Thread Tools Display Modes
12-31-09, 02:54 AM   #21
swaldman
Guest
Posts: n/a
Originally Posted by Dolby View Post

Since you are long time members its possible when we were compromised a few years ago (we posted news about it when it happened) that they got away with some email addresses. That was on our old server and I do not have the logs for that.
Ah, this seems quite plausible.

For me at least it's not a problem - I've only had one message, it's hardly a flood - I just raised it in case it indicated a problem. If it's a remenant of a problem of years ago, no need to worry about it!
  Reply With Quote
01-15-10, 07:12 PM   #22
frenchie
A Kobold Labourer
AddOn Author - Click to view addons
Join Date: May 2008
Posts: 1
I've also just received a phishing email to an address that I use exclusively for wowinterface. It wasn't sent to a catchall, but to the specific address and it's not something that would be easily guessable. (I can forward the email on request if you need it Dolby).

I've been a member here since May 2008 and my email address has never been public.

I'm not worried that that particular email address has found it's way onto a phishing list - it's easily changed - however as someone who's worked in the computer industry for some 25 years with plenty of server admin experience, I'd say that there had almost certainly been some sort of leak of data from this site, given the other reports already in this thread.

I'd also suggest that it probably happened fairly recently as I can't see someone hacking the site and then sitting on the email addresses for a year or two before trying to use them.

This is not about blame, but if there is a possibility of a leak from here then it might be worth warning the entire membership as the email is one of the better phishing attempts I've seen and could catch out the unwary.

The particular phising site in the email I received was www . wor1dofwercraft . com (spaced out so it's not clickable from here, registered by some bod in China), I have reported the site to the apparent hosters vpls.net
  Reply With Quote
01-15-10, 09:03 PM   #23
Frigidman
A Kobold Labourer
Join Date: Oct 2007
Posts: 1
Just adding a "Me too" as well. Same deal, I create new aliases for various things I sign up with, and the email I use here is unique to this site. I got a phishing email just like the ones noted before. Came with a return address of some guy from hotmail.com.

I sent the mess over to blizzard for them to have fun with.

I am going to be changing my alias I have for this website. If I get another email to the new alias, then you guys are compromised again.
  Reply With Quote
01-16-10, 01:44 AM   #24
Gemini_II
A Molten Giant
 
Gemini_II's Avatar
AddOn Author - Click to view addons
Join Date: May 2006
Posts: 762
Hey Dolby and all,

In the past couple weeks I've received two well-crafted phishing scams in my Gmail spam box. I don't have the emails anymore since I reported them to Gmail and deleted them but they were as described above. Thought I would mention I got something. I use my address for multiple sites, and been a long-time member though, so who knows.
Hope everything works out.
__________________
Retired prior to 3.2, before all challenge was removed.


Last edited by Gemini_II : 01-16-10 at 01:48 AM. Reason: clean up my crap grammer O.o
  Reply With Quote
01-16-10, 03:39 PM   #25
Sepioth
A Molten Giant
AddOn Author - Click to view addons
Join Date: Apr 2005
Posts: 894
Nothing to do with compromise but thought I would chime in and say I have received 2 emails in the same day phishing for account info.

They both looked legit as they are exact copies of the one I recieved when I was actually hacked a while back.

Greetings!
This is an automated notification regarding the recent change(s) made to your World of Warcraft account.
Your password has recently been modified through the Password Recovery website.

*** If you made this password change, please disregard this notification.
However, if you did NOT make changes to your password, we recommend you Login verify your password:
http://www.worldofwarcraft.com
If you are unable to successfully verify your password using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at [email protected].

Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account.
In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment
Both where the same just spaced out differently.

The links for http://www.worldofwarcraft.com though did not go to where they looked like they would go.

One went to http : // worldofwarcraft - blizzard - service . com/ (spaced out to prevent clicking)
the other http : // www .worldofwarcioft . com/ (notice the clever mispelling of warcraft) (spaced out to prevent clicking)

Both have been reported as phishing sites as Firefox warns of this as well as Safari on my iPhone. Now Comcast is auto directing me to their own search page for the first website.

The first thing I did when I saw these was log into my account. I then reported them to Blizzard.

A word of advice to anyone. NEVER click a link in an email like this until you verify it. I use Thunderbird and mousing over the links shows their correct path in the bottom left of the window.

Here is a pick of the first site when you visit it.
Attached Thumbnails
Click image for larger version

Name:	IMG_0295.PNG
Views:	572
Size:	241.7 KB
ID:	3850  
  Reply With Quote
01-17-10, 02:55 AM   #26
Phanx
Cat.
 
Phanx's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2006
Posts: 5,617
Blizzard has been warning users not to click on links in emails that ask for personal information (such as your username or password) for years, as have thousands of other companies, security experts, and individuals. Sadly, too many people ignore all of their warnings, and then are surprised when confronted by evidence of the very real problem, or devastated when their WoW (or any other) account is stolen.

My aunt is a perfect example of this. She doesn't run anti-virus or anti-malware software. She doesn't run a firewall. She clicks on every banner ad and popup she sese. She downloads anything she's offered. She clicks on any link that promises free stuff. She enter her personal information on any site that claims to be running a drawing for free stuff. She buys and installs anything they sees adverstied on TV or at a store. She never updates anything that doesn't silently update itself in the background. After the first time and realizing the scope of the problem, I started charging her by the hour to clean up her computer every few months. After I moved to a different state, I wasn't in the least bit surprised to hear that she'd been the victim of identity theft. If she played WoW, she'd have had her account information keylogged and sent to 25 different parties simultaneously.

That said, you should always forward those emails to Blizzard's hacks and piracy team at [email protected]. I generally report them to PhishTank.com as well, which maintains an open database of known phishing sites that's used by a number of browsers.

You should also be very suspicious of any email from any source that asks you to log into your account, but doesn't address you by name.

Finally, if you're going to log into a secure site, you should always type the URL yourself, or access it from a trusted bookmark, rather than clicking on a link in an email or on a website, even if you think the email/website is legit.

Also, as to the original issue, I have several email addresses set up on my personal domain that I've never used on any website, and they still get spam, so I don't think it's a failing on WoWI's part.
  Reply With Quote
01-17-10, 04:24 AM   #27
swaldman
Guest
Posts: n/a
Originally Posted by Phanx View Post
Also, as to the original issue, I have several email addresses set up on my personal domain that I've never used on any website, and they still get spam, so I don't think it's a failing on WoWI's part.
But what I, and a number of other people, have explained, is that the email addresses that we refer to have only ever got spam to do with WoW, while our other email addresses don't get spam to do with WoW. This would be... something of a coincidence, if the addresses had not been obtained from somewhere. Having said this, I've still only had the one message (at least, one that has made it past gmail's filtering).
  Reply With Quote
01-17-10, 03:04 PM   #28
Phanx
Cat.
 
Phanx's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2006
Posts: 5,617
If your email address contains the letters "wow" in consecutive order, as is the case if it contains the term "wowinterface," then it's not even remotely surprising that it gets WoW-related spam.
  Reply With Quote
01-17-10, 05:09 PM   #29
swaldman
Guest
Posts: n/a
Originally Posted by Phanx View Post
If your email address contains the letters "wow" in consecutive order, as is the case if it contains the term "wowinterface," then it's not even remotely surprising that it gets WoW-related spam.
Fair point :-)
  Reply With Quote
01-18-10, 12:52 PM   #30
TNCohiba
A Kobold Labourer
Join Date: Jun 2007
Posts: 1
I'd like to ditto, same as others, I use a unique email for websites and the wowinterface one has started getting the phishing ones. I've been a longtime member so it could easily have been before, it doesn't bother me personally. A lot of the email addresses go bad after a while, just wnated to make sure that you don't blame the messengers.

Peace.
  Reply With Quote
01-19-10, 09:24 PM   #31
Puck
A Deviate Faerie Dragon
 
Puck's Avatar
Join Date: Jul 2007
Posts: 13
Well, I thought it was my ex's new little internet boyfriend trying to steal my account, but I'm getting the exact same thing, 2-3 times a day now, as the rest. I do use 1 email address for most things, and have an authenticator, so I'm not worried (as much, there have been *rumors* that authenticators can still be hacked and someone even showed *proof* it could be/has been done). One thing that is fun to do, log onto those sites from a secure source (smart phone, Linux box, etc) and type in the replyto email address then some nice swear words, or use the presidents email address (president @ whitehouse . gov) and see what the secret service decides to do about the spam email HE gets!! Obviously you don't want to put your own info in there, but it's fun to put fake email addresses in there or just lots and lots of swear words. Due to possible virus', Trojans and the like, I wouldn't use a computer you were concerned about being infected. (Hence the Linux, MacOS, Smart Phone idea)

