Quote:
For me at least it's not a problem - I've only had one message, it's hardly a flood - I just raised it in case it indicated a problem. If it's a remenant of a problem of years ago, no need to worry about it! |
I've also just received a phishing email to an address that I use exclusively for wowinterface. It wasn't sent to a catchall, but to the specific address and it's not something that would be easily guessable. (I can forward the email on request if you need it Dolby).
I've been a member here since May 2008 and my email address has never been public. I'm not worried that that particular email address has found it's way onto a phishing list - it's easily changed - however as someone who's worked in the computer industry for some 25 years with plenty of server admin experience, I'd say that there had almost certainly been some sort of leak of data from this site, given the other reports already in this thread. I'd also suggest that it probably happened fairly recently as I can't see someone hacking the site and then sitting on the email addresses for a year or two before trying to use them. This is not about blame, but if there is a possibility of a leak from here then it might be worth warning the entire membership as the email is one of the better phishing attempts I've seen and could catch out the unwary. The particular phising site in the email I received was www . wor1dofwercraft . com (spaced out so it's not clickable from here, registered by some bod in China), I have reported the site to the apparent hosters vpls.net |
Just adding a "Me too" as well. Same deal, I create new aliases for various things I sign up with, and the email I use here is unique to this site. I got a phishing email just like the ones noted before. Came with a return address of some guy from hotmail.com.
I sent the mess over to blizzard for them to have fun with. I am going to be changing my alias I have for this website. If I get another email to the new alias, then you guys are compromised again. |
Hey Dolby and all,
In the past couple weeks I've received two well-crafted phishing scams in my Gmail spam box. I don't have the emails anymore since I reported them to Gmail and deleted them but they were as described above. Thought I would mention I got something. I use my address for multiple sites, and been a long-time member though, so who knows. Hope everything works out. |
1 Attachment(s)
Nothing to do with compromise but thought I would chime in and say I have received 2 emails in the same day phishing for account info.
They both looked legit as they are exact copies of the one I recieved when I was actually hacked a while back. Quote:
The links for http://www.worldofwarcraft.com though did not go to where they looked like they would go. One went to http : // worldofwarcraft - blizzard - service . com/ (spaced out to prevent clicking) the other http : // www .worldofwarcioft . com/ (notice the clever mispelling of warcraft) (spaced out to prevent clicking) Both have been reported as phishing sites as Firefox warns of this as well as Safari on my iPhone. Now Comcast is auto directing me to their own search page for the first website. The first thing I did when I saw these was log into my account. I then reported them to Blizzard. A word of advice to anyone. NEVER click a link in an email like this until you verify it. I use Thunderbird and mousing over the links shows their correct path in the bottom left of the window. Here is a pick of the first site when you visit it. |
Blizzard has been warning users not to click on links in emails that ask for personal information (such as your username or password) for years, as have thousands of other companies, security experts, and individuals. Sadly, too many people ignore all of their warnings, and then are surprised when confronted by evidence of the very real problem, or devastated when their WoW (or any other) account is stolen.
My aunt is a perfect example of this. She doesn't run anti-virus or anti-malware software. She doesn't run a firewall. She clicks on every banner ad and popup she sese. She downloads anything she's offered. She clicks on any link that promises free stuff. She enter her personal information on any site that claims to be running a drawing for free stuff. She buys and installs anything they sees adverstied on TV or at a store. She never updates anything that doesn't silently update itself in the background. After the first time and realizing the scope of the problem, I started charging her by the hour to clean up her computer every few months. After I moved to a different state, I wasn't in the least bit surprised to hear that she'd been the victim of identity theft. If she played WoW, she'd have had her account information keylogged and sent to 25 different parties simultaneously. :o That said, you should always forward those emails to Blizzard's hacks and piracy team at [email protected]. I generally report them to PhishTank.com as well, which maintains an open database of known phishing sites that's used by a number of browsers. You should also be very suspicious of any email from any source that asks you to log into your account, but doesn't address you by name. Finally, if you're going to log into a secure site, you should always type the URL yourself, or access it from a trusted bookmark, rather than clicking on a link in an email or on a website, even if you think the email/website is legit. Also, as to the original issue, I have several email addresses set up on my personal domain that I've never used on any website, and they still get spam, so I don't think it's a failing on WoWI's part. |
Quote:
|
If your email address contains the letters "wow" in consecutive order, as is the case if it contains the term "wowinterface," then it's not even remotely surprising that it gets WoW-related spam.
|
Quote:
|
I'd like to ditto, same as others, I use a unique email for websites and the wowinterface one has started getting the phishing ones. I've been a longtime member so it could easily have been before, it doesn't bother me personally. A lot of the email addresses go bad after a while, just wnated to make sure that you don't blame the messengers.
