Oct 07, 2006, 02:23 AM // 02:23 | #1 |
Lion's Arch Merchant
Join Date: Jul 2005
Location: Australia
Guild: Giggity Giggity Goo
|
Email from play nc or phishing attempt?
I just received an email supposedly from plaync asking me to update my privacy settings. The link appears to direct through listserv.plaync.com and guildwars.com when hovered over but I am very hesitant to click the link.
Anyone else received these? |
Oct 07, 2006, 02:30 AM // 02:30 | #2 |
Teenager with attitude
Join Date: Jul 2005
Guild: Fifteen Over Fifty [Rare]
|
Well, if there actually is a privacy concern, you can always update by going to PlayNC's site by yourself and not through the e-mail.
__________________
People are stupid. |
Oct 07, 2006, 02:36 AM // 02:36 | #3 |
Desert Nomad
Join Date: Jul 2005
Guild: One of Many [ONE]
|
I have not.
However I would guess it is a phishing scheme. Mainly I do not remember needing to do anything outside of the game engine so I do not know what good going to plaync or guildwars.com would do. |
Oct 07, 2006, 02:46 AM // 02:46 | #4 |
Lion's Arch Merchant
Join Date: Jul 2005
Location: Australia
Guild: Giggity Giggity Goo
|
Yeah I strongly suspected it would be, what is concerning is where they could have gotten the address from as i've never given it out anywhere. Anyways, if any of you get this email, be careful!
|
Oct 07, 2006, 03:16 AM // 03:16 | #5 |
Chasing Dragons
Join Date: May 2005
Location: Lost in La-La Land
Guild: LFGuild
Profession: Mo/Me
|
Phish. I get them all the time. I delete them since Anet apparently isn't concerned about them. Paypal aggressively shuts down phishers, but NCSoft has always blown me off when I have reported these emails.
|
Oct 07, 2006, 03:41 AM // 03:41 | #6 |
ArenaNet
Join Date: Feb 2005
|
Hey, apologies for the alarm, guys. This is a legitimate email from us, [b]but please be sure that the link you follow goes to [url]ht tp://listserve.plaync.com/ (without the space in http )
The reason for the email is that we're putting together a newsletter and we want to make sure that you'd like to receive it. Again, apologies for not forewarning you about this, and Jeff tells me that in the future, they'll let me know in advance so that I can give you all a heads up on an incoming message.
__________________
Gaile Gray Support Liaison ArenaNet Last edited by Gaile Gray; Oct 07, 2006 at 07:28 AM // 07:28.. |
Oct 07, 2006, 04:18 AM // 04:18 | #7 |
Lion's Arch Merchant
Join Date: Jul 2005
Location: Australia
Guild: Giggity Giggity Goo
|
ahhh, well that's a relief, thanks for letting us know Gaile
|
Oct 07, 2006, 04:45 AM // 04:45 | #8 |
Frost Gate Guardian
Join Date: Sep 2005
Location: Area 52
|
It is never a good idea to follow links in an email regardless of the knowledge it may be legitimate, it may not be also.
Always go to the site by opening the browser yourself and going to the site, don't use the link in your email. |
Oct 07, 2006, 04:51 AM // 04:51 | #9 |
Frost Gate Guardian
Join Date: Jul 2006
|
Never, ever, ever, under any circumstances, use the link in an email to get the page you're supposedly supposed to update. EVER. Seriously, never. There is no, absolutely no, not even one possible case where a company needs to email you the link to the place you should go to change anything. If any company ever does this, stop doing business with them. (Or, at least, never click the links and enter sensitive information)
Anet: Stop sending that kind of thing. Instead of sending a link, send instructions. (And follow it up with non-retarded website design. This shouldn't be hard, since your website is already decidedly non-retarded.) Seriously, there's too many hacks, javascript, cross site scripting attacks, etc. to ever make links in email reliable, as the email sytem stands. It is not good enough to rely on users to read the link location in the lower status bar of the browser. Most don't, and they get phished that way. All it takes is one innocently misclicked link to <a href="My hacker site here">http://www.guildwars.com</a> with a fake guildwars.com site backing it to trick someone into revealing account details. Keep in mind when hovering, some browsers let javascript override what should be displayed in that little bar at the bottom. It's dumb, but they're still out there. I'm just saying, anet, don't send links like that in email, as that leads people to fall prey to phishing. Anyone with a SMTP server can spoof from: headers, hostnames, etc. and there's no authentication on it. (If you need proof, I *ahem* know a guy who can send you email "from the president" Anyone who can send email can send phishing-styled messages. Sorry if I sound out-of-sorts, but part of my job duties involve security, and I just overall personally hate to see poor security concepts in action, and hate more, to see people fall prey to the easy tricks. Until there is a strong public key infrastructure for email, with a chain of trust you can .... trust, links in email should be considered potentially tainted. Know What You Are Clicking, and if you're a company sending emails, do this kind of thing right. |
Oct 07, 2006, 05:54 AM // 05:54 | #10 |
Desert Nomad
Join Date: Mar 2006
Guild: DPX
Profession: R/
|
mr goat did you get this email yourself? Your making it seem as if Anets email is so un-profesional.Yes yes your points is valid , your just going overboard.I Did click the link after some hesitation adn checking and guess what, i didnt have to enter any details like you said....They just knew it was me.
