BEWARE-email "guild wars 2 password reset"

#1 Edited by announakis (114 posts) -

if like me you received an email with such a title looking very legit (because apparently it is, I do not know how anet fucked up but they did), breathe and do not hit the link if you did not request it yourself...a lot of people are being hacked at the moment...

here is the link to the discussion on guru

http://www.guildwars2guru.com/topic/56227-beware-do-not-click-password-reset-email-links-from-arenanet/

#2 Posted by Brodehouse (10104 posts) -

Oldest phishing trick in the Massively Multiplayer Book.

#3 Posted by announakis (114 posts) -

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

#4 Posted by emem (1969 posts) -
@announakis said:

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

Mails like that are never from the developer, it's always a slightly different address...
#5 Posted by Barrock (3546 posts) -

I got that as well. Just figured someone just entered my email from a big list.

#6 Posted by TheCreamFilling (1227 posts) -

The developers are hacking their own game?

#7 Posted by Bucketdeth (8026 posts) -

Fuck, I almost clicked the link, thanks for the heads up man.

#8 Posted by Bucketdeth (8026 posts) -

@emem said:

@announakis said:

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

Mails like that are never from the developer, it's always a slightly different address...

Here is the email.

#9 Posted by Demoskinos (15034 posts) -

@Bucketdeth: Thats....pretty official looking. Most phishing scams try to goad you into clicking the link by being all YOU GOTTA SORT THIS SHIT OUT MAN ELSE WE GONNA DELETE YOUR ACCOUNT. Or some other nonsense. Weird.

#10 Posted by niko555 (120 posts) -

I was really close to clicking the link in the mail.

It looks exactly the same as the real change password mail you get from Anet.

#11 Posted by emem (1969 posts) -
@Bucketdeth said:

@emem said:

@announakis said:

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

apparently this is not phsshing trick, this is the sad part: people report that there is no ASCii trick in the adress of the sender, the sender is indeed Anet...

Mails like that are never from the developer, it's always a slightly different address...

Here is the email.

         

Hm, as far as I understand people can make it look like mails came from specific email addresses and if yours is a phishing mail I doubt that any of the links will lead to the real Anet/GW2 site. Anyway, the important thing is just to not click on links in general unless you have requested them yourself, it's been like that for years. If you get a suspicious mail, open your browser and go to the known official website in question and check it out.
#12 Edited by UssjTrunks (534 posts) -

When you change your password, you don't get a confirmation email. So these are fake. However, allowing people to change passwords without a confirmation email is not secure at all.

#13 Posted by Gantrathor (214 posts) -

It actually looks exactly like the email you get when you change the password to your NCSoft master account.

#14 Edited by UssjTrunks (534 posts) -

@Gantrathor said:

It actually looks exactly like the email you get when you change the password to your NCSoft master account.

Changing the password of your GW2 account on the official website doesn't send out an email (I've done it a few times already). Besides, that email is supposedly from Arenanet, not NCsoft.

#15 Edited by Gantrathor (214 posts) -

@UssjTrunks: I know, I was just pointing out that it looks like the NCSoft master account statement. That's why it's funny, because you don't even need to use an NCSoft account for Guild Wars 2.

#16 Posted by Bistromath (633 posts) -

Gotten 3 of these so far. Pretty annoying.

#17 Posted by chubbysumo (1 posts) -

Just so you guys know, but these are legit emails. They are not phish attempts, the header info checks out. The hack is a two step process. the password reset is the hacker actually just confirming that you are using a known email(either guessing based on in game character names, or from the recent MMO site hacking spree from china). It practically spits out a yes or a no. it either gives them a glaring error(email not in database), or tells them one has been sent. Once they know an email is live, they then use either pre-gleaned passwords from other MMO sites that were hacked, or then phish the shit out of your email. I can confirm that the hackers do not need access to your email account, and many are in fact losing access to their email accounts after their GW2 accounts, and those same people report that they used the same password across services. Use a clean(new) email, and a new password, and you foil their attempts at a hack/phish. There is also a server side hole, since people are getting hacked eevn without recieving the password reset email. Also, all the IPs that are being reported are from china, go figure.

#18 Posted by pekarn (86 posts) -

Why would anyone click the link in a password reset mail you didn't request?

#19 Posted by eccentrix (1599 posts) -

@pekarn said:

Why would anyone click the link in a password reset mail you didn't request?

Especially after it specifically tells you not to in the email.

#20 Edited by Magickeys (37 posts) -

@Brodehouse said:

Oldest phishing trick in the Massively Multiplayer Book.

Yeah, I received one just this morning. This trick is getting old by the way, bunch of idiots.

