Guild Wars 2

I recently recieved an email claiming to be from ANet about my account being under investigation for trying to sell it. If you look at the attached picture, it is actually quite convincing if you look at the information and the format it’s laid out. Unlike most scam emails, this one is a bit more discreet.

However, one can easily tell it’s a true fake since the url changes to;
{REDACTED}

Notice that lovely added url extension? It’s subtle but there and everything else looks just like site login.

If there is anything that can be done about this, please do so. I do fear many could easily fall victim to this kind of scam easily if they do not pay attention.

Often the broken English is a clue, and this one is no exception, although it has better grammar than most scam emails I get.

Hello, I received an email as follows (removed link). Is this legit? I was put in my junk folder. I haven’t played for 3 or 4 months. I’m not sure if I should respond or it’s a phishing scheme. The link seems legit.

//—————————————————————

Greetings!

It has come to our attention that you are trying to sell your personal Guild Wars account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by ArenaNet Entertainment’s employees. If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with:

<link_removed>

If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Thanks! —The ArenaNet Team

Just made a post regarding this; https://forum-en.gw2archive.eu/forum/support/account/PSA-Scam-Emails

It’s fake.

Thanks! I noticed the slight difference in URL, but didn’t think much of it.

That and ArenaNet Entertainment….

I do hope no one falls for such a thing.

Stopped reading after they called it Guild Wars. It’s Guild Wars 2. Dummies can’t even get the correct game name.

I got a one as well. First phishing e-mail I fell for. Luckily I realized it right away and was able to change my password.

I don’t know what this is all about but everytime I get something like that I don’t know if its fake or not… and wen I am told that my account is ongoing investigation and will be permanently close , i don’t like it at all…

If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Thx AreaNet for sending me kitteny stuff at 3:30am in the morning… i just dint sleep afther that and i am still trying to get answer.

anyone already had this kind of E-mail and no response from Anet ? it almost sound like a threat wen i read it …

Never seen anything like that. Did you check the email headers to see where it actually came from? If you have any doubt, try logging into your account and raising a ticket to ask NCSoft directly. Posting here isn’t likely to achieve a great deal.

Looks like a phishing scam to me. Is there a link in the email to click to “verify” the account? If so, don’t click on it.

I’m getting emails like that too. Sadly for the spammers, they used a wrong email address…

If you copy the link they give and paste it into your browser, it asks to give access to an unknown IP address to your account. In my case it was 62.150.38.163.html. Of course I said no, but it might be an easy way for Anet to shut down these guys.

Check the full header on sender.. odds are its a bulk Yahoo mailer. These are common, I get one from “runescape” once a week.. and I’ve never had a runescape acct.

And most of them are “apparently to” my email, even if not even remotely resembling it. Seems Yahoo bulk spams anyone with any similarity to who it was addressed to. Nice help for the Phishers.

Its a scam. Just got exact same message but for “Battle.net”.

I also just got this, linked to {REDACTED} instead, though.

Warning: Do not fill in your actual information there.

this is the sender i got it from :

ArenaNet (noreply@guildwars2.com)

this is legit no ?

and this is were it want me to merge my GW1 account with my GW2 account.

link deleted

http://account.guildwars2.com.zd0731.info/
Is Fake!

The real login page is:
https://account.guildwars2.com/login

This is not a legitimate email, but a phishing attempt. You should not put that link where people can click on it. If you read the email closely, you can see it is not from ArenaNet. There is no such thing as ArenaNet Entertainment. ArenaNet would never ask for such information, unless you contacted them first. Please destroy the email.

Top of the page you are on now is a support option. Click that login and see what messages you have been sent. If nothing there the e-mail is not from the game. Never click a link that says it is from a game anyway, use the support function you find with any game you will play.

its a pretty kitten good fishing site then , its the exact webpage and skin and everything , it even got the noreply@guildwars2.com , this make me feel like Anet is not doing their job , its the same kitten site , arent they supose to chek for those kind of stuff ? i bet many people will get their account hacked right there. thx for the info i just changed my password and stuff for security measure. But they should keep a eye out for people using their name and their email…

but many thx to the community again ! one less account for the hacker…

cant i report this to Anet so they can take it down or at least make a statement that this or that is not legit ?

phishing from turkey.

Icedsnake.6352:

its a pretty kitten good fishing site then , its the exact webpage and skin and everything , it even got the noreply@guildwars2.com , this make me feel like Anet is not doing their job , its the same kitten site , arent they supose to chek for those kind of stuff ? i bet many people will get their account hacked right there. thx for the info i just changed my password and stuff for security measure. But they should keep a eye out for people using their name and their email…

I think they are doing their job, it’s the people who have been informed about these tactics, yet ignore the proper steps to avoid it.

i got many from blizzard and stuff even tho i dont play those game anymore but this one was pretty well done so i asked here to see your opinion. i always try to avoid those kind of mail , thx for pointing out the support link at the top of this page so i can chek for inquiery from the REAL Anet , its a good way to know and i will do this for everygame from now on. thanks again.

Sincerely , Icedsnake.

Icedsnake.6352:

its a pretty kitten good fishing site then , its the exact webpage and skin and everything , it even got the noreply@guildwars2.com , this make me feel like Anet is not doing their job , its the same kitten site , arent they supose to chek for those kind of stuff ? i bet many people will get their account hacked right there. thx for the info i just changed my password and stuff for security measure. But they should keep a eye out for people using their name and their email…

The string of characters after the dot-com in the address should be a dead giveaway. The first clue, though, is the threat to your account if you don’t act immediately. Legit companies don’t threaten their customers, this is done to make you act immediately rather than taking the time to think about what you’re doing. When you see that, stop and think about what you’re doing.

And of course it’s a convincing fake site… if it said “click here to have your account stolen” then anyone who actually reads the text wouldn’t fall for it. Actually, that wouldn’t make much of a difference…

Anyway, Anet cannot search the entire internet for fake sites 24 hours a day. They rely on people not being stupid and getting their accounts hijacked by gold sellers, and ban the accounts that fall for the scams. Every company that has a login account gets hit by these kinds of things. The company I work for even had a phishing email go around a couple months ago, telling people that their email box was full and they had to click on this link to qualify for a larger account or something.

i quit guild wars 2 a little while ago out of boredom , but today i received 2 emails within an hour here they are :
but i have no intention of selling my account as they not worth anything lol

Guild Wars Account-Notice?

Actions
ArenaNet (noreply@guildwars2.com)Add to contacts 18:32
To: (my email address was here)

Greetings!

It has come to our attention that you are trying to sell your personal Guild Wars account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by ArenaNet Entertainment’s employees. If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with:

[[LINK REDACTED}}

If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Thanks! —The ArenaNet Team

i take it this is a phishing scam like what we used to get on rift and wow , hence why im ignoring it , but thought i should bring this up

i hear you , sorry for my stupidity … normaly im well aware of this kind of fishing email but for some reason this one got to me , but 3min afther i did it i posted here and with your help i immediately changed my password to be sure i would not get hijacked.
Not too long ago , my DeviantArt account was terminated because i ignored a email exactly like that one so maybe thats why i just panicked and clicked the link and gone with it…

Talon Blaze and EternalFlamez, please make those non-clickable links just in case someone opens it and for whatever reason inputs their credentials.

It’s never a good idea to put clickable links in official forms that point to password phishing sites.

If you are going to post a link to a phishing site, please don’t make it clickable. It’s too easy for people to open those and, for whatever reason, input their correct credentials. Don’t make things easier for the phishers.

I don’t know if that link can be accessed without you signing in, but it’s probably not a good idea to post the full link for something like that.

Okay, so like a complete moron I actually fell for this.

What do I do now?

I just changed my password. Should I do anything else.

Hopefully your password isn’t similar to the one you had before. If it is, change it to something VERY different with close to a dozen mixed characters. Add mobile authentication if you can. And if you’re able to remove access from that IP address in your account settings, do that.