Peace. |
Well, I thought it was my ex's new little internet boyfriend trying to steal my account, but I'm getting the exact same thing, 2-3 times a day now, as the rest. I do use 1 email address for most things, and have an authenticator, so I'm not worried (as much, there have been *rumors* that authenticators can still be hacked and someone even showed *proof* it could be/has been done). One thing that is fun to do, log onto those sites from a secure source (smart phone, Linux box, etc) and type in the replyto email address then some nice swear words, or use the presidents email address (president @ whitehouse . gov) and see what the secret service decides to do about the spam email HE gets!! :cool: Obviously you don't want to put your own info in there, but it's fun to put fake email addresses in there or just lots and lots of swear words. Due to possible virus', Trojans and the like, I wouldn't use a computer you were concerned about being infected. (Hence the Linux, MacOS, Smart Phone idea)
I've reported mine to [email protected] as well as reporting them as phishing to gmail. (notice most of us use gmail that are replying to this!?) It should also be noted, there's nothing anywhere related to "wow" "games" or anything else that shows it's for WoW or anything WoW related. (Some people said they have xxxx-wowinterface at whatever dot com, showing it's a wow-related email address). Ok, I'll shut up now. |
The sad part is, it's not that hard to recreate the page of the world of warcraft login(every html and css file on the internet is open-source and nothing you can do about it), just changing the direction where the info should go. Then you create a PHP script(or any other language) who receives the information and puts it in a database. Just like the form does I'm typing this message in.
In fact, it aint even hard to get a page "secure", just go to a company distributing those "secure" signatures while having a normal page on your site, after you got the certificate you change the website and voilá, you got yourself a "secure" https page. The lesson we learn from this: Always look at the URL before typing in sensitive information. If the page is "secure", that only means OTHER people but the webserver can't see what you communicate with the server. If the webserver you're connecting with ain't OK, then you still aren't secure. |
To my knowledge my email isn't public - I've had a look in options but can't find anything that seems to be there for showing/hiding email address.
I also use an email address specific to WoWInterface and have received 18 phishing emails, all from January this year. If my email address is visible to anyone, how do you change it in vBulletin? I just couldn't see an option about it anywhere... |
There isn't an option; WoWI just doesn't show your email address. There may have been an option in the past (and many other forums still do have that option) but it isn't there now.
|
1 Attachment(s)
One way to also help: www.mywot.com (Web of Trust).
Puts a mark next to links if they are Green (safe), Yellow (warning), Red (stay clear). Here's an example: (the link is written as www.worldofwarcraft.com, but if you click it, it sends you to www.worldofwarcraft-*******.com) |
same with me, today i've got this phishing mail to [email protected] - i have only used it to register to this site because i wanted to see a forum post for which a valid username was required.
i have never changed my settings and i only logged in once (after registration).. today it's my 2nd time. mail header: Code:
Return-Path: <MAILER-DAEMON@doca> |
Also got one for the very first time on 1/22. Have a a custom email ****[email protected]. This email address is only used here and never get spammed until now.
|
I've been getting a slew of emails to my wowinterface specific address. I just happened to be looking at my spam folder for some yuks when I noticed the "Account Warnings" every other day since 12/30/09.
As others have mentioned, I have an email set aside specifically to this site, so I find it strange that my non-WI emails have not been getting phished. Good luck finding it! Cheers |
I also received phish email via my wowinterface.com email address
I as well have received a phishing email to my wowinterface_com@MYDOMAINNAME email address, which is not known by anybody else except for this web site.
Here's the link in Blizzard's Customer Service forum where I report the problem to Blizzard... http://forums.worldofwarcraft.com/th...504016&sid=1#0 And in case the link no longer works, what I posted there... Quote:
|
Any new news about this issue?
Any new news about this issue?
|
All times are GMT -6. The time now is 03:48 PM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI