Guild Wars 2

Well, the phishers keep trying, but we all are much to smart to be taken in by these, right?

Here’s the latest I received on Friday, December 13th. I just found it in my junk mail folder, so at least it’s getting sorted properly. But keep in mind that due to e-mail issues rather out of our control, some of our real mails are also sometimes ending up in Junk or Spam. So it requires diligence on our parts — as players — to be sure we’re not taken in by the phonies.

KNOWN PHISHING EMAIL:

Dear customer,

Due to suspicious activity, your ArenaNet account has been locked. You tried to login your [NAME REDACTED] account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail Account

After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

Step 3: Restore access to Your account

We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account:

[gg: I’ll talk about the link below]

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at https://www.guildwars2.com/en/legal/ [gg: This is actually an ok e-mail address, but you can be sure I checked it to see if it lead elsewhere!]

[gg: signed by non-existent team]
Sincerely,
The ArenaNet Account Team
Online Privacy Policy

END SAMPLE*****

Now, about that link:

This is how the link appears (and I’ve added spaces and deleted stuff, so it’s invalid):
https:// account. guildwars2.com/ login/ allow?token = [bunch of letters and numbers]

This is where the link really goes if you check where it’s sending the poor, unfortunate soul who clicks it:
http:// www.guildwars2.com. login. account. aoes.xe-osa.asia /?login.html ? [bunch of letters and numbers here]

So what’s the lesson here? Once again…

1. Never click a link in an e-mail unless you know, I mean know it’s legitimate.
2. Hover over the link and see where it really goes.
3. Copy the link from the e-mail and paste that into a browser. You then go where the link says, and not where it secretly leads.
4. Pay attention to the e-mail that is receiving the message. In this case, the phisher sent to an e-mail account of mine that has no relation whatsoever to my game accounts. If you have associated all your games with @this-email-provider.com and the e-mail arrives in the inbox of @that-other-e-mail-provider.com, you know it’s fake.

Bumping for visibility.

Bumping for visibility.

Moving to front page.

If this is TL;dnr: Please submit a ticket for support issues and do not ping me directly unless I request information that we need to keep private. Thank you.

Update 16 December 2013

119037 – Resolved
155552 – Resolved.
151112 – Resolved.
131272 – Resolved. Apologies for the delay!
145591 – Responded today; we’re still working to address the issue for you and other players.
153452 – Answered 12/11 and you have not followed up. Please do so if you still require help, but please read the details carefully, as we are not refunding ALL items, only exact duplicates.
156662 – Answered on 12/15
156323 – Checking on this.
150891 – Checking on this. Thank you for the additional details.

• Some tickets awaiting review are flagged either for “gold selling” or for “fraud.” These reviews take time because they are very complicated. Please continue to discuss these matters with the Support Team to reach the best resolution.

• Please also note that botters and gold sellers (RMT workers) file appeals, too. We will not reinstate accounts found to be involved in these offenses. Those listed as “final response” it will not be reviewed again.

If your ticket is at least three days old, and if you still need assistance, please post in the  Tickets for Review – 3 days and older [merged] thread, which is here at the top of this forum.

Update 16 December 2013

119037 – Resolved
155552 – Resolved.
151112 – Resolved.
131272 – Resolved. Apologies for the delay!
145591 – Responded today; we’re still working to address the issue for you and other players.
153452 – Answered 12/11 and you have not followed up. Please do so if you still require help, but please read the details carefully, as we are not refunding ALL items, only exact duplicates.
156662 – Answered on 12/15
156323 – Checking on this.
150891 – Checking on this. Thank you for the additional details.

ShiningSquirrel.3751:

Jsvkkie.2037:

Ok, this is weird, someone in my guild gave me that website and he said he bought gems from it, and that website isnt in that list.

Just because they actually sell codes does not mean they are legit. It has happened many times with many games, where a site will use stolen credit card info to purchase codes, then sell them at a discount to others. When the fraud is discovered, it’s the person who used the codes who lose their accounts. My 2 cents, that site is using an anonymous service to hide who the true registers/owners are. If they where legit, they would have no reason to hide that information.

Quoted for truth.