And in the future, don’t click those links.

gassy.8975:

Hopefully your password isn’t similar to the one you had before. If it is, change it to something VERY different with close to a dozen mixed characters. Add mobile authentication if you can. And if you’re able to remove access from that IP address in your account settings, do that.

And in the future, don’t click those links.

I don’t understand why I was sent to the Guild Wars 2 site though? Was it not the actual Guild Wars 2 site?

I’m completely confused now.

maybe but then the headline of the post is scam email , so i was just hilighting it , so others can see if they got the same…

No, it was a fake site that’s just made to look like the official site. Once you filled in your info, it was probably sent to the hacker.

This kind of thing has been going on for many years across many services.

A good thing to do, if you need to access your account at the web site, is to open a new browser tab/window and type in the url directly: guildwars2.com

Even if you think an email is legitimate, it doesn’t hurt to type in the url directly. Just make sure you get the url correct, because there are probably several phishing sites that resemble the correct url and one mistyped character could send you to one of those.

Well the headline was accurate, but I’d suggest modifying that link to remove some characters of the token and the request, just in case. I wouldn’t want to see your account compromised.

link deleted for my post

good thinking lol , done

Thanks, Icedsnake.

As for the email address, many email providers (and likely many/most email programs) will allow you to use any email address when sending out email. You could send email using a domain name of guildwars2.com or not-a-scam-email@really-its-not.net or anything else as long as it looks valid to email services.

I got one of those emails as well. More concerning to me is that the email was sent to my secondary email address, which only ArenaNet and one other company have. It’s a non-active account I use for secondary password retrievals and has no relation to my GW2 name. Additionally, it’s with an uncommon host (not Hotmail, Yahoo, etc.) In the year I have been using the account, I have received 1 junk mail, total. I didn’t sign up for GW2 until late January, so my info could not have been compromised during whatever happened in the Fall. I don’t like the odds of a hacker getting my actual name, coupling it with an obscure email domain, and just hopping that I play GW2. I find that aspect of this a little concerning.

Wabey.3921:

Okay, so like a complete moron I actually fell for this.

What do I do now?

I just changed my password. Should I do anything else.

Have your GW2 key handy, as this is the only proof to verify you are the owner of your account of the game. This is one of the prereqs Support asks for in recovery if it ever gets to such a point.

Also, do a cookie and virus sweep, who knows if its got any other bad things in there like loggers.

gassy.8975:

Talon Blaze and EternalFlamez, please make those non-clickable links just in case someone opens it and for whatever reason inputs their credentials.

It’s never a good idea to put clickable links in official forms that point to password phishing sites.

Call me a noob, but how do I make them unclickable on these forums?

just received one too. i wonder how they got my email :/

Heh, I’ve received a similar email today as well. Same story, didn’t use my account in a while. Since I have the game still installed I checked to see if my account didn’t get hacked, but it seems everything is in order -character in the same location, no suspicious in-game mails-, so I can only assume this is a scam.

Put a few spaces in the URL, such as www.b lah blah more text here . com. That should make it non-clickable since the text won’t be continuous.

gassy.8975:

Put a few spaces in the URL, such as www.b lah blah more text here . com. That should make it non-clickable since the text won’t be continuous.

Or even better, BBCode. =3 Thanks for the tip though. Hopefully it gets contained or at least give reason for ANet to up security measures a bit more.

Or just delete the http:// stuff. Then it will not be a link anymore. Better change it before others get hacked…

Aardvarkk.9786:

If you copy the link they give and paste it into your browser, it asks to give access to an unknown IP address to your account. In my case it was 62.150.38.163.html. Of course I said no, but it might be an easy way for Anet to shut down these guys.

Same IP for me. 62.150.38.163
I almost fell for it, because I don’t have a static IP address, but I haven’t even tried to log in today. Dang it, how the hell do they get our emails. ArenaNet has kittened up somehow, otherwise I don’t see how they can connect our emails to the fact that we have Guild Wars 2 accounts.