else is a potential hacker by now ;P.

Well, if they have any sort of sense, NO. Logging into/out of a site and obtaining a random's account info, isn't hacking. It is site failure. no matter what the thundercat team thinks.

Quote:

Originally Posted by Fril Estelin

EDIT: Security-induced brain explosion: what if the OP is a hacker attempting to cause more trouble by pointing to a fake phishing attempt?

I don't think anyone would waste the time, unless trolling.

upier · Jan 07, 2010, 05:41 PM // 17:41

A mail I received today:

Quote:

Subject: Aion Account Check
When you receive this message at the same time means that you have a routine account of our recent examination, was checking your account we have the evidence to prove that involved in the controversial game currency transaction so we had to take the necessary measures.
Please visit our web site XXXXXXXX as soon as possible to activate your account or we will suspend your account.

The NCsoft Team

(Removed the link and replaced it with XXXXXXXX.)

Forwarded it to support - got this back:

Quote:

Greetings,

Thank you for writing in this report. This is a scam email used to steal account information. Please do not follow any links that are listed in that email. If you have anymore in-game questions or concerns please let me know. Thank you.

Regards,
GM Redcommander

I know one of more person that got it today also. Neither of us has an AION account.

Martin Alvito · Jan 07, 2010, 05:46 PM // 17:46

I also got the e-mail that upier received. I don't play Aion either, and the odd thing about it was that it was sent to a forwarding e-mail address I almost never give to anyone.

Pretty poor phish attempt if you ask me. At least the Nigerian prince had a reason for his English being so poor.

BenjZee · Jan 07, 2010, 05:48 PM // 17:48

Have you got your email address linked on any fansites or commonly used usernaes? Also lol at that IP address

Miscreant_Moon · Jan 07, 2010, 06:15 PM // 18:15

These must be just mass emails going out. Because I received a WoW one on an email account that has never been registered anywhere on any site.