Hack Alert!

[todd3835]

Ok, not sure where to post this, but mods PLEASE put a front page post about this. I was minding my own business just farming herbs, and I get a message from a toon "Wowbizzusa" telling me I'm a lucky players. (Please note the improper english......). It's telling me to go to a site **** . Now I'm smart enough not to visit such a site, but I know some people out there would be like whoa, I better go there.... I went from my phone (haha *****es!) and it's looking for, you guessed it, username and password. I put in bogus info, and it then asks you to "confirm" your email address, and secret password info..... So please please PLEASE mods put a front page post! I've hopefully attached the screenshot......

[Katae]

Why would you repost the url?

[Xrystal]

It automatically linked it. Whenever I post a website, with the www part mind you, it auto links it. So, in hindsight maybe quickly edit out the www part so it doesn't auto link it.

[todd3835]

Originally Posted by Xrystal It automatically linked it. Whenever I post a website, with the www part mind you, it auto links it. So, in hindsight maybe quickly edit out the www part so it doesn't auto link it.

Ok, edited to make it not work if your clicky it =]

[Shirik]

Originally Posted by todd3835 Ok, edited to make it not work if your clicky it =]

No, don't post the name at all.

To others: Now would be a good time to review "how to know a Blizzard site" and "how to know a Blizzard representative."

[BlackAcid]

Do be careful when going to sites like this. Some sites (even if you post useless info) can harbor malware, spyware, and even click jacking* on the pages.
I know you were just trying to check it out, but you might want to make absolutely sure you weren't hijacked or installed anything.


* http://en.wikipedia.org/wiki/Clickjacking

[todd3835]

Originally Posted by BlackAcid Do be careful when going to sites like this. Some sites (even if you post useless info) can harbor malware, spyware, and even click jacking* on the pages. I know you were just trying to check it out, but you might want to make absolutely sure you weren't hijacked or installed anything. * http://en.wikipedia.org/wiki/Clickjacking

That's why i did it from my iphone and not my pc =]

[forty2j]

Originally Posted by todd3835 That's why i did it from my iphone and not my pc =]

Hmm.. clickjacking may be possible on the iPhone, since it attempts to render pages as they would appear on the desktop. Be careful!

If you see the dog poop sitting on the sidewalk, would you step in it to see how fresh it is? Even if you changed into boots first?

[Xrystal]

rofl, choke splutter .. what an analogy

But yeah I'm usually crafty and try to look at the source of the website before it is pulled up. I caught a potential card fraud advert that way and sent off the details to the official website it was trying to emulate. They were really good though as the only thing that shouted warning signs was the request for the 4 digit ATM pin no. No website needs that information.

Other than that they were using the official websites links and script files giving the impression that they were bona fide. The scary thing was that if I had used their company for more of my flights I may have fallen for it barring that ATM request. 'As a thanks for flying with us you are eligible for $500 blah blah' The fact that I had only flown with them once flagged up as suspicious hence the investigation.

[zero-kill]

As a final warning, don't go to websites if you have to question why you go to them. Also calling your ISP about why you got a virus on your computer is just lack of intelligence.

/rantoff

[Bluspacecow]

Another big tip I can share :

If the domain name in the url isn't some form of "battle.net" or "worldofwarcraft.com"

Do . Not. Put in your wow username and password anywhere on that site.

If it's not a sub domain of those 2 domains ... Do. Not. Want.

EG

us.battle.net is a subdomain of battle.net
us.battle.net.iwantologyourkeys.com IS NOT !!!!!

forums.worldofwarcraft.com is a subdomain of worldofwarcraft.com
login.worldofwarcraft.57.com IS NOT !!!

[Bluspacecow]

My last big tip ?

whois search.


You should only be putting in your wow username and password on sites that you know are owned by Blizzard.

How do we know if it's Blizzard owned ?

By looking it up on a whois database.

When a company registers a domain (eg battle.net) they pay a fee to a domain register company. Their details are then listed in the whois record for that website or domain.

This whois record can usually be looked up as it's public information.

The website I used for it is domaintools.com

How do I read this funny whois record thingy whatsey whosey ?

Good question !

The best way is to have a webpage open to domain you absolutely know is owned by Blizzard.

login.worldofwarcraft.com for example.

Look that up and have it open in a seperate window. Then compare the details for one you've looked up for the suspect website. The Blizzard owned domain would have an admin & technical contact in Irvine California. IP Location in California. All sorts of stuff that should match the one for the legit Blizzard website.

EU players compare your whois records with either battle.net or wow-europe.com (that last domain has an admin contact in California , IP location in France)

I've pumped every single key logger address I've ever seen through this system and it works - the key logger websites would have admin contacts and physical IP address in China or the Balkans or some other location not Blizzard's location.

If you need help I'm only a PM away

[front243]

Worst thing I've seen recently from Blizzards side was the Blizzcon Stream pet redemption email. Actually it was not Blizzards fault but the streaming company.

They send out an email with the link text "blizzcon.com" or similar site name. But the link clearly went to an ".il" (Israel) domain. I actually thought it was bogus, and Thunderbird flagged it as phishing as well. I posted a warning on the Blizzard forums but was told it was in-fact the correct email