Email from play nc or phishing attempt? - Guild Wars Forums

Sooty · Oct 07, 2006, 02:23 AM // 02:23

I just received an email supposedly from plaync asking me to update my privacy settings. The link appears to direct through listserv.plaync.com and guildwars.com when hovered over but I am very hesitant to click the link.

Anyone else received these?

Savio · Oct 07, 2006, 02:30 AM // 02:30

Well, if there actually is a privacy concern, you can always update by going to PlayNC's site by yourself and not through the e-mail.

strcpy · Oct 07, 2006, 02:36 AM // 02:36

I have not.

However I would guess it is a phishing scheme. Mainly I do not remember needing to do anything outside of the game engine so I do not know what good going to plaync or guildwars.com would do.

Sooty · Oct 07, 2006, 02:46 AM // 02:46

Yeah I strongly suspected it would be, what is concerning is where they could have gotten the address from as i've never given it out anywhere. Anyways, if any of you get this email, be careful!

dansamy · Oct 07, 2006, 03:16 AM // 03:16

Phish. I get them all the time. I delete them since Anet apparently isn't concerned about them. Paypal aggressively shuts down phishers, but NCSoft has always blown me off when I have reported these emails.

Gaile Gray · Oct 07, 2006, 03:41 AM // 03:41

Hey, apologies for the alarm, guys. This is a legitimate email from us, [b]but please be sure that the link you follow goes to [url]ht tp://listserve.plaync.com/ (without the space in http )

The reason for the email is that we're putting together a newsletter and we want to make sure that you'd like to receive it.

Again, apologies for not forewarning you about this, and Jeff tells me that in the future, they'll let me know in advance so that I can give you all a heads up on an incoming message.

Sooty · Oct 07, 2006, 04:18 AM // 04:18

ahhh, well that's a relief, thanks for letting us know Gaile

SirErnieMacGloop · Oct 07, 2006, 04:45 AM // 04:45

It is never a good idea to follow links in an email regardless of the knowledge it may be legitimate, it may not be also.

Always go to the site by opening the browser yourself and going to the site, don't use the link in your email.

mrgoat · Oct 07, 2006, 04:51 AM // 04:51

Never, ever, ever, under any circumstances, use the link in an email to get the page you're supposedly supposed to update. EVER. Seriously, never. There is no, absolutely no, not even one possible case where a company needs to email you the link to the place you should go to change anything. If any company ever does this, stop doing business with them. (Or, at least, never click the links and enter sensitive information)

Anet: Stop sending that kind of thing. Instead of sending a link, send instructions. (And follow it up with non-retarded website design. This shouldn't be hard, since your website is already decidedly non-retarded.) Seriously, there's too many hacks, javascript, cross site scripting attacks, etc. to ever make links in email reliable, as the email sytem stands. It is not good enough to rely on users to read the link location in the lower status bar of the browser. Most don't, and they get phished that way.

All it takes is one innocently misclicked link to <a href="My hacker site here">http://www.guildwars.com</a> with a fake guildwars.com site backing it to trick someone into revealing account details. Keep in mind when hovering, some browsers let javascript override what should be displayed in that little bar at the bottom. It's dumb, but they're still out there.

I'm just saying, anet, don't send links like that in email, as that leads people to fall prey to phishing. Anyone with a SMTP server can spoof from: headers, hostnames, etc. and there's no authentication on it. (If you need proof, I *ahem* know a guy who can send you email "from the president" Anyone who can send email can send phishing-styled messages.

Sorry if I sound out-of-sorts, but part of my job duties involve security, and I just overall personally hate to see poor security concepts in action, and hate more, to see people fall prey to the easy tricks.

Until there is a strong public key infrastructure for email, with a chain of trust you can .... trust, links in email should be considered potentially tainted. Know What You Are Clicking, and if you're a company sending emails, do this kind of thing right.

Xenex Xclame · Oct 07, 2006, 05:54 AM // 05:54

mr goat did you get this email yourself? Your making it seem as if Anets email is so un-profesional.Yes yes your points is valid , your just going overboard.I Did click the link after some hesitation adn checking and guess what, i didnt have to enter any details like you said....They just knew it was me.

VitisVinifera · Oct 07, 2006, 06:47 AM // 06:47

Quote:

Originally Posted by Gaile Gray

Hey, apologies for the alarm, guys. This is a legitimate email from us. We're putting together a newsletter and we want to make sure that you'd like to receive it.

