Beware of Fake Trion Sites!

[Mihal]

Never trust a hyphen!

LoL sound like my GF

Yes, I have been received 2 private tells from a user Riftd. He told me to re-register on a site, called so that I can get free mount. That site is still on and it requires you to have password and account ID and secret question. Can you guys ban this guy and shut down that site. It is a scam

Never even thought that was possible. Man this means that people know this game will go far on the strength of its community. Although bad, this is a HUGE + for Rift and TRION

[Ronai]

Thank you for the heads up Abigale.

[Sumuji]

Just got that one. Their grammar is getting better at least.

[Psiryn]

*copied from my other post*

I've seen a few posts of people getting the spam emails from these hackers who are still trying. Hopefully, those of you who have gotten it will do the following.

This is the one domain I've seen so far: [EDITED FOR YOUR SAFETY]

This domain is registered through GoDaddy (user did not opt for WHOIS privacy so it's a hacker failure).
Visit http://supportcenter.godaddy.com/Abu....aspx?ci=22420 to file an Abuse Spam Report against the domain owner. Be sure to include the full header (all details) of the email.

The domain points to an A-record (a type of redirect) to the webhost Psychz Networks.
Visit: http://www.psychz.net/helpdesk/index...kets&_a=submit to submit an abuse report with them as well.

I don't know much about this webhost, but all major hosts will shut down the user after just a small handful of complaints. I know my company does after 3 complaints in one day for phishing attempts. GoDaddy will lock the domain and keep the owner from accessing the domain manager, but they will not delete the domain as that allows said hacker to register it again elsewhere.

If you get spam mail with a different URL to go to and are not sure how to trace the registrar/host, PM me and I'll look it up for you.

[Kilearcas]

Just got this email today and im 100% sure it's fake as the email address it refer's too is not mine.

Hello,

In order to complete this request, please open the verification email sent to []jamespc25@yahoo.com[]. and click the enclosed link.

Please note that once you change your email address, you will need to use the new address to log into Account Management and all Trion games.

If you did not request this change, please contact Trion Support immediately through our support center at []www.rift-account.com[].


Sincerely,
Trion Worlds

[Hakkan]

I got that and this in my mail today. Of course I did not use the link to check my account.

Hello,

Trion account password has been changed successfully.

Please remember to use your account or the game Trion world record new password.

Without this change, please contact us immediately Trion support Login:
[linkremoved] Support Center


Sincerely,
Trion Worlds

[AjaxAmsterdam]

Got the same mail

[Vyeth]

Just got the same email.. Wow, they even bypassed the spam filter and gave me the same link that gold sellers have been spamming me with for weeks now.. Go figure..

I changed my password again to something stronger just for extra fist pumps..

[dozey]

I've just made it a sticky to save your bumping.

But we like bumping it makes us feel important.

[Devast]

I just recieved this email today:

Hello,

Trion account password has been changed successfully.

Please remember to use your account or the game Trion world record new password.

Without this change, please contact us immediately Trion support Login:
[linkremoved] Support Center

Sincerely,
Trion Worlds

I couldn't even figure out the puzzle in Scarwood without help, I am definitely not going to be able to crack this "world record new password" I just got assigned.

[Anasur]

Looks like there's a new variation on an old theme:

*
Trion Account Password Changed‏

noreply@trionworlds.com
Trion Worlds Support
noreply@trionworlds.com
*


To XXXXXX@hotmail.com
From: Trion Worlds Support (noreply@trionworlds.com)
Sent: Fri 3/25/11 12:22 AM
To: XXXXXX@hotmail.com
This message looks suspicious to our SmartScreen filters.

Hello,

In order to complete this request, please open the verification email sent to [link removed] and click the enclosed link.

Please note that once you change your email address, you will need to use the new address to log into Account Management and all Trion games.

If you did not request this change, please contact Trion Support immediately through our support center at [link-removed]


Sincerely,
Trion Worlds

[Psiryn]

Above email is valid if the link you removed was http://trionworlds.custhelp.com.

That is the valid support site, it's listed in the FAQ: http://www.riftgame.com/en/game/faq.php (under PayPal info).

If its that rift*addition* link, then yes, not valid.

[xDarkMx]

For what it is worth:

How to disect a web address to verify its legitimacy

As most of you know, web page addresses (called URLs) always have the same basic make-up:

http(s)://<domain specifier>/<folders>/..../<webpage file>

The first, green part is the "protocol specifier". It's always the same string of characters. Sometimes with that 's' in there which means the data transmitted to/from that site will be encrypted. After the //, the most important part follows. It is VERY important to note that the this part runs up to the first single /, red in the example.

Extract the full domain specifier from the web url, starting from // up to the first / you encounter:

session.trionworlds.com.t.cn

Let's take this example. Once you've pulled out the domain specifier, you have to start reading from RIGHT to LEFT and look at the words separated by dots. The most right word must be your usual "com", "net", or "org". SOmetimes country codes are used: "us" "nl" etc.

It is the second word from the right that is about the single most important part of the domain specifier. This word tells the actual internet name for the website. All other words left from it point to sub sections of that website that is identified by the second word and are not relevant.

So, when looking at our sample domain section, we see that the right most word is "cn". This is the country code for China. The second word to the left, is not big. It's just a "t". Ta-da, now we have the main website:

t.cn

This, obviously does not look anything like "trionworlds.com" and thus, you can identify this URL as being fraudulous. If you didn't stop and look for a second, you could be fooled into thinking it's a Trion website as it begins with session.trionworlds.com etc etc. But, when you apply this information, you'll find out that "session.trionworlds.com" is a sub section of the site "t.cn" as shown, and thus very suspicious.

Another example:

h ttp://forums.riftgame.com/newreply.php

domain section is: forums.riftgame.com

First word: com
Second word: riftgame

Website is thus: riftgame.com

forums. is a sub section of riftgame.com

And as TRION states in-game, only trionworlds.com AND riftgame.com are legit websites. So yes, the second sample URL is legit.

Protect yourselves through knowledge =)

Also not that if you hover your mouse over the link and if there is a ref=(legitsite) at the end. It's another sign that it is a scam.

I've noticed that in every single phishing attempt for my Blizzard/WoW account I get ever single day, that the link always has a ref=https://www.blizzard.com/account/blablabla at the end.

[Atlana]

How do they get your email adress anyway? do Trion publish it or what?

[Redcap036]

Hi, I just got an email, claiming to be a password change confirmation email, from someone trying to change my details, only thing is the idiot left there email address on it, so Who can I send this to in Trion security support, I won't post the email here, but will pass a copy on to the right people, or if this is the wrong thread, then is there a thread in the forums.

It might an idea to keep a thread/list of what fake sites and emails look like, (disabled of course)

Blizzard had/has something similar in there forums to educate the players as to what to watch out for, just an idea.