phishing
Latest
Protect your browser from "tabnabbing"
Have you heard about "Tabnabbing"? It is the term for a new kind of attack, which can be summarized as grabbing a Web browser tab when you aren't looking and making it appear as another site. Aza Raskin, lead designer for Firefox, created a page that illustrates this. If you click on that link and then ignore it for awhile (create and switch to another tab), Aza's page will turn into a lookalike for Gmail. He claims this will work in "all major browsers," and I confirmed it in Safari, Google Chrome, and Firefox on the Mac. It even worked -- albeit poorly and less regularly -- in OmniWeb and Opera. However, before users of either of those browsers claim some sort of victory, please realize that my testing was not scientific or extensive, and Aza's "proof of concept" may not be as thorough as some other sites. Aza's example isn't too difficult to spot; if you look at the Address Bar you will see this URL still points to his domain, but he could easily redirect you to a non-Latin domain name that looks like a different website which would be harder to spot. What should you do to protect yourself? Well, perhaps unsurprisingly, Aza thinks you should use Firefox, which has an Account Manager feature that is supposed to help protect you from this kind of attack. But what about the next phishing attack? Or what if you prefer a different browser? Read on for a better solution that will allow you to use just about any browser you choose...
Security Warning: Phishing emails on the rise
Recently, Polar over at Securing WoW wrote about the latest phishing email being sent out by scammers. Account thieves are using the 2010 Arena Tournament as a way to lure you to their site to steal your login info. (Registration for the tournament ended on the 27th continues until June 7.) This is typical behavior by these crooks. Every time a Blizzard event is announced or even rumored, from the Cataclysm alpha to the StarCraft II beta, scammers take advantage it with legitimate looking emails. With the Cataclysm beta almost upon us, the expansion related phishing is going to get even worse. But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones. Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.
New scam targets the WoW Launcher
A post in the official forums today, later confirmed by a blue, points to hackers attempting to take advantage of a new avenue to attack the user -- the World of Warcraft Launcher. As you can see from the screenshot above (large version here) the real launcher apparently is replaced with a fake launcher that sends the user to a web site that pretends to be official, asking for subscription information (including answers to secret questions and the original CD-Key) in what is meant to appear as the means to restore a supposedly suspended account. One of the telltale signs that this isn't legit, besides the very invasive information requested, is the version number in the upper left corner of the screen. We're way past patch 3.1.1 -- however not everyone might know this. Ancilorn posts confirming that this is not genuine (reiterating that they will never ask for your password in such a manner, and also requesting that such things be sent directly to Blizzard if they happen to you). Goes to show that as security is increased, those looking to breach it become more desperate.
PSA: Beware of StarCraft 2 beta scammers
As you may have heard, the StarCraft II beta is now officially underway. Right now, beta invites are streaming to email inboxes everywhere. As a result, scammers are out in full force as well, hoping to phish some account details from unsuspecting Blizzard fans. In order to help you avoid this potential trick, our friends at WoW.com have provided a simple guide for determining if a beta invite is legitimate (the one shown above is a gag made by us, incidentally). Simply follow the steps below to see if your beta invite is the real deal: Type battle.net into your browser (no typos) and it will go to the secure battle.net site appropriate to your region. Enter your account info. Under Manage My Games, choose Add or Upgrade a Game. Enter the Beta Key provided in the email where it says Enter Game Key. Press Add Game. If the beta is properly added to your account, you're good to go. If the beta key doesn't work, or if the email directs you somewhere else to obtain a key, it's not a real invite. WoW.com advises users to forward any fake invites to hacks@blizzard.com.
StarCraft II beta is live. Beware of scams!
People are getting actual StarCraft II beta invites, but that doesn't mean that all beta invites (or any other emails that look like they are from Blizzard) are real. If you got an email saying that you have been invited to StarCraft II: Wings of Liberty, don't click anything in that email. Instead take the following steps: Type battle.net into your browser (no typos) and it will go to the secure battle.net site appropriate to your region. Enter your account info. Under Manage My Games, choose Add or Upgrade a Game. Enter the Beta Key provided in the email where it says Enter Game Key. Press Add Game. If you are able to successfully add the game to your library, then you received a real beta invite. If the email tells you to go someplace else for the beta key or the key provided did not work, then you received a phishing email.
How to tell if a GM is whispering you
A guildie got the above whisper Tuesday night. (I have blocked out the website so as not to promote this phishing attempt.) We have reports of this happening to a lot of people in-game right now as yet another attempt to get you to go to a site, so they can steal your login info and defile your characters. Let's dissect the above whisper: It's one whisper made to look like two. This will work if your chat settings match the scammer's chat settings, but if you've fiddled with your font or chat window, then the formatting will be off and the scam will be more obvious. The whisper is from a garbage name. All "players" I've seen with random characters have been scammers or gold selling barkers. So anything after such a name should be considered highly suspect. It says [Game Master]GM. The scammers aren't even trying here. Blizzard GMs have names and have <GM> before their names. It sends you to a non-Blizzard site. Don't go to any website you get in tells or in-game mail as a general rule. If you have received a ban of any kind, you will receive an email to the account you have on file with your subscription info.
AionSource.com compromised, e-mails possibly leaked to hackers
Yesterday we reported that a wide number of e-mail password phishing scams were being sent out to Aion users. Today, AionSource.com has sent out an e-mail announcement to all of their users that this new wave of scams may have been due to a hacking attack on their website. Knite Shadowbane, administrator of AionSource, has posted that AionSource.com had been under hacker attack five days ago on the 24th of January. The staff has since cleared the attack and has proceeded to beef up their security, but today's e-mail to all AionSource members warns that their database could have been used for these phishing scams. So, if you are a member of AionSource, keep an eye out for any unusual e-mails coming your way. Even if you aren't a member, always remember to check the source of any e-mails coming to you that request for you to "access your account" or "confirm your password" or require you to log into an unverified source. Knite has also posted a handy guide to securing your account, such as changing your password and installing anti-virus software.
Aion players: Watch your e-mails for scams
Keeping your password for your favorite game safe is always a top priority. No one wants to have their accounts hacked or have their passwords lost to someone who's willing to sell all of their items for gold, kinah, or what have you. So today, as a friendly public service announcement, we here at Massively would like to remind you to make sure you double and triple check any correspondence that looks like it comes from NCsoft or your favorite game company. Today we've received an e-mail telling us that our Aion account password had been changed, and if it wasn't us that we needed to go to the NCsoft master account site and change it back. We can guarantee you that the link provided was not for NCsoft's account management, but a phishing scam. While the scam letter was pretty obvious, always be wary of e-mails you don't anticipate. If you think there's something wrong, don't click any links in the e-mail -- instead go to your account management website directly to check on your account.
Apple posts articles to help protect MobileMe members against 'phishing' schemes
It was just a couple of weeks ago that we warned you that there were a bunch of phony Apple emails being sent to MobileMe subscribers designed to trick them into giving up their credit card info. Now, Apple has published a couple of Knowledge Base articles designed to help you if you get some mail that might not really be from Apple. The first posting helps you to renew your account, update your credit card information, and to deal with messages MobileMe may send you about your storage limits. It also has an additional older specific link to help you identify fraudulent emails that look like they are from Apple but aren't. For whatever reason, crooks love to prey on MobileMe users, and there have been issues with fake renewals and credit card phishing schemes for a couple of years now. If you have any doubts, check the Apple articles, and report any problems to Apple. A credit card is a terrible thing to waste, or lose.
Help! My account has been hacked!
There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen. Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.
Beware of WoW Armory phishing scams [Updated]
First things first: the correct address for the WoW Armory is wowarmory.com. Bookmark it. Memorize it. But don't ever, ever search for it again. We've talked before about how misspelling searches can get you into trouble. But even if you spell WoW Armory correctly when Googling, the first sponsored site that shows up is a phishing site -- and it's a really good one. Update 1:10pm: Google seems to have removed the site from their sponsored listing in the short time since I wrote this post. Kudos! Nonetheless, there are and will be more sites using the same technique, so the warning remains valid. Do not go to the following site: armory-worldofwarcnaft.com/wowarmory/, it is evil. Notice the n in warcnaft? You may not when you are clicking on it in your search page or when it shows up in your address bar. And that's what they are counting on. Because the rest of the site looks authentic. When you type in what you want to search for, you get asked for your Battle.net info. Then, no matter what you type in, it gives you a password error. (I typed in profanity. It was fun.) They have stolen all of the elements of the actual Blizzard pages, so that if you want your login page in other languages, just a click of the button will get you there. But don't. It's evil.
Phishing schemes targeting MobileMe users again
Be very careful if you get an email from Apple telling you they need to re-check your credit card information. One of our readers got just such an email, and he didn't fall for it. This particular rip-off comes from an 'Apple-bills.com' domain, which has nothing to do with Apple. They'll be glad to take your credit card info, and give you a big surprise when you get your next billing statement. An Apple representative confirmed that the email is not from Apple. They also suggest you send copies of the email and relevant details to spam@me.com if you get one. This isn't the first time this scam has gone after MobileMe users. We reported on some MobileMe scams in May. In February another scam site was telling people their MobileMe renewal was not received and to do it again. Back in 2008, ComputerWorld reported on another phony scheme that fleeced about 200 MobileMe customers in a single day. It's probably a good idea to not click on links in emails that ask for financial or credit card information, and it is easy to check with any vendor to see if the request is legitimate. If you ever have questions about a MobileMe renewal, you can go to: www.apple.com/support/mobileme/ and do a live chat with an Apple support agent. Also, don't update from an email. Log into your account and update there. Just before posting this I tried the link our reader sent. The first time I clicked I saw the fake Apple page. Now there is an error page there instead. Thanks to Asif for the tip.
Phishing Android apps explain our maxed-out credit cards
There's no such thing as a perfect mobile app store strategy -- you're either too draconian, too arbitrary, or too loose in your policies, and as far as we can tell, there's no way to find a balance that isn't going to trigger an alarm here and there or get a few people worked into a lather. If you're too loose, for instance, you're liable end up with the occasional bout of malware, which is exactly what appears to have gone down recently in the Android Market with a few fake banking apps published by a bandit going as "Droid09." As you might imagine, the apps end up doing little more than stealing your information and ending your day in tears; the apps have since been pulled, but that's probably little consolation for those already affected. The moral of the story? Be vigilant, keep a close eye on those system permissions the Market warns you about as you install new apps, report sketchy ones, and -- as always -- use a hearty dose of common sense.
In defense of care packages and mandatory authenticators
If you read WoW.com with any regularity, you probably saw and read our pieces on Friday discussing some rather curious policies Blizzard has recently instituted. There are two in particular that I'd like to discuss further: The care package for hacked accounts and the possibility of mandatory authenticators. First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.
You are not invited to the Cataclysm alpha
In the wake of yesterday's rumor that the Cataclysm Friends and Family alpha will be starting this Tuesday, January 12, we should expect an increase in scammers trying to get your account details by offering phony alpha invites. We saw a lot of these for both Burning Crusade and Wrath of the Lich King as well, and some of them were very well crafted. At this phase of Cataclysm's development, though, it will be comparatively easy to keep yourself safe. Since this is a friends and family alpha, if you don't have friends or family that work at Blizzard, you will not get an invite. Therefore, anyone offering you one is trying to pull a scam. Basically, everyone who's going to be getting legitimate access to the alpha should know who they are already. Everyone else, sit tight and stay tuned to WoW.com for the latest on WoW's next chapter. World of Warcraft: Cataclysm will destroy Azeroth as we know it. Nothing will be the same. In WoW.com's Guide to Cataclysm you can find out everything you need to know about WoW's third expansion. From Goblins and Worgens to Mastery and Guild changes, it's all there for your cataclysmic enjoyment.
