Closed Thread
Results 1 to 10 of 10

Thread: phising e-mail from "noreply@trionworlds.com"

  1. #1
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    116

    Default phising e-mail from "noreply@trionworlds.com"

    I got an e-mail today in my hotmail account claiming to be from "noreply@trionworlds.com".

    According to hotmail the e-mail address was on my approved list of contacts and an authentic e-mail. the rest of the e-mail did look exactly like an e-mail from trion, including the background pictures and colour schemes and for once with these scams there wasn't any spelling mistakes. The only obvious thing clearly making it a scam me was it asked me to login to my account to verify my username and password with a non-trion web address.

    Anwyas what surprised me is that the e-mail wasn't from trion but hotmail said it was and said it was on my approved list of contacts. i get this kind of thing for wow all the time and they are always filtered straight into the junk mail

    Just thought i'd post this here in case anbody else gets something similar, so they know to ignore it.


    The good news for trion is that the only other game that i've ever got this kind of e-mail for was wow. So clearly the hackers/scammers think theres a lot more potential for money in this game than anything else released in the last few years.

  2. #2
    Rift Disciple Velkore's Avatar
    Join Date
    Oct 2010
    Location
    California, US
    Posts
    147

    Default

    This runs along the same line of "Company X will never ask you for your account or password"

    Hopefully everyone knows this. That's why we have coin lock.

  3. #3
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    116

    Default

    To rephrase that every type of scam like this i've recieved for the last decade has been automatically detected and dismissed or so obvious its not worth mentioning.

    This one hasn't, its different and probably for the next few days/weeks its going to slip through any automatic filters you have until thats fixed and as a result your PC is going to claim that its the real thing and it can be trusted.

    To make it ckear it is not the e-mail telling you this it is your antivirus/anti-malware/spyware software telling you this because it adds itself to your list of contacts and is recognised as a friend.

    All im saying is theres a new scam in town thats a bit different from the old ones so look out for it.

  4. #4
    Plane Walker
    Join Date
    Dec 2010
    Posts
    493

    Default

    It is called a spoof. It is crazy easy to spoof an email to make it look like it came from someone else.
    Looking for a mature, casual guild focused on having fun?
    Ravens of Memory
    Guardians on Shatterbone

  5. #5
    Plane Walker Odnoc's Avatar
    Join Date
    Feb 2011
    Posts
    453

    Default

    Quote Originally Posted by Drenai View Post
    It is called a spoof. It is crazy easy to spoof an email to make it look like it came from someone else.
    This... Takes 3 minutes once the find an open port 25, 465, 587...
    Last edited by Odnoc; 04-14-2011 at 10:00 PM.

  6. #6
    Prophet of Telara moirae's Avatar
    Join Date
    Aug 2010
    Location
    Louisiana
    Posts
    1,040

    Default

    Yeah, I've gotten two in the last week. They're now blocked. I asked Trion how to report these emails and they told me to send it to the same email that I asked the question with in the first place and they'll try to trace it.

    I think we should just take the warning labels off of everything and let evolution do it's work. Weed out the stupid people.

  7. #7
    Prophet of Telara moirae's Avatar
    Join Date
    Aug 2010
    Location
    Louisiana
    Posts
    1,040

    Default

    The problem is that I sent it via the form on the website, so how am I supposed to do that when I'm using a hotmail account?

    Devs?
    Last edited by moirae; 04-25-2011 at 08:33 AM.

    I think we should just take the warning labels off of everything and let evolution do it's work. Weed out the stupid people.

  8. #8
    Rift Disciple Gnume's Avatar
    Join Date
    Jan 2011
    Posts
    178

    Default

    Quote Originally Posted by Crazybull View Post
    I got an e-mail today in my hotmail account claiming to be from "noreply@trionworlds.com".

    According to hotmail the e-mail address was on my approved list of contacts and an authentic e-mail. the rest of the e-mail did look exactly like an e-mail from trion, including the background pictures and colour schemes and for once with these scams there wasn't any spelling mistakes. The only obvious thing clearly making it a scam me was it asked me to login to my account to verify my username and password with a non-trion web address.

    Anwyas what surprised me is that the e-mail wasn't from trion but hotmail said it was and said it was on my approved list of contacts. i get this kind of thing for wow all the time and they are always filtered straight into the junk mail

    Just thought i'd post this here in case anbody else gets something similar, so they know to ignore it.


    The good news for trion is that the only other game that i've ever got this kind of e-mail for was wow. So clearly the hackers/scammers think theres a lot more potential for money in this game than anything else released in the last few years.
    For added security, you should view all emails first as Plain Text and also view the email Header. You can quickly spot the spoofed emails addresses that way. If you view emails as Rich Text or HTML you will not be able to spot the error and leave yourself vulnerable.
    Gnume, Dwarven Mage


  9. #9
    Shadowlander Diegodude's Avatar
    Join Date
    Feb 2011
    Location
    San Diego, CA
    Posts
    46

    Default

    1) For the love of god, quit using hotmail. Their spam detection is terrible. Use Gmail instead.

    2) Learn to view the headers of emails. Anybody can spoof the "from" in an email, i.e. I can send you an email from bobama@whitehouse.gov if I wanted to. If you view the header email though, you can see the actual account the email was sent from, as well as the delivery path (which SMTP servers the email traversed to get to your inbox) so you can clearly see if it was from Trion's servers or not.
    Dora - 50 Eth Rogue
    Gartan - 50 Bahmi Cleric
    Dog - 23 Eth Warrior
    Shadefallen(US)

  10. #10
    Shadowlander Diegodude's Avatar
    Join Date
    Feb 2011
    Location
    San Diego, CA
    Posts
    46

    Default

    Quote Originally Posted by Diegodude View Post
    1) For the love of god, quit using hotmail. Their spam detection is terrible. Use Gmail instead.

    2) Learn to view the headers of emails. Anybody can spoof the "from" in an email, i.e. I can send you an email from bobama@whitehouse.gov if I wanted to. If you view the header email though, you can see the actual account the email was sent from, as well as the delivery path (which SMTP servers the email traversed to get to your inbox) so you can clearly see if it was from Trion's servers or not.

    Here's a sample of an email header from a spammer that I plucked out of my gmail spam folder (apparently they still think I play WoW... lol)

    Delivered-To: xxxxxxxx@gmail.com
    Received: by 10.231.174.84 with SMTP id s20cs56955ibz;
    Sat, 23 Apr 2011 14:38:27 -0700 (PDT)
    Received: by 10.142.218.8 with SMTP id q8mr1577017wfg.118.1303594707155;
    Sat, 23 Apr 2011 14:38:27 -0700 (PDT)
    Return-Path: <noreply@battle.net>
    Received: from battle.net ([125.130.219.178])
    by mx.google.com with ESMTP id k6si10093957wfn.84.2011.04.23.14.38.25;
    Sat, 23 Apr 2011 14:38:27 -0700 (PDT)
    Received-SPF: fail (google.com: domain of noreply@battle.net does not designate 125.130.219.178 as permitted sender) client-ip=125.130.219.178;
    Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of noreply@battle.net does not designate 125.130.219.178 as permitted sender) smtp.mail=noreply@battle.net
    Message-Id: <4db346d3.06858f0a.7239.6b81SMTPIN_ADDED@mx.google .com>
    From: "Blizzard Entertainment" <noreply@battle.net>
    Subject: Battle.net Account - Password Recovery
    To: xxxxxxxxx@gmail.com
    Content-Type: text/html;charset="GB2312"
    Date: Sun, 24 Apr 2011 05:38:25 +0800
    X-Priority: 3
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    This part here:

    Received: from battle.net ([125.130.219.178])
    Says the email server that sent the email identified itself as battle.net at IP address 125.130.219.178... but hold on! Look at this:

    Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of noreply@battle.net does not designate 125.130.219.178 as permitted sender) smtp.mail=noreply@battle.net[/code]
    Hey, Google says that the IP address 125.130.219.178 is NOT battle.net according to battle.net's MX record. So it dropped it in my spam folder and put a nice big red warning on the email saying that the email is not from who it says it is. Seriously, ditch hotmail, their spam filtering is crappy and you'll end up getting phished. Use gmail, it's waaaaay better at detecting garbage like this
    Dora - 50 Eth Rogue
    Gartan - 50 Bahmi Cleric
    Dog - 23 Eth Warrior
    Shadefallen(US)

Closed Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts