Hello peers,
I received a letter in my inbox from a player named “En Goldstein” who told me that my account was queued to be shutdown due to “Currency transactions or abnormal login”
I laughed at this, because I have no need for “currency transactions” of the illegitimate type since I can well afford the black lion gem store. There are no “abnormal logins” because Anet requires two factor authentication from any IP address not previously on record. The thing that tickled me the most though, was that I was advised to go to a website to “lift the restrictions” —- by going to a link that ends in .pw (Which for those not aware of how websites work… “.pw” is a domain, not a page.
Basically the link read something like [link redacted by mod]
Here is another problem with that, for those who are not cyber security professionals like myself. http:// <—- that is Hyper Text Transfer Protocol….which is not what Arena Net uses (Or any legitimate company that hands account information) uses. For that you will always see “https://” (Hyper Text Transfer Protocol Secure) and if you don’t….WATCH OUT!!!! YOU’RE NOT USING THE INTERNET SECURELY.
Finally, what angered me was that he signed this letter “GM En Goldstein.”
Anet, I am not in the business of reporting players…but as a cyber security professional I am obliged to inform you and my peers of this phishing fraud. For most players, this isn’t an issue. The letter I got stated “This is from a player not a GM” and chrome informed me that the page was a phishing scam…but hey, i’m a white hat…so I checked the page out anyway.
The attack is relatively lame…So lame in fact that I didn’t even need ScriptSafe because they were using straightforward HTML with 0 background scripts. It’s just a basic form, and once you click “Verify” you should understand that your information is being stashed on a server somewhere in China. In fact…..I have the information on WHO this site belongs to. I would not normally think Mr. Lao Wang would be stupid enough to register a website with his real name….yet I also did not think somebody would be stupid enough to use a low-level phishing attack via a non clickable link in a gw player’s inbox.
Domain Name: 76C1S-J9NE5J4.PW
Domain ID: D8514730-CNIC
WHOIS Server: whois.todaynic.com
Referral URL: [link redacted by mod]
Updated Date: 2015-06-18T01:50:21.0Z
Creation Date: 2015-06-18T02:50:20.0Z
Registry Expiry Date: 2016-06-18T23:59:59.0Z
Sponsoring Registrar: ERANET INTERNATIONAL LIMITED
Sponsoring Registrar IANA ID: 697
Domain Status: clientTransferProhibited [link redacted by mod]TransferProhibited
Domain Status: serverTransferProhibited [link redacted by mod]TransferProhibited
Domain Status: addPeriod [link redacted by mod]
Registrant ID: TOD-44358654
Registrant Name: lao wang
Registrant Organization: lao wang
Registrant Street: fangguorewoquaiguoreqingaoyunhui
Registrant City: xian
Registrant State/Province: Shaxi
Registrant Postal Code: 710000
Registrant Country: CN
Registrant Phone: +86.1104587548
Registrant Phone Ext:
Registrant Fax: +86.1104587548
Registrant Fax Ext:
Registrant Email:
Admin ID: TOD-44358655
Admin Name: lao wang
Admin Organization: lao wang
Admin Street: fangguorewoquaiguoreqingaoyunhui
Admin City: xian
Admin State/Province: Shaxi
Admin Postal Code: 710000
Admin Country: CN
Admin Phone: +86.1104587548
Admin Phone Ext:
Admin Fax: +86.1104587548
Admin Fax Ext:
Admin Email:
Tech ID: TOD-44358656
Tech Name: lao wang
Tech Organization: lao wang
Tech Street: fangguorewoquaiguoreqingaoyunhui
Tech City: xian
Tech State/Province: Shaxi
Tech Postal Code: 710000
Tech Country: CN
Tech Phone: +86.1104587548
Tech Phone Ext:
Tech Fax: +86.1104587548
Tech Fax Ext:
Tech Email:
Name Server: F1G1NS1.DNSPOD.NET
Name Server: F1G1NS2.DNSPOD.NET
DNSSEC: unsigned
Billing ID: TOD-44358657
Billing Name: lao wang
Billing Organization: lao wang
Billing Street: fangguorewoquaiguoreqingaoyunhui
Billing City: xian
Billing State/Province: Shaxi
Billing Postal Code: 710000
Billing Country: CN
Billing Phone: +86.1104587548
Billing Phone Ext:
Billing Fax: +86.1104587548
Billing Fax Ext:
Billing Email:
(edited by Moderator)