Again, apologies for not forewarning you about this, and Jeff tells me that in the future, they'll let me know in advance so that I can give you all a heads up on an incoming message.

classic anerf

daraaksii · Oct 07, 2006, 06:51 AM // 06:51

I've recieved this too

Sjeng · Oct 07, 2006, 06:52 AM // 06:52

I agree with mrgoat. Anet should handle this better. I just received the mail as well, read it, thought: "hey, cool a GW newsletter", and clicked it. Then I went to GWGuru, saw this thread, and my heart skipped a beat at the first posts... I'll be more carefull in the future now, and hope Anet will too.

Gaile Gray · Oct 07, 2006, 07:14 AM // 07:14

You make excellent points about greater security, and I will definitely be passing those along. But doesn't everyone mouseover and really look carefully at the URL of the link, or right click and check "Properties" to be sure it is going where they assume it's going? If I see an "eBay" link that goes to http://www.ebay.somethingsfishyandyoushouldbecareful.com I know it's not exactly legit.

However, I'm squeamish about this whole thing, and I don't have a copy of the email. Could someone post the exact link to which that email leads? If we post that, then everyone can check the linkand only click after they are satisfied it's the right one.

Better still, I will suggest that in the future we have people insert the link themselves -- follow instructions, as you say, rather than click a link. The problem is, people may not do so because it takes more effort on their part, or they forget, or they're busy, or whatever. However, the greater security will be worth us offering the option in that way.

Frankly, I'm a lot more comfortable with an active sign-up on our website. I will definitely pass along your security concerns and your suggestions for handling this better in the future. In fact, I'm writing an email right now.

G.S. · Oct 07, 2006, 07:18 AM // 07:18

The link looks like this:
h.ttp://listserv.plaync.com/c?id=3184334A&u=http://www.guildwars.com/support/newsletter/confirm_en_add.php?email=*myemailedited*@*alsoedit ed*.com

I had to add a "." in http because guru shows it as a "clickable" link otherwise.

And, I did the same thing as Sjeng. I should be more careful next time, and I'm reliefed it's legitimate. Thanks for reacting so fast, Gaile

Gaile Gray · Oct 07, 2006, 07:31 AM // 07:31

Thank you. I've amended my post above to point out that the link should be
ht tp://listserv.plaync.com/ (without the space between ht and tp and with a string of characters after the .com/ ) It seems to me that phishing would not succeed with that much verified, because the slash breaks at the end of the plaync.com and therefore someone would be on the legitimate site at that point.

the_jos · Oct 07, 2006, 08:17 AM // 08:17

When I read this messages, I am happy that at least some people know how to check the links in their e-mail.
But, as stated above, e-mail with URL's is not really safe.

For future e-mails (I don't mind getting them) you could better send an e-mail pointing to the website (no url, just goto our website, and the buttons to click) and explicitly state that ANet and other parties involved will never, ever, ever ask for login-names and passwords to guildwars accounts (or other privacy related stuff).

And, thanks Gaile for the quick reply.

Agyar · Oct 07, 2006, 08:23 AM // 08:23

Quote:

Originally Posted by Gaile Gray

You make excellent points about greater security, and I will definitely be passing those along. But doesn't everyone mouseover and really look carefully at the URL of the link, or right click and check "Properties" to be sure it is going where they assume it's going? If I see an "eBay" link that goes to http://www.ebay.somethingsfishyandyoushouldbecareful.com I know it's not exactly legit.

Assuming people are wise enough to not follow links without checking them isn't really security. The assumption should be that people will not =P. In terms of eBay/online banking/paypal, they will request you visit the site and login to access the feature, rather than following links through the email. They also use methods such as addressing the body of the email to the name of the account holder, as an added security check.

People are right to be wary of direct links within emails requiring you to login. It's just too big a risk, especially with online game/mmo accounts becoming more and more of a target for theft.

It's good to see you taking feedback in this regard.

Tijger · Oct 07, 2006, 09:04 AM // 09:04

Quote:

Originally Posted by the_jos

When I read this messages, I am happy that at least some people know how to check the links in their e-mail.
But, as stated above, e-mail with URL's is not really safe.

For future e-mails (I don't mind getting them) you could better send an e-mail pointing to the website (no url, just goto our website, and the buttons to click) and explicitly state that ANet and other parties involved will never, ever, ever ask for login-names and passwords to guildwars accounts (or other privacy related stuff).

And, thanks Gaile for the quick reply.

Clicking links in emails is perfectly safe, entering your details and credit card numbers on a page you cannot verify is genuine isnt.

Common sense, people, common sense. Its not that hard.

Hockster · Oct 07, 2006, 11:36 AM // 11:36

I'd like to know why we have to create a PlayNC account in order to change our game passwords. Especially considering PlayNC's complete lack of security. We can no longer use numbers or special characters. Even though PlayNC doesn't appear to give a damn about my account, I sure do.