Malware targeting gamers gets some mainstream spotlight
Those vicious and despicable malware authors are targeting gamers, according to BBC. I know, big whoop, right? The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf. The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts. WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.
Second Life content creators warn about scam site
Numerous Second Life content creators are warning their clientele that the Web-site virtualget.net (which has been apparently been operating for a couple of months now) is a credit-card harvesting scam. Whether that's correct or not, the site appears to be using the product images and product descriptions and trademarks of numerous Second Life content creators without their permission. The original images and text appear on Linden Lab's Xstreet SL virtual goods shopping Web-site. Numerous DMCA notices are reportedly being filed by content creators at present. We attempted to contact virtualget.net (anonymously registered in Singapore) for comment, but none of their email addresses appeared to be functional -- One email address was restored to function when the majority of the site was taken down a short time ago, but we received no response. Linden Lab, who has an intellectual property stake in the matter, was not available for comment either. Users of Kaspersky protection software found the Web-site marked as a phishing site several hours ago, presumably based on user reports. Update: The operation seems to have disabled access to much of the site in the wake of numerous DMCA notices filed by content-creators. Are you a part of the most widely-known collaborative virtual environment or keeping a close eye on it? Massively's Second Life coverage keeps you in the loop.
iPhone OS 3.1 anti-phishing works; you just need to set it up properly
Remember hearing that one of the new features of iPhone OS 3.1 was an anti-phishing capability for Safari? Jim Dalrymple over at The Loop wondered if it was working properly, and asked Apple what was going on. The response?"Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," Apple spokesman, Bill Evans, told The Loop. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."What this apparently does is allows Safari to completely download the anti-phishing database, which is necessary before the feature will work. It also appears that you'll need to update the database on occasion in the same way -- charge your iPhone with Safari up and the screen off.As always, TUAW urges you to practice safe computing, so enabling anti-phishing in this odd Apple-approved manner is highly recommended.[Thanks to LoopInsight.com for digging into this]
PSA: Don't get scammed by Cataclysm phishing
No, what you see above is not the logo of the (probably) upcoming World of Warcraft: Cataclysm. It's the graphic being used by a phishing site that's been making the rounds lately and we've received a number of emails about. To make sure everybody is completely clear, if you see the logo above, the website you're visiting is absolutely not legit. There are no Cataclysm Alpha invites going out to the public, and certainly not Beta invites. When Blizzard kicks off a beta, we'll be sure to tell you. And even better, Blizzard will be sure to tell you. Until that happens, please be careful about what you click on. The pre-expansion period is prime time for phishing attempts.Naturally, even if that's not the graphic you see, you should be wary of Cataclysm-related phishing sites. There are quite a few right now, and they will even grow more numerous after BlizzCon. Be mindful of the sites you're linked, be careful where you enter your WoW account information, as well as your personal information. I know we've said it many times before, but we really can't say it enough. Don't do anything silly, and if you want to be absolutely sure that you don't do anything silly, grab yourself an authenticator if you can. If you can't get the physical authenticator, there's always one of the mobile authenticators.
How scammers plunder your Tales of Pirates booty
For the first time in a long while, we've come across a tale of digital wrong-doing that doesn't involve internet spaceships and is definitely not allowed by the developers. The game in question is Tales of Pirates published by IGG. Apparently a number of the game's players have fallen victim to a trick, and IGG wants to publicize this to make people aware of the scam. There's a brief warning on the official Tales of Pirates site about account security, but they just put out a press release that's far more detailed. IGG writes: "As with any popular game, IGG's Tales of Pirates has attracted its share of scammers. Even the most careful pirate can sometimes be fooled by a well-executed scam. The best way to avoid becoming a victim is to learn the common tricks scammers use. To help players, the ToP would like to highlight one particularly popular method used recently." We can only hope they emailed the full info to their playerbase, but we'll keep our own take on it short and sweet here -- five steps to violating the Tales of Pirates EULA and getting banned (and of course, what to watch out for.):