I've reported mine to [email protected] as well as reporting them as phishing to gmail. (notice most of us use gmail that are replying to this!?) It should also be noted, there's nothing anywhere related to "wow" "games" or anything else that shows it's for WoW or anything WoW related. (Some people said they have xxxx-wowinterface at whatever dot com, showing it's a wow-related email address). Ok, I'll shut up now.
  Reply With Quote
01-20-10, 04:50 AM   #32
nightcracker
A Molten Giant
 
nightcracker's Avatar
AddOn Author - Click to view addons
Join Date: Sep 2009
Posts: 716
The sad part is, it's not that hard to recreate the page of the world of warcraft login(every html and css file on the internet is open-source and nothing you can do about it), just changing the direction where the info should go. Then you create a PHP script(or any other language) who receives the information and puts it in a database. Just like the form does I'm typing this message in.

In fact, it aint even hard to get a page "secure", just go to a company distributing those "secure" signatures while having a normal page on your site, after you got the certificate you change the website and voilá, you got yourself a "secure" https page.

The lesson we learn from this:
Always look at the URL before typing in sensitive information. If the page is "secure", that only means OTHER people but the webserver can't see what you communicate with the server. If the webserver you're connecting with ain't OK, then you still aren't secure.
__________________
Three things are certain,
Death, taxes and site not found,
You, victim of one.
  Reply With Quote
01-20-10, 05:41 AM   #33
Mincetee
A Kobold Labourer
Join Date: Oct 2008
Posts: 1
To my knowledge my email isn't public - I've had a look in options but can't find anything that seems to be there for showing/hiding email address.

I also use an email address specific to WoWInterface and have received 18 phishing emails, all from January this year.

If my email address is visible to anyone, how do you change it in vBulletin? I just couldn't see an option about it anywhere...
  Reply With Quote
01-21-10, 06:05 AM   #34
Phanx
Cat.
 
Phanx's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2006
Posts: 5,617
There isn't an option; WoWI just doesn't show your email address. There may have been an option in the past (and many other forums still do have that option) but it isn't there now.
  Reply With Quote
01-21-10, 02:38 PM   #35
Cralor
Mmm... cookies!!!
 
Cralor's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 772
One way to also help: www.mywot.com (Web of Trust).

Puts a mark next to links if they are Green (safe), Yellow (warning), Red (stay clear).

Here's an example: (the link is written as www.worldofwarcraft.com, but if you click it, it sends you to www.worldofwarcraft-*******.com)
Attached Thumbnails
Click image for larger version

Name:	Capture.PNG
Views:	496
Size:	16.1 KB
ID:	3874  
__________________
Never be satisfied with satisfactory.
  Reply With Quote
01-22-10, 08:17 AM   #36
Shurnjo
A Kobold Labourer
Join Date: Jul 2006
Posts: 1
same with me, today i've got this phishing mail to [email protected] - i have only used it to register to this site because i wanted to see a forum post for which a valid username was required.

i have never changed my settings and i only logged in once (after registration).. today it's my 2nd time.

