Thread Tools Display Modes
01-20-10, 05:53 PM   #1
deke913
A Deviate Faerie Dragon
 
deke913's Avatar
AddOn Compiler - Click to view compilations
Join Date: Jun 2008
Posts: 13
a web site hacked

I was reading on their site that they had been hacked and they presumed that several email addresses were compromised.

Well I would like to confirm that this is true as I received a fake blizzard email today which was probably the most professional phishing attempt I've ever seen in my 5yrs of playing Wow.

All of the url was perfect and had no errors whatsoever from a normal blizz email!

I'm posting this for anyone who has an account with curse ..beware. Delete the email and go to the blizzard website thru your normal channels do not use the link in the email that says "click here".

The email stated that my password had been changed recently and to verify that it was me I needed to "click here" but everything else including the url was spot on perfect. Even the wording was an exact copy of the blizz support emails. Hope this helps someone.

*fyi I did not fall for it as I am well aware of how these things work and it had to be thru my curse email as I never download torrents or go to **** sites because I am a bible thumping christian. I have about 6 sites I go to daily and those are the only sites I go to, I have no kids and no one else uses this computer. Much love and peace
  Reply With Quote
01-20-10, 05:56 PM   #2
Seerah
Fishing Trainer
 
Seerah's Avatar
WoWInterface Super Mod
Featured
Join Date: Oct 2006
Posts: 10,860
wowace wasn't compromised. warcraftrealms.com was. And they've already fixed it.
__________________
"You'd be surprised how many people violate this simple principle every day of their lives and try to fit square pegs into round holes, ignoring the clear reality that Things Are As They Are." -Benjamin Hoff, The Tao of Pooh

  Reply With Quote
01-20-10, 06:04 PM   #3
deke913
A Deviate Faerie Dragon
 
deke913's Avatar
AddOn Compiler - Click to view compilations
Join Date: Jun 2008
Posts: 13
interesting ...as ive never been to wow.com and as I stated only go to about 6 sites ....ever.

No intent to dog wowace or curse (which did however register a virus on one of their ads once but I digress) I may have simply been mistaken as I read the article on wowace.

I cant imagine how anyone would have gotten my email address since I never email anyone and am somewhat antisocial when it comes to the internet.

Im registered here and at curse and at gamespot ...no where else. very curious indeed...
  Reply With Quote
01-20-10, 06:11 PM   #4
tralkar
An Onyxian Warder
 
tralkar's Avatar
Join Date: Jan 2005
Posts: 352
I had a fake email 3 days ago too it said-

When you receive this message when your World Of Warcraft Account means that there are serious security risks.
We have evidence to prove your account has been in different countries and regions, several attempts to login.
So we have to remind you to enter our web site as soon as possible http://www.************.com to account verification, otherwise, we will be lock your account.
In order to protect your interests.
  Reply With Quote
01-20-10, 06:25 PM   #5
cloudwolf
A Black Drake
AddOn Author - Click to view addons
Join Date: Mar 2008
Posts: 87
Grammar lessons not found. Please try again.
That's some seriously bad grammar and I should know I have horrid grammar.
  Reply With Quote
01-20-10, 06:33 PM   #6
zero-kill
A Firelord
 
zero-kill's Avatar
Join Date: Aug 2009
Posts: 497
My spam filter is pretty advanced. I wrote my own BS filter.
  Reply With Quote
01-20-10, 06:35 PM   #7
Sythalin
Curse staff
 
Sythalin's Avatar
AddOn Author - Click to view addons
Join Date: Aug 2006
Posts: 680
Same with me. I got two "password changed" with no link and a "someone hacked your account, supply info to verify it's yours" with the "click here".

Red Flag 1 - asked for a password
Red Flag 2 - asked for CD key
Red Flag 3 - mouseover link showed the address with a "1" replacing a letter

Just be observant guys and look for one or all of these things and you'll be fine.
  Reply With Quote
01-20-10, 06:47 PM   #8
Amethyst
A Fallenroot Satyr
 
Amethyst's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2006
Posts: 20
Yup, I got a, "You have changed your password" email and it was almost identical to the real ones .... or so I thought, the url that they gave at the bottom had one character different to the real wow website.

Sneaky.
  Reply With Quote
01-20-10, 07:43 PM   #9
Sepioth
A Molten Giant
AddOn Author - Click to view addons
Join Date: Apr 2005
Posts: 894
It appears that there is currently a major phishing scam going on with WoW right now as I have received 3 attempts in the last 6 days.

The emails look fairly legit and the links appear to "look" real but when you mouse over them the links do not go to where they appear to. Usually a letter is replaced or added in the URL.

In todays day and age it really surprises me how many people still fall for this stuff. Especially the younger crowd that is typical to MMO's.
  Reply With Quote
01-20-10, 09:32 PM   #10
Amenity
Guest
Posts: n/a
Originally Posted by zero-kill View Post
My spam filter is pretty advanced. I wrote my own BS filter.
Mine just takes any email containing the word "verify" and dumps it in my spam box. Surprisingly effective. Another one would be the word "wow" (I've yet to see Blizzard refer to World of Warcraft as "wow" in any official correspondence).

