tag:blogger.com,1999:blog-20292755.post3823575079886819199..comments2024-01-04T02:49:23.470-08:00Comments on Blessing of Kings: Email ScamRohanhttp://www.blogger.com/profile/09090769681887119989noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-20292755.post-64228715307592890552009-04-01T10:22:00.000-07:002009-04-01T10:22:00.000-07:00I have heard tons of these stories but have yet to...I have heard tons of these stories but have yet to see an email like this with my own eyes.Marshalhttps://www.blogger.com/profile/10512776812185803630noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-9826481766582511032009-03-30T12:24:00.000-07:002009-03-30T12:24:00.000-07:00@Klepsocovic, it's worse.See, there are places tha...@Klepsocovic, it's worse.<BR/><BR/>See, there are places that do, indeed, require you to use your social security number as your login or password.<BR/><BR/>You will typically encounter it if you are hunting for a job. So far the only places at which I've encountered it have been universities and the United States Government, but after quite a bit of discussion with federal authorities I can say that others can do it as well. Yes, they've responsibilities for security but I will assume you understand my discomfort with that.<BR/><BR/>In other words, what you thought was a scam may not have been such. I'll suggest you contact your school and check. If it wasn't a scam, perhaps you can persuade someone in authority that this might be a bad idea and get it changed.<BR/><BR/>KirkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-66275975035195195642009-03-30T12:22:00.000-07:002009-03-30T12:22:00.000-07:00thanks llanion... I did forget about those ones, h...thanks llanion... I did forget about those ones, heh.<BR/><BR/>LOL Rhii! thats why my passwords are all more or less the same, just with a few characters moved - like an exclamation mark will come after instead of before, or it won't be there at all. It does get kind of frustrating when you forgot which one is your WoW account and try 13 variations of the same frickin password before you get the right one though, haha.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-4575590749819284542009-03-30T10:53:00.000-07:002009-03-30T10:53:00.000-07:00Being kind of a crazy person, I keep waking up at ...Being kind of a crazy person, I keep waking up at night wondering if I'm going to get hacked. <BR/><BR/>Changing your password at 4am isn't a recipe for account security... it's a recipe for locking yourself out of your own account over and over again. Maybe I'll get an authenticator and be done with it. <BR/><BR/>Nice catch on the spam mail. :)Rhiihttp://www.isheepthings.comnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-28512001909269606002009-03-30T10:36:00.000-07:002009-03-30T10:36:00.000-07:00Peregrine: Correction- *.blizzard.com and *.worldo...Peregrine: Correction- *.blizzard.com and *.worldofwarcraft.com are Blizzard-owned. blizzard.*.com and worldofwarcraft.*.com are not.Llanionhttp://www.madcowchronicles.netnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-90882486477771725242009-03-30T10:32:00.000-07:002009-03-30T10:32:00.000-07:00Not only is this email a scam, but its some kind o...<I>Not only is this email a scam, but its some kind of failure scam as well.... whoever this is doesn't know what he's doing, because did anyone else notice, nowhere does he ask you to send in your account information? maybe I just missed it...</I><BR/><BR/>That's the part I redacted. It looked like a link to battle.net, which is pretty clever because of the new linking of Battle.net and WoW accounts. Every other link was a legit World of Warcraft link.Rohanhttps://www.blogger.com/profile/09090769681887119989noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-67580556417185731522009-03-30T10:03:00.000-07:002009-03-30T10:03:00.000-07:00Not only is this email a scam, but its some kind o...Not only is this email a scam, but its some kind of failure scam as well.... whoever this is doesn't know what he's doing, because did anyone else notice, nowhere does he ask you to send in your account information? maybe I just missed it...<BR/><BR/>Yeah they can look VERY professional. I frequent sites like MMOWNED so I can learn how these scammers think and what tools they have at their disposal, and frankly, its astounding the lengths to which players will go to scam other players.<BR/><BR/>Two tips:<BR/><BR/>1) Just because its from XYZ@Blizzard.com, don't automatically trust it. There are e-mail services that disguise one e-mail address (iscamyoululz@scammorz.org) as something official (accountadmin@blizzard.com).<BR/><BR/>2) Just because the website is www.worldofwarcraft.com/XYZ or www.blizzard.com/XYZ, don't automatically trust it. HTML CAN be edited to provide the TEXT www.blizzard.com while linking www.ugotscammed.com. Always check your address bar AFTER you click the link!<BR/><BR/>3) anything.blizzard.com (two dots) is illegitimate. anything.worldofwarcraft.com is illegimate. The same holds true of worldofwarcraft.something.com or blizzard.something.com.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-49303876982209649042009-03-30T09:59:00.000-07:002009-03-30T09:59:00.000-07:00Of course Blizz bans first and asks questions late...Of course Blizz bans first and asks questions later so the pending ban is completely against Blizz standard practice. I've actually gotten very similar e-mails from blizzard when my account was compromised so I could see how someone would fall for this. It took me a week to get all the bans lifted from the gold seller as well as getting all my toons and armor back. Though many items I never got fully restored.Artorinnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-83275155076786536842009-03-30T08:57:00.000-07:002009-03-30T08:57:00.000-07:00Sure, and that works fine until one country/author...<I>Sure, and that works fine until one country/authority (Tokelau, for example) is less than discriminate with their signatures.<BR/><BR/>Generally, schemes where you have to count on *everyone* behaving properly don't work.</I><BR/><BR/>That's correct and that's the reason why nobody signs his e-mails. Because you can get away with that. Technically, mail servers could only forward signed e-mails, therefore enforce a proper signature. It only requires your provider to do it and your "protected" from unsigned e-mail and everybody who wants to send an e-mail to you is forced to use a valid signature. It's only a matter of critical mass.<BR/><BR/>And the governmental ID does actually work for passports, if your traveling abroad. The Tokelaueans might not be allowed to enter certain countries, but the same could be done with e-mails.<BR/><BR/>Nevertheless, we will have to live with e-mail scam (and SPAM) as long as e-mails are not properly signed.<BR/><BR/>Someone has to decide which certificates are valid. In your web browser that is done by the Mozilla corporation or by Microsoft. I would trust my government to do that decision. If they are corrupted, I have other problems than the certificates. But who else would you trust to decide which e-mail signatures are valid?<BR/><BR/>As of today, everyone can buy an e-mail S/MIME certificate without proving his identity. I could buy at Verisign one with your name. These certificates allow you to encrypt the e-mail but they don't prove that they were sent by whom they claim they were.<BR/><BR/>But, doesn't matter. It won't happen anyway. We'll stick with SPAM and scam I guess. Filters get better... :-)Kringhttps://www.blogger.com/profile/03128630042421602039noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-33819729583336181372009-03-30T08:36:00.000-07:002009-03-30T08:36:00.000-07:00It would be enough if everybody would sign their m...<I>It would be enough if everybody would sign their mail with a trustworthy signature.</I><BR/><BR/>Sure, and that works fine until one country/authority (Tokelau, for example) is less than discriminate with their signatures.<BR/><BR/>Generally, schemes where you have to count on *everyone* behaving properly don't work.Rohanhttps://www.blogger.com/profile/09090769681887119989noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-33262082830126414532009-03-30T06:56:00.000-07:002009-03-30T06:56:00.000-07:00"That would require a governmental certificate (ID..."That would require a governmental certificate (ID) which some nations have a problem with. :-)"<BR/><BR/>And rightfully so...Heywood Djiblomihttps://www.blogger.com/profile/01424315448841746864noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-63827493854050573142009-03-30T03:26:00.000-07:002009-03-30T03:26:00.000-07:00@ Ixobelle - This is nothing compared to the Niger...@ Ixobelle - This is nothing compared to the Nigerian email scams, and look how that worked out. People aren't very smart. Many moons ago I worked as a phone person in a national newspaper. The amount of stupid I got through the handset daily was staggering. This then is no biggie.Kylofonhttps://www.blogger.com/profile/00589730586105918258noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-4212457777503629182009-03-30T02:53:00.000-07:002009-03-30T02:53:00.000-07:00E-mail doesn't have to cost money. It would be eno...E-mail doesn't have to cost money. It would be enough if everybody would sign their mail with a trustworthy signature. That would require a governmental certificate (ID) which some nations have a problem with. :-)Kringhttps://www.blogger.com/profile/03128630042421602039noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-55611467118884980472009-03-29T23:17:00.000-07:002009-03-29T23:17:00.000-07:00@ rohanyea he did open a ticket- just the hacker's...@ rohan<BR/>yea he did open a ticket- just the hacker's decided to start selling gold on his account.... sooo he's got a while till blizz decide's to let him back on it, if they do at all<BR/><BR/>ugg i got to get me a IDAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-50319802982950841552009-03-29T23:13:00.000-07:002009-03-29T23:13:00.000-07:00@anonymous, he can get his stuff back if he opens ...@anonymous, he can get his stuff back if he opens a ticket in game. Same with the guild bank stuff.Rohanhttps://www.blogger.com/profile/09090769681887119989noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-50110142031934788822009-03-29T23:11:00.000-07:002009-03-29T23:11:00.000-07:00one of our guild officer's received this- sadly he...one of our guild officer's received this- sadly he thought it was real, Guild bank cleared- toons deleted:'(<BR/><BR/>he was our best tank aswell....<BR/><BR/>sighAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-20292755.post-11837405264239330232009-03-29T23:10:00.000-07:002009-03-29T23:10:00.000-07:00I got one of these too, but they probably would ha...I got one of these too, but they probably would have been a lot more convincing if it hadn't had "EU" and "World of Warcraft Europe" written all over it. My account is a US account, so an email telling me my EU WoW account is being sold or traded, when I have an authenticator and know for a fact that I'm the only one logging on to it anyway, raised an eyebrow.<BR/><BR/>I forwarded it to billing@blizzard.com as their support site suggests for suspicious emails like these.Kirynhttps://www.blogger.com/profile/13868901474885427449noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-85869560680775676802009-03-29T22:15:00.000-07:002009-03-29T22:15:00.000-07:00What a coincidence, today I noticed a particularly...What a coincidence, today I noticed a particularly tricky one, though not for WoW. My school email had something about online billing being available. Well cool, that's convenient. Reading reading... password is SSN? F-off. The thing that worries me is if it had said something less risky, but still potentially troublesome, such as my campus ID or one of the passwords I use for the various academic sites we use. "Your default name as password are the same as your login portal." Well that almost sounds legit and I can see people falling for that.<BR/><BR/>@Ixo trusting people who don't understand the anonymity of the world, that something can be aimed right at them, but not even know them, and certainly not have their interests in mind. Also people who are willing to risk everything, just to make girlfriends stop laughing and then immediately breaking up.Klepsacovichttps://www.blogger.com/profile/07915576683657376929noreply@blogger.comtag:blogger.com,1999:blog-20292755.post-47192891503530172262009-03-29T20:21:00.000-07:002009-03-29T20:21:00.000-07:00I still don't understand how spam even like *w...I still don't understand how spam even like *works*. WHo the hell even opens one with the subject line "your c0c|< is SO SMALL She's Ga5ped"? Like, our target demographic is 'people who have never had an inbox, and our email is the first one they ever receive'.<BR/><BR/>Is the click thru on these worth anything? I wonder if it's just some old box in a closet sending the same email over and over forever, and the 'company' being advertised is even in existence anymore...<BR/><BR/>mehRichhttps://www.blogger.com/profile/01024497755617725448noreply@blogger.com