mail header:
Code:
Return-Path: <MAILER-DAEMON@doca>
Received: from murder ([unix socket])
	 by doca (Cyrus v2.2.13-Debian-2.2.13-10+etch4) with LMTPA;
	 Fri, 22 Jan 2010 14:16:27 +0100
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1])
	by doca.xxxx.com (Postfix) with ESMTP id 0313923B3E7
	for <[email protected]>; Fri, 22 Jan 2010 14:16:27 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at doca.xxxx.com
X-Spam-Score: 0.102
X-Spam-Level: 
X-Spam-Status: No, score=0.102 tagged_above=-5 required=3.31
	tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from doca.xxxx.com ([127.0.0.1])
	by localhost (doca.xxxx.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id HszeL2kCU2zd for <[email protected]>;
	Fri, 22 Jan 2010 14:16:26 +0100 (CET)
Received: from blizzard.com (unknown [58.22.162.19])
	by doca.xxxx.com (Postfix) with ESMTP id D950123A496
	for <[email protected]>; Fri, 22 Jan 2010 14:15:56 +0100 (CET)
Received: from WorldClient by blizzard.com (MDaemon PRO v10.1.1)
	with ESMTP id pd50000000005.msg
	for <[email protected]>; Fri, 22 Jan 2010 18:43:51 +0800
X-Spam-Processed: blizzard.com, Fri, 22 Jan 2010 18:43:51 +0800
	(not processed: spam filter already applied to initial list submission)
X-Authenticated-Sender: [email protected]
X-Envelope-From: [email protected]
X-MDaemon-Deliver-To: [email protected]
X-MDMailing-List: [email protected]
Precedence: bulk
Sender: [email protected]
Date: Fri, 22 Jan 2010 18:34:30 +0800
From: "Blizzard Entertainment" <[email protected]>
To: <[email protected]>
Subject: Battle.net Account - Password Change Notice
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0122_1034_30_PART-BREAK"
Message-ID: <[email protected]>
X-Mailer: WorldClient 10.1.2
__________________
Shurnjo <Virtue> - lvl 60 Dwarf Hunter @ Kil'Jaeden-EU
  Reply With Quote
01-23-10, 03:53 PM   #37
modrogon
A Defias Bandit
Join Date: Feb 2007
Posts: 2
Also got one for the very first time on 1/22. Have a a custom email ****[email protected]. This email address is only used here and never get spammed until now.
  Reply With Quote
01-25-10, 11:19 AM   #38
dorbak
A Kobold Labourer
Join Date: Oct 2008
Posts: 1
I've been getting a slew of emails to my wowinterface specific address. I just happened to be looking at my spam folder for some yuks when I noticed the "Account Warnings" every other day since 12/30/09.

As others have mentioned, I have an email set aside specifically to this site, so I find it strange that my non-WI emails have not been getting phished.

Good luck finding it!

Cheers
  Reply With Quote
02-05-10, 01:47 PM   #39
Cosmic Cleric
A Deviate Faerie Dragon
 
Cosmic Cleric's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2005
Posts: 15
Exclamation I also received phish email via my wowinterface.com email address

I as well have received a phishing email to my wowinterface_com@MYDOMAINNAME email address, which is not known by anybody else except for this web site.

Here's the link in Blizzard's Customer Service forum where I report the problem to Blizzard...

http://forums.worldofwarcraft.com/th...504016&sid=1#0

And in case the link no longer works, what I posted there...
Hello. A phishing email was sent to my wowinterface.com email address. I tried mailing this to [email protected], but Verizon thinks I'm trying to send out spam and won't let me email it to you.

So here you go, the text message first, then its source. For the source, I've hidden my domain name portion of the email address by changing the domain name with "-DOMAINNAMEHIDDENBYME-" ...

Greetings

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.
In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:
[link removed]

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,


Account Administration
Blizzard Entertainment
From - Fri Feb 05 10:28:51 2010
X-Account-Key: account1
X-UIDL: 3587-1242743809
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <[email protected]>
Received: from smtp.easydns.com ([unknown] [64.68.200.52])
by vms172051.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
with ESMTP id <[email protected]> for
-DOMAINNAMEHIDDENBYME-; Thu, 04 Feb 2010 17:43:20 -0600 (CST)
Received: from blu0-omc3-s16.blu0.hotmail.com
(blu0-omc3-s16.blu0.hotmail.com [65.55.116.91]) by smtp.easydns.com (Postfix)
with ESMTP id 79AE99740D for <wowinterface_com@-DOMAINNAMEHIDDENBYME->; Thu,
04 Feb 2010 18:43:19 -0500 (EST)
Received: from BLU0-SMTP79 ([65.55.116.73]) by blu0-omc3-s16.blu0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.3959); Thu, 04 Feb 2010 15:38:18 -0800
Received: from ysikawxzf ([209.139.208.224]) by BLU0-SMTP79.blu0.hotmail.com
over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Thu,
04 Feb 2010 15:38:17 -0800
Date: Fri, 05 Feb 2010 07:41:22 +0800
From: "[email protected]" <[email protected]>
Subject: World of Warcraft Account Management
X-Originating-IP: [64.68.200.52]
X-Originating-IP: [209.139.208.224]
To: <wowinterface_com@-DOMAINNAMEHIDDENBYME->
Message-id: <[email protected]>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: base64
X-Priority: 3
X-MSMail-priority: Normal
Received-SPF: pass (forward2: domain of [email protected] designates
65.55.116.91 as permitted sender)
X-Greylist: Passed host: 65.55.116.91
X-Originating-Email: [[email protected]]
Original-recipient: rfc822;wowinterface_com@-DOMAINNAMEHIDDENBYME-
X-OriginalArrivalTime: 04 Feb 2010 23:38:17.0401 (UTC)
FILETIME=[207A6A90:01CAA5F3]

