phishers gonna phish

i never ever ever ever ever ever click on any link in any e-mail...ever!  I'll open up my browser and put in the link manually (if it's a site I know) or i'll log into my account off the website or game and go from there.  Even if I initiate a forgot password or something and I'm getting the e-mail 1 min later, I still put it in manually.

These aren't phishing emails, they are legit emails from ncsoft.  Why it's happening, I don't know.

But I just got one myself.  I deleted it completely from my inbox, on the off chance someone had access to my email to do a password reset, and then changed my email password.

Originally posted by Gravarg

phishers gonna phish

 

i never ever ever ever ever ever click on any link in any e-mail...ever!  I'll open up my browser and put in the link manually (if it's a site I know) or i'll log into my account off the website or game and go from there.  Even if I initiate a forgot password or something and I'm getting the e-mail 1 min later, I still put it in manually.

People keep saying this. Let us try the facts here in bold.

It is not a scam. People had their account e-mails changed, and this e-mail notified them of that. It does not even ask for your info. They didn't enter anything in a site and cannot log in after getting this e-mail.

The e-mail has a legit link. It links to support directly. This is easy to see. Support accounts are seperate from game acccount anyway.

It is a legit e-mail. The e-mail headers point to NC Soft servers. This is not easily spoofed.

That and I already told you why the vast majority of these cases are occuring.

There are also other e-mails letting you know someone tried to reset your PW, but they can't do that without access to your e-mail account.

Originally posted by adam_nox

These aren't phishing emails, they are legit emails from ncsoft.  Why it's happening, I don't know.

 

But I just got one myself.  I deleted it completely from my inbox, on the off chance someone had access to my email to do a password reset, and then changed my email password.

If you got an email that your account was changed, then you would not have been able to log in with that e-mail again. Sounds like you just got one that someone was trying to access your account. Then they hit reset PW for the heck of it. They most likely have your e-mail address from one of the harvested lists I was talking about before. You might want to look into that, and be sure to try to use different passwords for different sites. You can use something like keepass to keep track of them all in keep the database in dropbox or google drive. It is all free. It is what I do for 95% of my accounts for that reason.

Originally posted by vaeiou

Found this in my email just then from noreply@guildwars2.com:

 

 

"Someone -hopefully you!- has requested to change the email address associated with your Guild Wars account.

Need help or have questions about your Guild Wars account? Visit our support site: http://support.guildwars2.com/.

Thanks!

-The ArenaNet Team"

 

 

Except I didn't request for an email change.  Now I can't log into my account.  I've already left ANet a ticket/question.  Hopefully I can get my account back in one piece :-(

 

 

EDIT:  A lot of people are telling me not to click on the link in fear of keyloggers and stuff.  I DID NOT CLICK ON THE LINK AND ENTER MY INFORMATION.  I entered my account information into the GW2 CLIENT and received an error that my account name doesn't exist.  Besides, the link is legit, and so is the ArenaNet email.  So, please stop telling me not to click the link, to login to my account, or to change my password since I can't even get into my account.

EDIT 2:  Sent one ticket to ArenaNet, and one to NCSoft.  Any bets to see who responds first?

I had this problem too. I started to panic because I've had my account for 6+ years. Try logging in with your username. Not your email (for your NCsoft account). You can then go in and update/upgrade your passwords for guild wars and any other games you have. Put some armor on your NCsoft password while you're at it too

NEVER EVER EVER EVER EVER EVER EVER click on links in emails when it comes to any type of account, game or not.

Exit your freaking email, close all your internet browsers, re-open one and go DIRECTLY to whatever website the account is from, log in...then do what you need to do.

Why take the chance just to save a few seconds by clicking on a link.

Originally posted by Morninglord

I received one of those emails as well. I ran a check on the IP address it came from, and it showed the mail came from Austin, TX from NC Interactive. Now it may be possible to mask the true IP and make it seem like it came from there, but perhaps NC Soft may want to check and see if they have an employee with less than honorable intentions.

Morninglord

I posted it in another thread, so I'll repeat it here as well. This isn't an explanation of all the emails (some accounts have actually been hacked) but rather an explanation why you are receiving these particular ones:

The hackers are running through the emails they have from the master lists they own from previous hacked games. If the person has had a GW1 or GW2 account, it triggers the above legitimate email to be sent to the email address on the account.

Account holders receive these legitimate emails and go to the legitimate GW2 site to check. Most will be consoled that it was a legitimate email and their account is safe. The actual phishing email will come later. The purpose of the first step is to get gamers to start to trust these emails. Most gamers have become immune to phishing attempts, and I'm quite sure this probably negatively affected actual MoP beta participation over the past couple months as the barrage of 'beta invites' has been insane.

The next time gamers get these emails, many will trust them because they just experienced a legitimate email that ended in a positive outcome (account was verified as safe). However, the next email will be the actual phishing attempt.

As an added note, if "hopefully you!" is in parens, it means there was a password request. If it is in dashes, it is a password change confirmation.

Originally posted by Loktofeit

Originally posted by Morninglord

I received one of those emails as well. I ran a check on the IP address it came from, and it showed the mail came from Austin, TX from NC Interactive. Now it may be possible to mask the true IP and make it seem like it came from there, but perhaps NC Soft may want to check and see if they have an employee with less than honorable intentions.

Morninglord

I posted it in another thread, so I'll repeat it here as well. This isn't an explanation of all the emails (some accounts have actually been hacked) but rather an explanation why you are receiving these particular ones:

The hackers are running through the emails they have from the master lists they own from previous hacked games. If the person has had a GW1 or GW2 account, it triggers the above legitimate email to be sent to the email address on the account.

Account holders receive these legitimate emails and go to the legitimate GW2 site to check. Most will be consoled that it was a legitimate email and their account is safe. The actual phishing email will come later. The purpose of the first step is to get gamers to start to trust these emails. Most gamers have become immune to phishing attempts, and I'm quite sure this probably negatively affected actual MoP beta participation over the past couple months as the barrage of 'beta invites' has been insane.

The next time gamers get these emails, many will trust them because they just experienced a legitimate email that ended in a positive outcome (account was verified as safe). However, the next email will be the actual phishing attempt.

Personally, IMHO it's more likely that they are:

- running a stolen list of username/passwords against the GW2 login.

- if they can't login, they send your username to the "forgot password" URL, and then try the same username/password against your email.

Standard lessons:

- do not *ever* click on links in emails.

- use a separate password for everything.  Get a notebook and write passwords in it.

- make sure to run anti-malware/virus checks periodically "just in case".

---

Originally posted by Doomedfox
 That would also mean that your Email account is compromised tho.

I got the same mail yesterday but since you would need to click the link to accept the PW change i think i am fine.

At least i was ablt to log in and did not expierience any problems with the account. 

---

No, it doesn't. The guildwars2 . com website allows you to change the email with ZERO secondary or third-party site (i.e., from your email) authorization. If they can log into your guild wars account, they can change the email. They don't need access to your email to change it.

Edit: I feel nearly certain that dumbo has the right of it in this case.

If you have been "hacked," if you can access your NCSoft Master Account using your account username (not the NC email) then you can save your account. Whoever is doing this is not changing the NC master stuff, apparently.

If you can log in to your NC account, you can see the email for your Guild Wars (and 2, if they are linked) accounts. You can also change the password for your GW account. Knowing the new email and having changed the password, you can log into the guildwars2 website and change your email to something else (I would NOT use the same email as before).

If this works, you should change your GW password, your NCSoft password, and any other game passwords that are the same or similar. Having breached you once, they are more likely to try again to get that account in the near future. It would also be a good idea to update your security questions at NCSoft, and de-authorize all locations. You might also want to change any fansite passwords to a third, different password to prevent future attempts later. Remember to make fansite passwords and game passwords different, and make those different from master account passwords. Make all these different from real-world services like banking. You can never be too safe, and even if you have several passwords like I do, it is better safe than sorry.