|
Oct 07, 2006, 06:47 AM // 06:47 | #11 | |
Banned
Join Date: Nov 2005
Location: Northern California
Guild: HoTR
Profession: N/Me
|
Quote:
|
|
Oct 07, 2006, 06:51 AM // 06:51 | #12 |
Desert Nomad
Join Date: Oct 2005
|
I've recieved this too
|
Oct 07, 2006, 06:52 AM // 06:52 | #13 |
Desert Nomad
Join Date: Aug 2005
Location: in my GH
Guild: Limburgse Jagers [LJ]
Profession: W/
|
I agree with mrgoat. Anet should handle this better. I just received the mail as well, read it, thought: "hey, cool a GW newsletter", and clicked it. Then I went to GWGuru, saw this thread, and my heart skipped a beat at the first posts... I'll be more carefull in the future now, and hope Anet will too.
|
Oct 07, 2006, 07:14 AM // 07:14 | #14 |
ArenaNet
Join Date: Feb 2005
|
You make excellent points about greater security, and I will definitely be passing those along. But doesn't everyone mouseover and really look carefully at the URL of the link, or right click and check "Properties" to be sure it is going where they assume it's going? If I see an "eBay" link that goes to http://www.ebay.somethingsfishyandyoushouldbecareful.com I know it's not exactly legit.
However, I'm squeamish about this whole thing, and I don't have a copy of the email. Could someone post the exact link to which that email leads? If we post that, then everyone can check the linkand only click after they are satisfied it's the right one. Better still, I will suggest that in the future we have people insert the link themselves -- follow instructions, as you say, rather than click a link. The problem is, people may not do so because it takes more effort on their part, or they forget, or they're busy, or whatever. However, the greater security will be worth us offering the option in that way. Frankly, I'm a lot more comfortable with an active sign-up on our website. I will definitely pass along your security concerns and your suggestions for handling this better in the future. In fact, I'm writing an email right now.
__________________
Gaile Gray Support Liaison ArenaNet Last edited by Gaile Gray; Oct 07, 2006 at 07:36 AM // 07:36.. |
Oct 07, 2006, 07:18 AM // 07:18 | #15 |
Lion's Arch Merchant
Join Date: Jul 2005
Guild: [CroM]
Profession: R/
|
The link looks like this:
h.ttp://listserv.plaync.com/c?id=3184334A&u=http://www.guildwars.com/support/newsletter/confirm_en_add.php?email=*myemailedited*@*alsoedit ed*.com I had to add a "." in http because guru shows it as a "clickable" link otherwise. And, I did the same thing as Sjeng. I should be more careful next time, and I'm reliefed it's legitimate. Thanks for reacting so fast, Gaile Last edited by G.S.; Oct 07, 2006 at 07:22 AM // 07:22.. |
Oct 07, 2006, 07:31 AM // 07:31 | #16 |
ArenaNet
Join Date: Feb 2005
|
Thank you. I've amended my post above to point out that the link should be
ht tp://listserv.plaync.com/ (without the space between ht and tp and with a string of characters after the .com/ ) It seems to me that phishing would not succeed with that much verified, because the slash breaks at the end of the plaync.com and therefore someone would be on the legitimate site at that point.
__________________
Gaile Gray Support Liaison ArenaNet |
Oct 07, 2006, 08:17 AM // 08:17 | #17 |
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
When I read this messages, I am happy that at least some people know how to check the links in their e-mail.
But, as stated above, e-mail with URL's is not really safe. For future e-mails (I don't mind getting them) you could better send an e-mail pointing to the website (no url, just goto our website, and the buttons to click) and explicitly state that ANet and other parties involved will never, ever, ever ask for login-names and passwords to guildwars accounts (or other privacy related stuff). And, thanks Gaile for the quick reply. |
Oct 07, 2006, 08:23 AM // 08:23 | #18 | |
Frost Gate Guardian
Join Date: Jul 2006
Location: AUSSIE TROLLING CREW - CAPSLOCK CONSULTANT
Guild: [Dong]
Profession: Mo/
|
Quote:
People are right to be wary of direct links within emails requiring you to login. It's just too big a risk, especially with online game/mmo accounts becoming more and more of a target for theft. It's good to see you taking feedback in this regard. |
|
Oct 07, 2006, 09:04 AM // 09:04 | #19 | |
Wilds Pathfinder
Join Date: Sep 2005
Profession: Mo/E
|
Quote:
Common sense, people, common sense. Its not that hard. |
|
Oct 07, 2006, 11:36 AM // 11:36 | #20 |
Banned
Join Date: Jul 2005
|
I'd like to know why we have to create a PlayNC account in order to change our game passwords. Especially considering PlayNC's complete lack of security. We can no longer use numbers or special characters. Even though PlayNC doesn't appear to give a damn about my account, I sure do.
|
All times are GMT. The time now is 03:23 PM // 15:23.
|