I do find myself a bit curious as to how many failed attempts this site finds in the iptables logs, though.

**EDIT** Nevermind, this place is hosted by GoDaddy. /shrug

**EDIT #2** ...and someone owns wowinterface.org. Also, wowinterface.com, wowinterface.net, and wowinterface.org (again...wtf???) are registered under three different people.

Fear not, though...wowinterface.edu is available.

If someone wants to start the School of Addons, I will administrate your site for a "modest" fee.

Last edited by Amenity : 01-20-10 at 09:47 PM.
  Reply With Quote
01-20-10, 09:41 PM   #11
Dolby
PPAP
 
Dolby's Avatar
WoWInterface Admin
Join Date: Feb 2004
Posts: 2,339
This place is not hosted by godaddy. Our domain was registered by godaddy.

http://www.dnsstuff.com/tools/ipall/...p=67.228.49.65

I'm not going to say how many servers we have but its way more than 1. Some one with a lot of time could probably figure it out. We use fail2ban otherwise we would have many more attempts than we do.

We use google apps for our mail service since fighting spam was starting to be a full time job in it self.

Last edited by Dolby : 01-20-10 at 09:46 PM.
  Reply With Quote
01-20-10, 11:32 PM   #12
Amenity
Guest
Posts: n/a
Originally Posted by Dolby View Post
This place is not hosted by godaddy. Our domain was registered by godaddy.

http://www.dnsstuff.com/tools/ipall/...p=67.228.49.65
You are, of course, correct. I should've taken a closer look at the tools I used...as inputting my own servers' information put me somewhere I've never heard of in Wisconsin (it's sitting right next to me almost 1,000 miles away) and also hosted by GoDaddy (who doesn't even handle my SSL certs, let alone my DNS). My apologies...I wasn't insulting the integrity of WoWInterface's hosting services.

And I can relate to the spam problem...mainly because people like to attempt to use my sendmail as a zombie. Sometimes it's entertaining though when I get up in the morning and have a warning email with "User blahblahblah failed to authenticate 975 times".
  Reply With Quote
01-21-10, 03:43 AM   #13
Zyonin
Coffee powered Kaldorei
 
Zyonin's Avatar
AddOn Author - Click to view addons
Join Date: May 2006
Posts: 1,443
I have noticed the sudden surge in phishing attempts. Some of them are very well crafted. Others are, to be charitable, pathetic. However in each and every case, when I mouse over the "url" and look in Firefox's Status Bar, the URLs are never an actual Blizzard URL. Then again, I also know that Blizzard will never ask for my details via email or other means.

What's even funnier is I have also gotten a number of Aion phishing emails. I have never had an Aion account so I have to laugh. Thus far, all of the Aion phishing attempts have been very poorly translated attempts.

Just be careful folks, the phishers making an all out assault on our accounts.
__________________
Twitter
  Reply With Quote
01-22-10, 09:58 PM   #14
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Can the original poster change the thread title to "warcraftrealms site hacked".

The wowace site has not been hacked.

Also if you wow login and password is the same as your wowace credentials then ....

Well I won't call anyone a moron here so I'll just say you're really silly for doing so.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
01-23-10, 01:18 AM   #15
zero-kill
A Firelord
 
zero-kill's Avatar
Join Date: Aug 2009
Posts: 497
Originally Posted by Bluspacecow View Post
Can the original poster change the thread title to "warcraftrealms site hacked".

The wowace site has not been hacked.

Also if you wow login and password is the same as your wowace credentials then ....

Well I won't call anyone a moron here so I'll just say you're really silly for doing so.
Saying the act is moronic would be more accurate.
  Reply With Quote
01-23-10, 07:56 PM   #16
tralkar
An Onyxian Warder
 
tralkar's Avatar
Join Date: Jan 2005
Posts: 352
just got another from the fake blizzard

Flag this messageWorld of Warcraft Account The Inspection Result NotificationFriday, January 22, 2010 7:28 PM
From: "[email protected]" <[email protected]>
To: t*********[email protected] <- ME
We are in the quarter a routine inspection found that your account has serious security risk so we had to send this message to inform you and ask you to note that account security and to ensure that you are not subject to the loss, we will lock your account, if you do not want us to take such action as soon as possible to verify your account login www.***war***.com

The World Of Warcraft Team.
  Reply With Quote
01-23-10, 08:24 PM   #17
W-ing
A Murloc Raider
 
W-ing's Avatar
Join Date: Jul 2009
Posts: 4
I've also had a surge of emails like this recently. Sadly for them, they were using the wrong emails (I have a separate email for WoW then anything else that I don't use at all). So that was fail on their part.

And some of the messages were pretty funny. Riddled with spelling and grammatical errors. It's odd, though. It's only just recently started. I've never been a "target" for these before recently. Just seems odd to me.
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » a web site hacked

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off