Originally posted by Deathenger

Originally posted by vaeiou

Originally posted by Deathenger

Originally posted by vaeiou
Gosh...  This is a nightmare :-(

How is that exactly?

Because my account has been compromised?

Gah my bad, I completly missed that you were the OP

 exactly.  you are trying too hard to defend your game.

Originally posted by Leodious

 

---

Originally posted by Doomedfox
 That would also mean that your Email account is compromised tho.

 

I got the same mail yesterday but since you would need to click the link to accept the PW change i think i am fine.

At least i was ablt to log in and did not expierience any problems with the account. 

---

 

No, it doesn't. The guildwars2 . com website allows you to change the email with ZERO secondary or third-party site (i.e., from your email) authorization. If they can log into your guild wars account, they can change the email. They don't need access to your email to change it.

This. Its pretty lame.

Again, clicking email links has nothing to do with the e-mails posted in this thread.

I wonder if OP has gotten a response yet. I know most people have not. Pretty horrid customer service.

---

Originally posted by MagicDustMan

---

Originally posted by Leodious  

---

Originally posted by Doomedfox  That would also mean that your Email account is compromised tho.   I got the same mail yesterday but since you would need to click the link to accept the PW change i think i am fine. At least i was ablt to log in and did not expierience any problems with the account. 

---

  No, it doesn't. The guildwars2 . com website allows you to change the email with ZERO secondary or third-party site (i.e., from your email) authorization. If they can log into your guild wars account, they can change the email. They don't need access to your email to change it.

---

This. Its pretty lame.

Again, clicking email links has nothing to do with the e-mails posted in this thread.

I wonder if OP has gotten a response yet. I know most people have not. Pretty horrid customer service.

---

Some people aren't reading or can't accept that this is happening without people falling victim to phishing. Well, it is.

Don't be too upset by the customer service. They are totally inundated right now, and are probably working their asses off. I am not saying it isn't their fault. It is, for terrible account name/email policy, and an utterly ridiculous email change system which needs no secondary verification before your email is changed. It's terrible, and the poor security is there fault. Not that the players, myself included, are not at fault for losing their passwords to a site at some point and getting into whatever database is doing this.

To everyone saying it's a phishing attempt and he was stupid for clicking it. You do not know all the facts and have all the evdience you need to make such accusations. I have been getting for the past few days attempts to change the password. They are legit my email client shows me the real link information on the side of the link itself. Also I click on them in a virtual machine and they take me to a password reset on the GW2 site. Also if you look at the original post his E-Mail address was changed.

This isn't typical NCsoft issues this is typical internet issues. My gmail account that I rarely use gets accessed all the time from other sources even after I change the password. Also the all mighty blizzard was hacked and peoples information was taken guess what was taken ooo yea EMAILS.

Now to the OP call ArenaNet and tell them what happened and have all your game information handy they probably can restore your account to its formor glory.

This is an interesting and very scary thread indeed!

I hope it all works out for you.

Just a thought, from reading what was said.  If the account info was static for some time, it's entirely possible that your account info was stolen some time ago & put into hybernation until GW2 finally released.

Crooks like to sit on account info until it becomes valuable.  I guess for everyone else, the thing to do is to just change info ASAP, whether the person thinks they are safe or not.

The email was odd, as others pointed out.  Either ArenaNet is having problems with notifications, or it's some sort of confidence check, since the link is good (and who knows who the sender really was). ... Or you have a keylogger already imbedded on your machine, and they want to make sure they not only grab your email password but also your GW2 info, all within the hour - whether you click the link or not, because it's a keylogger.  If you scanned your machine already, sorry, I must have missed that part of this thread.

Although having a crook know your email address and having a virus installed for the same person might be a stretch .. but I suppose it could be possible if you visit various "dubious' websites and have some sort of account set up there.   I've found some gaming sites, computer sites, and network security sites that had forums, but were blacklisted by my AV/software firewall/browser security settings, because as I found out by going there against my computer's wishes, an intrusion attempt occurs.  Without a firewall monitoring suspicious activity, I might not have known it was no good.