Oct 07, 2006, 02:23 AM // 02:23	#1
Sooty Lion's Arch Merchant Join Date: Jul 2005 Location: Australia Guild: Giggity Giggity Goo	Email from play nc or phishing attempt? I just received an email supposedly from plaync asking me to update my privacy settings. The link appears to direct through listserv.plaync.com and guildwars.com when hovered over but I am very hesitant to click the link. Anyone else received these?

Oct 07, 2006, 02:30 AM // 02:30	#2
Savio Teenager with attitude Join Date: Jul 2005 Guild: Fifteen Over Fifty [Rare]	Well, if there actually is a privacy concern, you can always update by going to PlayNC's site by yourself and not through the e-mail. __________________ People are stupid.

Oct 07, 2006, 03:41 AM // 03:41	#6
Gaile Gray ArenaNet Join Date: Feb 2005	Hey, apologies for the alarm, guys. This is a legitimate email from us, [b]but please be sure that the link you follow goes to [url]ht tp://listserve.plaync.com/ (without the space in http ) The reason for the email is that we're putting together a newsletter and we want to make sure that you'd like to receive it. Again, apologies for not forewarning you about this, and Jeff tells me that in the future, they'll let me know in advance so that I can give you all a heads up on an incoming message. __________________ Gaile Gray Support Liaison ArenaNet Last edited by Gaile Gray; Oct 07, 2006 at 07:28 AM // 07:28..

Oct 07, 2006, 07:14 AM // 07:14	#14
Gaile Gray ArenaNet Join Date: Feb 2005	You make excellent points about greater security, and I will definitely be passing those along. But doesn't everyone mouseover and really look carefully at the URL of the link, or right click and check "Properties" to be sure it is going where they assume it's going? If I see an "eBay" link that goes to http://www.ebay.somethingsfishyandyoushouldbecareful.com I know it's not exactly legit. However, I'm squeamish about this whole thing, and I don't have a copy of the email. Could someone post the exact link to which that email leads? If we post that, then everyone can check the linkand only click after they are satisfied it's the right one. Better still, I will suggest that in the future we have people insert the link themselves -- follow instructions, as you say, rather than click a link. The problem is, people may not do so because it takes more effort on their part, or they forget, or they're busy, or whatever. However, the greater security will be worth us offering the option in that way. Frankly, I'm a lot more comfortable with an active sign-up on our website. I will definitely pass along your security concerns and your suggestions for handling this better in the future. In fact, I'm writing an email right now. __________________ Gaile Gray Support Liaison ArenaNet Last edited by Gaile Gray; Oct 07, 2006 at 07:36 AM // 07:36..

Oct 07, 2006, 07:18 AM // 07:18	#15
G.S. Lion's Arch Merchant Join Date: Jul 2005 Guild: [CroM] Profession: R/	The link looks like this: h.ttp://listserv.plaync.com/c?id=3184334A&u=http://www.guildwars.com/support/newsletter/confirm_en_add.php?email=myemailedited@alsoedit ed.com I had to add a "." in http because guru shows it as a "clickable" link otherwise. And, I did the same thing as Sjeng. I should be more careful next time, and I'm reliefed it's legitimate. Thanks for reacting so fast, Gaile Last edited by G.S.; Oct 07, 2006 at 07:22 AM // 07:22..

Oct 07, 2006, 02:36 AM // 02:36	#3
strcpy Desert Nomad Join Date: Jul 2005 Guild: One of Many [ONE]	I have not. However I would guess it is a phishing scheme. Mainly I do not remember needing to do anything outside of the game engine so I do not know what good going to plaync or guildwars.com would do.

Oct 07, 2006, 02:46 AM // 02:46	#4
Sooty Lion's Arch Merchant Join Date: Jul 2005 Location: Australia Guild: Giggity Giggity Goo	Yeah I strongly suspected it would be, what is concerning is where they could have gotten the address from as i've never given it out anywhere. Anyways, if any of you get this email, be careful!

Oct 07, 2006, 03:16 AM // 03:16	#5
dansamy Chasing Dragons Join Date: May 2005 Location: Lost in La-La Land Guild: LFGuild Profession: Mo/Me	Phish. I get them all the time. I delete them since Anet apparently isn't concerned about them. Paypal aggressively shuts down phishers, but NCSoft has always blown me off when I have reported these emails.