And I don't have the game yet also, double idiots :)

#21 Posted by Nihilius (169 posts) -

I got one of these today, I turned on gmail 2 step verification a few days ago so I am not all that worried. They should have given us some secret questions and answers so that this wouldn't of happened. Also the lack of a Security Token available at launch is a bad decision.

#22 Posted by RobbieMac (535 posts) -

Woke up and I had 6 of them in my box. Lol, fail.

#23 Edited by Ehker (235 posts) -

I didn't get one, but it seems something was up with the password reset, because they've shut it down.

http://en.support.guildwars2.com/

Announcements:

  • The Guild Wars 2 reset password feature is currently unavailable.
#24 Posted by jozzy (2042 posts) -

I got this e-mail, and I don't even play Guildwars 2 (yet).

#25 Posted by Gaff (1815 posts) -

@pekarn said:

Why would anyone click a link in an e-mail you didn't solicit?

Fixed.

#26 Posted by Bestostero (2758 posts) -

well im angry i didnt get a phishing email! am i not special enough for one!? lol

#27 Posted by psylah (2181 posts) -

I got one of these e-mails, which is hilarious, because I haven't played GW 1 or 2, and I don't even have an Arenanet account!

Anyways, pro tip:

If you get an e-mail that makes you concerned that an account of yours has been compromised, don't click links in the e-mail, go to the website yourself and navigate to the appropriate page.

#28 Posted by Maystack (906 posts) -

Just got an email saying I need to authorise a login. So glad that ANet put that system in.

#29 Posted by Dagbiker (6978 posts) -

I got one of these, I also got an Email from Norman Chan:

Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority. I need a confirmation of acceptance to handle a Business worth $47.1M USD with me. Contact me for more info.
#30 Posted by psylah (2181 posts) -

@Dagbiker said:

I got one of these, I also got an Email from Norman Chan:

Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority. I need a confirmation of acceptance to handle a Business worth $47.1M USD with me. Contact me for more info.

I'd believe it, now that he's a big star on Mythbusters!

#31 Posted by jesterroyal (353 posts) -

@Dagbiker: You totally hit the jackpot. You need to act on that. 47 million dollars? These opportunities come around once in a life time. Have you contacted him back yet? Is Jamie and or Adam his angel funder?

#32 Posted by Herocide (442 posts) -

@chubbysumo said:

Just so you guys know, but these are legit emails. They are not phish attempts, the header info checks out. The hack is a two step process. the password reset is the hacker actually just confirming that you are using a known email(either guessing based on in game character names, or from the recent MMO site hacking spree from china). It practically spits out a yes or a no. it either gives them a glaring error(email not in database), or tells them one has been sent. Once they know an email is live, they then use either pre-gleaned passwords from other MMO sites that were hacked, or then phish the shit out of your email. I can confirm that the hackers do not need access to your email account, and many are in fact losing access to their email accounts after their GW2 accounts, and those same people report that they used the same password across services. Use a clean(new) email, and a new password, and you foil their attempts at a hack/phish. There is also a server side hole, since people are getting hacked eevn without recieving the password reset email. Also, all the IPs that are being reported are from china, go figure.

In spite of this being this guy's first post; he's right.

#33 Edited by WhytePanther (107 posts) -

I got one yesterday as well. Except mine didn't say it was a password change, but rather a change to the e-mail address of my account. Oh, and I also don't have a copy of GW2. I did have GW1 on that address, so I put in a ticket (after typing the address myself, of course), when I discovered I couldn't log in to the website with that address. The site said there was no account with the e-mail address, but it did seem to indicate that GW1 account should have been able to log in. That was a day ago and now after doing a little legwork, and finding the e-mail asking me to click the link to confirm the change of address in my spam folder with the exact same timestamp as the e-mail confirming it's been accepted, I've decided to redownload the GW1 client and see what happens. But I'm at PAX and my hotel has pretty crappy WiFi, so I'll have to check up on it in the morning.

If my account was actually stolen, my guess is there are two points to this hack. First, is that they are using some known list of e-mail addresses and passwords (I had a WoW account hacked three years ago that probably had the same password then as I used the last time I actually played Guild Wars). Second, they are somehow locating the key to confirm the e-mail address without actually accessing the e-mail (or they have mine and aren't showing any other indication of that, but my e-mail is most definitely under a different password than it was then.) The fact that web password changes are down right now seems to feed that theory.

Edit: Guild Wars downloaded to a playable state over night. GW client tells me the e-mail address is not recognized. And since I almost never delete any e-mails ever, I still have the original account activation e-mail from 2004 for my GW1 account. Still no word from ArenaNet.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.