I’m sure a lot of you already know this, it may sound like fairly obvious information and I’ve got no idea how much my writing about it is actually going to help anyone, but, I felt it’d be a good idea to post it anyway, on the off chance that it may potentially help the odd player or so.
I recently took a hiatus from Guild Wars 2 for over a year, due to work, travelling overseas and so forth, but came back to the game a few days ago to get back into the fun once more, meet up with old friends from the community and the likes, and it has been fun coming back.
Shortly after coming back, I received an email, the contents of which were intended to have me believe that it had originated from ArenaNet – It’s contents suggested that my account was about to be disabled for security reasons, with a link claiming to be for reactivating my account. The link text was a URL to the Guild Wars 2 login page, but the actual target URL pointed to a remote domain that I did not recognise. Naturally, I did not trust the email or the link, but wanting to be certain that it wasn’t simply an ArenaNet domain that I hadn’t yet seen before, I contacted ArenaNet via support to confirm if the email was genuine or not; They confirmed to me that the email was -not- from them, and also confirmed to me that there was nothing wrong with my account and that nothing had been disabled. From there, I simply deleted the email, moved on, and enjoyed the game as per usual.
However, yesterday and today, for whatever reason, I noticed that every single time I logged in, firstly, I’d receive the two way login verification from ArenaNet to confirm that the login was mine (this is a genuine email from ArenaNet), but then, within a few minutes of confirming the login and playing the game, I’d receive a -second- email – The contents of this second email made it appear -appear- to be identical to the first email; However, this second email was -not- from ArenaNet – The sender address indicated was the same as the ArenaNet no-reply address, but the originating postal server was not the same as the ArenaNet originating postal address and the headers were faked; Additionally (and much more easily spotted), the supposed login confirmation link, while the text content of that link contained the same domain part as and was extremely similar to the one included in the genuine email, the actual target URL was an entirely different address pointing to a *.VU domain (Republic of Vanuatu), which included the actual ArenaNet domain name as part of a sub-domain.
I’ve never been caught out by these, mostly, because I always double-check links before actually clicking on them, and these fake emails, although similar to the emails from ArenaNet, often, are not absolutely 100% the same, and I tend to spot small changes in automated emails.
Although I’ve never been caught out by these, I’ve seen and heard enough before to be fairly certain as to what they are, what their purposes is and how they function – These emails, claiming to be from ArenaNet, which are not actually from ArenaNet, are sent out by either hackers or bots attempting to phish your account username and password in order to steal your account.
Although I’m sure many of you are already aware of this, for the benefit of those that aren’t:
- Just as you would with any other online service of any kind, whether it be online banking, internet forums, paypal, social security or even online video games, when you receive an email claiming to be from that service, double-check all links (and if possible, originating address and email headers) -before- clicking on any of those links!
- If the email contains a link which points to address which is -not- controlled by ArenaNet, that email most certainly is -not- from ArenaNet, and you should NOT TRUST IT.
Just shortly after beta, I noticed quite a few hacked accounts being used, presumably, for illegal trading and scamming. Since coming back the other day, thankfully, I haven’t noticed any of this sort of thing at all. That said, I have no doubt that there are those out there that still try this sort of thing, and no matter how much security ArenaNet may put in place to protect your accounts, they can’t protect your accounts from -you-. So, be smart, guys.
(edited by Maikuolan.2986)