R3JlZXRpbmdzDQoNCkFuIGludmVzdGlnYXRpb24gb2YgeW91ciBXb3JsZCBvZiBXYXJjcmFmdCBh
Y2NvdW50IGhhcyBmb3VuZCBzdHJvbmcgZXZpZGVuY2UgdGhhdCB0aGUgYWNjb3VudCBpbiBxdWVz
dGlvbiBpcyBiZWluZyAgc29sZCBvciB0cmFkZWQuIEFzIHlvdSBtYXkgbm90IGJlIGF3YXJlIG9m
LCB0aGlzIGNvbmZsaWN0cyB3aXRoIEJsaXp6YXJkJ3MgRVVMQSB1bmRlciBzZWN0aW9uIDQgUGFy
YWdyYXBoIEIgd2hpY2ggIGNhbiBiZSBmb3VuZCBoZXJlOiANCldvVyAtPiBMZWdhbCAtPiBFbmQg
VXNlciBMaWNlbnNlIEFncmVlbWVudCANCmFuZCBTZWN0aW9uIDggb2YgdGhlIFRlcm1zIG9mIFVz
ZSBmb3VuZCBoZXJlOiANCldvVyAtPiBMZWdhbCAtPiBUZXJtcyBvZiBVc2UgDQoNClRoZSBpbnZl
c3RpZ2F0aW9uIHdpbGwgYmUgY29udGludWVkIGJ5IEJsaXp6YXJkIGFkbWluaXN0cmF0aW9uIHRv
IGRldGVybWluZSB0aGUgYWN0aW9uIHRvIGJlIHRha2VuIGFnYWluc3QgeW91ciAgYWNjb3VudC4g
SWYgeW91ciBhY2NvdW50IGlzIGZvdW5kIHZpb2xhdGluZyB0aGUgRVVMQSBhbmQgVGVybXMgb2Yg
VXNlLCB5b3VyIGFjY291bnQgY2FuLCBhbmQgd2lsbCBiZSAgc3VzcGVuZGVkL2Nsb3NlZC9vciB0
ZXJtaW5hdGVkLiANCkluIG9yZGVyIHRvIGtlZXAgdGhpcyBmcm9tIG9jY3VycmluZywgeW91IHNo
b3VsZCBpbW1lZGlhdGVseSB2ZXJpZnkgdGhhdCB5b3UgYXJlIHRoZSBvcmlnaW5hbCBvd25lciBv
ZiB0aGUgYWNjb3VudC4gDQoNClRvIHZlcmlmeSB5b3VyIGlkZW50aXR5IHBsZWFzZSB2aXNpdCB0
aGUgZm9sbG93aW5nIHdlYnBhZ2U6IA0KIGh0dHA6Ly93b3JsZG9md2FyY3JhZnQtYWNjb3VudC1j
aGVja3dhcm5pbmcuY29tL2FjY291bnQvc3VwcG9ydC9sb2dpbi1zdXBwb3J0Lmh0bQ0KDQpPbmx5
IEFjY291bnQgQWRtaW5pc3RyYXRpb24gd2lsbCBiZSBhYmxlIHRvIGFzc2lzdCB3aXRoIGFjY291
bnQgcmV0cmlldmFsIGlzc3Vlcy4gVGhhbmsgeW91IGZvciB5b3VyIHRpbWUgYW5kICBhdHRlbnRp
b24gdG8gdGhpcyBtYXR0ZXIsIGFuZCB5b3VyIGNvbnRpbnVlZCBpbnRlcmVzdCBpbiBXb3JsZCBv
ZiBXYXJjcmFmdC4gDQoNClNpbmNlcmVseSwgDQoNCg0KQWNjb3VudCBBZG1pbmlzdHJhdGlvbiAN
CkJsaXp6YXJkIEVudGVydGFpbm1lbnQNCg==

Last edited by Shirik : 02-07-10 at 04:17 PM. Reason: remove malicious link
  Reply With Quote
02-07-10, 01:11 PM   #40
Cosmic Cleric
A Deviate Faerie Dragon
 
Cosmic Cleric's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2005
Posts: 15
Question Any new news about this issue?

Any new news about this issue?
  Reply With Quote

WoWInterface » Site Forums » Site help, bugs, suggestions/questions » WowInterface.com email database has been compromised

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off