Do not purchase gems from a third party unless it’s on the list linked above. It’s risky, and the risk is all on you, as the customer. No savings would be worth getting completely cheated out of gems or, as we’ve seen in some cases, having your account stolen through the use of personal information.

We would not roll back an account for this reason — that’s a service offered only for a compromised (hacked) account. However, you’re welcome to contact Support to inquire about the GS items you deleted in error.

As stated above, we do not restore accounts (to a previous point) for issues such as this. We also are not able to refund laurels.

kitten said, it would not be of any value to submit a ticket on this issue, so thanks for not doing so.

gilymonster.7849:

Same problem at the moment, bought $30 worth of gems and havent got them, 1 and a half hours later

We’re aware of some “lag” between purchase and delivery, but we believe you will get your gems. Please let us know if you do not receive them, and if you could include the time of purchase and the time of posting — the gap between purchase and non-delivery — that would be very helpful!

Moving to front page.

It’s important that an RMT can’t create a character and immediately use it to transfer gold by the boatload. To prevent their fraudulent activities — which have a negative impact on the game for everyone — we have a few restrictions on all new accounts. As you play, and as you amass wealth through playing, the limitations on your new account will dissolve.

I am sorry that you’re having this continuing issue. It’s difficult to tell the source, so please submit a ticket by visiting the Support link above and then clicking “Submit a request” in the upper right-hand section of that linked page. The team should be able to assist you.

Smooth Penguin.5294:

The fact that you needed to tell people to get our heads out of the gutter, is clear indication that you knew this was a bad name.

Precisely. And that is why it was censored and will require a new name.

Update: 13 December 2013

147560 – Resolved
144843 – Resolved
144398 – Resolved
148460 – Resolved
150813 – Resolved
156938 – Agent is working with you on this now.
128071 – As requested, this needs to be submitted as a bug report, it is not an account issue. You’re welcome to post in the Bugs Forum.
154562 – The team needs account verification info. You responded in a second ticket, so they’ll need to merge those, review the data, and get back to you.
138231 – The team responded on 4 December. Have your friend check spam and junk mail, and update the ticket to ask them to resend the answer, if necessary.
150891 – We are not able to fulfill your request.
149258 – Under review
M A T I A S.1067 – Please submit a ticket by visiting the Support link above and then clicking “Submit a request” in the upper right-hand section of that linked page. The team should be able to assist you.

• Some tickets awaiting review are flagged either for “gold selling” or for “fraud.” These reviews take time because they are very complicated. Please continue to discuss these matters with the Support Team to reach the best resolution.

• Please also note that botters and gold sellers (RMT workers) file appeals, too. We will not reinstate accounts found to be involved in these offenses. Those listed as “final response” it will not be reviewed again.

If your ticket is at least three days old, and if you still need assistance, please post in the  Tickets for Review – 3 days and older [merged] thread, which is here at the top of this forum.

Update: 13 December 2013

147560 – Resolved
144843 – Resolved
144398 – Resolved
148460 – Resolved
150813 – Resolved
156938 – Agent is working with you on this now.
128071 – As requested, this needs to be submitted as a bug report, it is not an account issue. You’re welcome to post in the Bugs Forum.
154562 – The team needs account verification info. You responded in a second ticket, so they’ll need to merge those, review the data, and get back to you.
138231 – The team responded on 4 December. Have your friend check spam and junk mail, and update the ticket to ask them to resend the answer, if necessary.
150891 – We are not able to fulfill your request.
149258 – Under review
M A T I A S.1067 – Please submit a ticket by visiting the Support link above and then clicking “Submit a request” in the upper right-hand section of that linked page. The team should be able to assist you.

Draygo.9473:

^ you only need the serial code for the automated password reset process. Support can use other information to verify you for the password reset. Just send them an email, preferably from the email account that matches your guild wars 2 account.

This says it in a nutshell. There are very few cases in which having a serial code was the “deal breaker” for retrieving an account. (And those generally involved disputed ownership where two people claimed to own the account, a situation that doesn’t appear to apply to you, thank goodness!)

If you need help, we’ll use as many means as possible to help you. But I do like the advice to Save all serial codes just in case. It’s a good practice for any software, I feel.

Glad this sorted out.

ArcanePwner.1539:

Hello, first off I apologise if this post is in the wrong thread, I didn’t know where to put it.

So, I tried to buy gems with paypal and at the end of the purchase paypal said that to purchase gems for GW2 it must be done through credit card and not directly from my paypal balance. Is it always like this? Is there another way? Because I assumed that paypal worked by purchasing items via the money within your paypal account and I cannot purchase gems with a credit card.

By the way, I live in Australia.

Hmmm… that is not the way I believe it’s supposed to work. Would you kindly go to the top of the page, click “Support” and then “Submit a request” to let the team know this is happening? I’d do it for you, but then the ticket would be in my name and come to my address and that wouldn’t do you any good at all.

The point is, I thought someone could purchase from his/her PayPal balance, and not be asked to use a CC on top of that. But I’m not an expert so I’m asking the team who works with this stuff every day. In the meantime, I’d like to get that ticket you make into the system, if you’d be so kind!

BTW, thanks for your purchase, and I hope we can help you make that very soon indeed!

Gaile Gray.6029:

Brother Grimm.5176:

Nobody knows the methods used or how they change or what they look for on this subject and I doubt we ever will. They rightfully want to protect that info so gold sellers won’t be able to get around the checks.

Thank you — very sensible observations!

Brother Grimm.5176:

Nobody knows the methods used or how they change or what they look for on this subject and I doubt we ever will. They rightfully want to protect that info so gold sellers won’t be able to get around the checks.

Thank you — very sensible observations!

Inculpatus cedo.9234:

I’m not sure writing a message does much good. If it did, wouldn’t gold-sellers just write a fake message with each gold delivery stating ‘Here is the gold I borrowed. Now I’m paying it back.’….or something like that?

Food for thought.

Yes, of course they would. I don’t know where the “write a message to get a free pass for gold transfers” rumour got started, but I cannot give it a whole lot of dev approval.

There are logs and system checks that might flag an account for possible “suspicious” activity, but each transfer is reviewed by a human being and the false positive rate is very low. I’d encourage you to go about your business knowing that if someone were to make an error and block an account for a perfectly legitimate we’d act very promptly to reverse that error.

We’re human. We may make a mistake from time to time. But honestly, it doesn’t happen often, and the number of false positives is ever decreasing with improved training and review systems.

MasterKJ.8475:

Sorry but where in support can i go to change my log in?

Please click “Submit a request” and an agent will help you. The process, for security reasons, requires the assistance of a support agent.

Happy to help. Please submit a ticket by clicking “Support” at the top of this page and submitting a ticket.

Please review this thread for info on e-mails: https://forum-en.gw2archive.eu/forum/support/account/Not-Getting-Our-Mails-Yahoo-Gmail-Hotmail-and-more/page/2#post3369882

If there were a security breach of the type you mention, we’d have tens of thousands of tickets about this and probably a few hundred forum posts. The fact that we do not have those things points to an isolated, personal situation, perhaps with your computer system, your authentication set-up, your e-mail account, etc.

Please read this thread about e-mail transmittal/receipt problems:

I suggest that you create a ticket (or update an existing ticket if you previously received support in relation to this concern). Please allow our team to try to assist you with the matter. Click “Support” at the top of this page, and then fill out the form to get assistance. We want to help you with this.

The team asked you security questions back on Wednesday and you responded. But you created a new ticket today and that is going to slow the process for you.

The team will respond as quickly as they can. I think you will hear this evening.

But the problem isn’t your game account, it’s your e-mail account, so you need to secure that, it seems to me.

In the future, please do not create multiple tickets and please post follow-ups, after three days, in the Tickets for Review thread above.

Monkman.9508:

Gaile Gray.6029:

Monkman.9508:

I am having this issue recently, and I know why, as should you, the spoof and phishing e-mail were sent with your addresses as the source, I am really surprised you all have not changed your e-mail address down there at GW2 headquarters, that is the easiest way to get your e-mails through, since new e-mails will not yet be flagged as fraud. If you change your e-mail address often, even just adding a number to the end of it, it would help a lot with this problem.

Also, I am on here to check my in box here on this website, and it is empty, why would you not cc your messages here for us to pick up ? Why have you not e-mailed me also in game?

Now where on earth am I supposed to find my support ticket then since you do not e-mail me here, seem to have a blocked e-mail address with my mail server, and do not seem to have a place for me to look up my tickets ?

I think you’re not clear on e-mail “sender” information. Anyone can send an e-mail as just about anyone in the world. You could get an e-mail that appears to come from The Cat in the Hat or President Obama or Santa Claus, but that doesn’t mean it came from them. In fact, I’m pretty comfortable telling you that that mail did not come from any of those sources.

I can’t see where us changing our legitimate e-mail address would make a bit of difference, when the mails are not coming from us, but can be spoofed to appear to come from us no matter what the real sending address may be. And cycling through constantly changing e-mail addresses is a recipe for disaster!

You can verify the sender of an e-mail by checking its properties or the mail header. Our changing our outbound e-mail address won’t reduce the phishing attempts. Each of us who uses the Internet must protect ourselves by being diligent in checking e-mails and making sure they come from the source they show in the “From” or “Sender” field.

Hi Gail,

I am aware of how e-mails work, and am also aware of being able to change the way the senders address appears, I am a computer scientist/ programmer/ and web developer who runs a fairly large company devoted to the internet.

If you can not see how it would help, then I guess that explains why you have not done it. I was a bit upset when I wrote my post and I am aware it may have come through in my wording, it was not directed at you at all, just a frustration with the situation.

Just to let you know Outlook.com did not have you blocked by IP address, but by e-mail address, so by slightly changing your e-mail address now and then, it would have been sent to my junk box still, but not completely deleted from existence, as my spam filters were doing.

Thank you for your reply just the same, having added you to my safe senders list, e-mails are now coming through, but I will likely have to block you again soon as the phishers I am sure will return, and of course I do not blame you for their actions.

You may want to get your e-mail server’s IPs on some of the big e-mail white lists out there if possible, such as Certified Senders Alliance, The Spamhaus Project, and Certified email, it would eliminate this problem for most. Again no reason for not sending copies to in game e-mails or the e-mails here of the forum, it may be out of your job description to set things up, but it is far from impossible so long as you have a way to give ideas to people who do such things, there are also e-mail services that will send for you for a charge that are white listed, they can use your e-mail address also of course.

Peace to you, and all of your co workers, support has helped me now, and did it quickly and polity, I am thankful for the great service, and trying to help.

Thank you for this additional information — I found it very interesting indeed! What I don’t want us to do is have a revolving door of e-mail addresses. That just “smells funky” if you know what I mean. “Guild Wars 2 Team ABAA” or “Newest version of GW2 Team” just doesn’t have a veracity factor that I’d want our mails to have. But your insights are, as I said, quite interesting, and I will be sure to pass them along to the folks who would handle the core of our e-mail system.

(Just to set your mind at rest, the fact that I can’t see how it would help doesn’t explain why we haven’t done it. Believe me, I’m not in charge of e-mail configurations! But I suspect you meant “you” in more of a company sense, and that’s why I’ll be sharing your thoughts with those who would make those decisions.)

Thanks.

MasterKJ.8475:

hello
I would like to change my email address that is link to my account and to change my account name “MasterKJ”. Is that possible? If so, how?

Please contact Support (click Support at the top of this page) about changing your account name, which is your log-in (e-mail address). We do not make changes to or offer the ability to alter a Display Name (in your case MasterKJ).

Thanks for these updates, and for the system specs that two of you e-mailed me. We will use this info to try to fashion a fix!

Sunryse.7530:

Small update, he just got the email including his CD key after about 2 hours. Thanks for the help

It’s great that you updated, and we appreciate it. It’s curious there was a delay, but it’s a relief that the code came through for him!

Please pass along a “Welcome to Tyria” from the dev team.

Thanks for these reports so far. We really appreciate you guys chipping in to help us nail these pesky bugs!

maxinion.8396:

The latest patch did fix this for me. Thanks for the quick attention!

So good to hear that, thank you for posting!

Battista.4392:

Battista.4392:

i use PayPal and not for the first time, so far i never had problems. now when i want to pay, this happens (like described before):

“After i clicked the pay now button they both had the same result it switched to a Fatfoogoo web address and a blank screen and froze.”

oh well, after coming back from dinner i noticed, the Transaction still worked, even if the mail took some time and gems werent there before, but now all Looks ok.

Thank you for updating. It’s helpful to know that things did sort out, even if they took longer than expected. (This avoids me pinging devs about an issue that appears to be resolved now. So thanks again for posting!)

Hey there. Some of you were posting in this thread about Mac-related issues, and in order to increase visibility of the thread and help other users, I’ve split that discussion and placed it in the Mac forum.

Here’s the link: https://forum-en.gw2archive.eu/forum/support/mac/Gem-Purchase-Redemption-Issues-Merged/first#post3342889

I stealthily moved this thread to the Mac Support forum (out of Account Support) but I’ll post in the content’s former home so you guys can track this.

Also, please note that I edited my post asking for system information to include some additional questions and some helpful links.

Hey, folks,

I’m talking to the dev and QA Teams about this issue. They’d like to ask for a bit of information, if you’re willing to share it. (I don’t see anything potentially scary in a security sense in your posting this, or of course I wouldn’t ask!) If you still are unable to properly purchase gems or redeem gem codes or if you are experiencing wild behavior with your mouse, please tell us the following:

• What make or model of Mac are you using?
• What OS are you using?
• What version of the OS are you using?
• What Version of the Mac Gw2 Client are you using? Determine this by doing the following: Go to Applications > Gw2 > Get Info > Look for Version number in Get Info window (it should look something like Version: Gw2 – 1.0.009524)
• If you are having mouse issues, what type of mouse is involved and what version of the Logitech Software you are using.

Here’s a helpful thread: https://forum-en.gw2archive.eu/forum/support/mac/Technical-Problems-Post-Your-System-Specs that lets you determine what info would be helpful in troubleshooting these issues.

If you are willing to submit a System Report, that would be great! Get that report by doign the following: Apple Menu > About This Mac > System Report Button > File > Save. Once saved, attach the file to an e-mail and send to SupportLiaison@Arena.Net.

Potential work-arounds:

• If you have any application specific settings set up in the Logitech software, they may be causing the issue so consider removing the application specific settings because that may solve the problem.
• If you are playing the game windowed, try clicking off the screen and back on the screen.
• If you are playing full screen, try cmd + tab to go to the desktop and then go back into the game.

Some threads related to mouse issues:

• https://forum-en.gw2archive.eu/forum/support/mac/Mouse-problems
• https://forum-en.gw2archive.eu/forum/support/mac/Logitech-G600-everything-is-a-left-click
• https://forum-en.gw2archive.eu/forum/support/mac/Mouse-camera-going-haywire-how-to-fix

Thank you for the reports posted after the live build yesterday.

As you’re aware, some Mac users now are able to purchase gems and redeem gem codes, but others still are having difficulties. I’ve collected all of your posts (thanks again!) and have sent them to … a whole bunch of people.

We do not consider this issue done and dusted, but only partially addressed, and we will continue to work on the issues that folks are experiencing.

I’ve alerted our KB specialist, and I’m sure she’ll look for those erroneous links.

If you have any that come to mind, it’s be great if you post them here to save her time!

Thanks a bunch.

Monkman.9508:

I am having this issue recently, and I know why, as should you, the spoof and phishing e-mail were sent with your addresses as the source, I am really surprised you all have not changed your e-mail address down there at GW2 headquarters, that is the easiest way to get your e-mails through, since new e-mails will not yet be flagged as fraud. If you change your e-mail address often, even just adding a number to the end of it, it would help a lot with this problem.

Also, I am on here to check my in box here on this website, and it is empty, why would you not cc your messages here for us to pick up ? Why have you not e-mailed me also in game?

Now where on earth am I supposed to find my support ticket then since you do not e-mail me here, seem to have a blocked e-mail address with my mail server, and do not seem to have a place for me to look up my tickets ?

I think you’re not clear on e-mail “sender” information. Anyone can send an e-mail as just about anyone in the world. You could get an e-mail that appears to come from The Cat in the Hat or President Obama or Santa Claus, but that doesn’t mean it came from them. In fact, I’m pretty comfortable telling you that that mail did not come from any of those sources.

I can’t see where us changing our legitimate e-mail address would make a bit of difference, when the mails are not coming from us, but can be spoofed to appear to come from us no matter what the real sending address may be. And cycling through constantly changing e-mail addresses is a recipe for disaster!

You can verify the sender of an e-mail by checking its properties or the mail header. Our changing our outbound e-mail address won’t reduce the phishing attempts. Each of us who uses the Internet must protect ourselves by being diligent in checking e-mails and making sure they come from the source they show in the “From” or “Sender” field.

Pro Creator — both of the suggestions above are solid and I think they’ll give you the info you seek. Thanks for your support of the game!

Update: the error message is a mystery to us, but it has been corrected, according to reports from the team involved with such things.

Again, those of you having trouble buying gems are encouraged to contact our CS Team so we can help.

Thanks for these reports! I’m sorry that each of you is having difficulties, but boy do we appreciate you letting us know about this!

For help, please contact our Support Team. Click “Support” at the top of this page, and then “Submit a request” to file a ticket. We will help you to the best of our ability.

And thanks a bunch for your past and future Gem Store purchases!

Yes, please do contact Support. The team will help you out!

Please read the second to explain the “e-mail has changed” notation. It is explained in that first e-mail.

You will each need your own account to play Guild Wars 2. Please also be aware that account sharing is a huge risk for both of you, and it is against the User Agreement.

For you Mac folks: We’re aware of this issue and very sorry that you’re having this experience. If I am reading the internal e-mails properly, a fix for this is being worked on and may already be in testing mode.

I hope you’ll try again soon. I’ll give an “all clear” when it comes through.

Thanks to all of you for your support of our game! We’ll try to make it easier for you in the future!

Inculpatus cedo.9234:

Smackimus.6782:

I’m currently living in the People’s Republic of China, and I don’t always have access to a reliable VPN when playing this game. If I’ve just purchased this game and create my first characters and content on a Chinese server, will I be able to play with the same characters once I return to the States later this month?

Thanks in advance!

As far as I know, there are no official Chinese servers at this time. Only two regions: NA and EU. Once an account is registered in its appropriate region, you may play from anywhere in the world.

Welcome to Tyria. =)

This is correct. All those who register the game play out of our North American or European data centers.

As you may be aware, we changed to a new billing system last week. The system providers have fully reviewed the legal requirements related to sales tax (or its equivalent) and a charge is added to purchases in those states, provinces, regions, or countries that require taxation.

Cardstar.1963:

@Gaile Grey,

Not completely true, I have a number of email accounts and the only one I have ever had these mails to are the one that’s associated to my guild wars account so they are clearly targeted. Anyhow I don’t suppose I’ll be playing again anyway but at least the option is open to me if something draws me back, that it’s not been fleeced by a hacker.

Yes, I imagine that tens of millions of people are getting e-mails, allegedly from us, saying things like “Your GW2 account is in jeopardy” or “Your account has been terminated.” We have more than 3 million players but we don’t have as many as are receiving these bogus e-mails. I know this because as point of contact for ArenaNet on some email accounts, I’m hearing daily from people who say, “I don’t play computer games, please take me off your mailing list!” or “I don’t have an account, please stop mailing me.” Our reply assures them they are not on our mailing list, they are not hearing from us, but are being phished by someone who knows their email address and is hoping they have a GW2 account to steal.

What that means is that people are targeted, not our players. And those recipients include many who do not have and have never had a Guild Wars or Guild Wars 2 account.

Phishers … phish! I get e-mails several times a week about a game I’ve never joined, never even demo’d. The would-be account thieves hope that I have such an account and hope I am stupid enough to click their bogus link and provide my credentials so that they can steal the account. Obviously, they fail.

I’m sorry for the inconvenience you’re facing, but I don’t believe we can help you avoid mails that are not sourced from, or though, our company.

As far as your account, we’ll be happy to work with you on security, if it has been compromised, so please contact Support if you’re concerned about that at all.