Oct 07, 2006, 04:18 AM // 04:18	#7
Sooty Lion's Arch Merchant Join Date: Jul 2005 Location: Australia Guild: Giggity Giggity Goo	ahhh, well that's a relief, thanks for letting us know Gaile

Oct 07, 2006, 04:45 AM // 04:45	#8
SirErnieMacGloop Frost Gate Guardian Join Date: Sep 2005 Location: Area 52	It is never a good idea to follow links in an email regardless of the knowledge it may be legitimate, it may not be also. Always go to the site by opening the browser yourself and going to the site, don't use the link in your email.

Oct 07, 2006, 04:51 AM // 04:51	#9
mrgoat Frost Gate Guardian Join Date: Jul 2006	Never, ever, ever, under any circumstances, use the link in an email to get the page you're supposedly supposed to update. EVER. Seriously, never. There is no, absolutely no, not even one possible case where a company needs to email you the link to the place you should go to change anything. If any company ever does this, stop doing business with them. (Or, at least, never click the links and enter sensitive information) Anet: Stop sending that kind of thing. Instead of sending a link, send instructions. (And follow it up with non-retarded website design. This shouldn't be hard, since your website is already decidedly non-retarded.) Seriously, there's too many hacks, javascript, cross site scripting attacks, etc. to ever make links in email reliable, as the email sytem stands. It is not good enough to rely on users to read the link location in the lower status bar of the browser. Most don't, and they get phished that way. All it takes is one innocently misclicked link to <a href="My hacker site here">http://www.guildwars.com</a> with a fake guildwars.com site backing it to trick someone into revealing account details. Keep in mind when hovering, some browsers let javascript override what should be displayed in that little bar at the bottom. It's dumb, but they're still out there. I'm just saying, anet, don't send links like that in email, as that leads people to fall prey to phishing. Anyone with a SMTP server can spoof from: headers, hostnames, etc. and there's no authentication on it. (If you need proof, I ahem know a guy who can send you email "from the president" Anyone who can send email can send phishing-styled messages. Sorry if I sound out-of-sorts, but part of my job duties involve security, and I just overall personally hate to see poor security concepts in action, and hate more, to see people fall prey to the easy tricks. Until there is a strong public key infrastructure for email, with a chain of trust you can .... trust, links in email should be considered potentially tainted. Know What You Are Clicking, and if you're a company sending emails, do this kind of thing right.

Oct 07, 2006, 05:54 AM // 05:54	#10
Xenex Xclame Desert Nomad Join Date: Mar 2006 Guild: DPX Profession: R/	mr goat did you get this email yourself? Your making it seem as if Anets email is so un-profesional.Yes yes your points is valid , your just going overboard.I Did click the link after some hesitation adn checking and guess what, i didnt have to enter any details like you said....They just knew it was me.

Oct 07, 2006, 06:51 AM // 06:51	#12
daraaksii Desert Nomad Join Date: Oct 2005	I've recieved this too

Oct 07, 2006, 06:52 AM // 06:52	#13
Sjeng Desert Nomad Join Date: Aug 2005 Location: in my GH Guild: Limburgse Jagers [LJ] Profession: W/	I agree with mrgoat. Anet should handle this better. I just received the mail as well, read it, thought: "hey, cool a GW newsletter", and clicked it. Then I went to GWGuru, saw this thread, and my heart skipped a beat at the first posts... I'll be more carefull in the future now, and hope Anet will too.

Oct 07, 2006, 07:31 AM // 07:31	#16
Gaile Gray ArenaNet Join Date: Feb 2005	Thank you. I've amended my post above to point out that the link should be ht tp://listserv.plaync.com/ (without the space between ht and tp and with a string of characters after the .com/ ) It seems to me that phishing would not succeed with that much verified, because the slash breaks at the end of the plaync.com and therefore someone would be on the legitimate site at that point. __________________ Gaile Gray Support Liaison ArenaNet

Oct 07, 2006, 08:17 AM // 08:17	#17
the_jos Forge Runner Join Date: Jun 2006 Guild: Hard Mode Legion [HML] Profession: N/	When I read this messages, I am happy that at least some people know how to check the links in their e-mail. But, as stated above, e-mail with URL's is not really safe. For future e-mails (I don't mind getting them) you could better send an e-mail pointing to the website (no url, just goto our website, and the buttons to click) and explicitly state that ANet and other parties involved will never, ever, ever ask for login-names and passwords to guildwars accounts (or other privacy related stuff). And, thanks Gaile for the quick reply.

Oct 07, 2006, 11:36 AM // 11:36	#20
Hockster Banned Join Date: Jul 2005	I'd like to know why we have to create a PlayNC account in order to change our game passwords. Especially considering PlayNC's complete lack of security. We can no longer use numbers or special characters. Even though PlayNC doesn't appear to give a damn about my account, I sure do.