Could this be a scam?

Snooble · 28 Jan 2011 at 14:51

Evilsod said:
Yeah they all look legit but have https at the start.

:S Who taught you internet?

https can be faked with ease and is completely unnecessary for phishing pages..

Can simply copy source
Change form action to direct to your page
Your page takes POST variables and puts them in SQL or f writes them to .txt file.
You retrieve ftp file or query db for info.

Simples.

No URL masking works for all browsers.. there used to be a common exploit for firefox but it was patched. The only 'masking' that can occur is by 'link labeling' e.g.
Hey click me for sweets!

Code:

<a href="IAMGOIGNTOHACKYOU.COM">Hey click me for sweets!</a>

S

PhillyDee · 28 Jan 2011 at 14:54

I nearly got caught out on my business eBay account. A message came through looking exactly like a legit email from a potential customer asking details for item number (Copy and paste from a browser complete with item id (Which did not exist!)).
Luckily IE caught it.
I still would not have logged in without checking the url etc (As I always do) but it did shock me! I only clicked it expexting it to take me to an item.

'Wes · 28 Jan 2011 at 14:59

What does it matter if you don't have a battle.net account? And, yes it's fake.

James J · 28 Jan 2011 at 15:03

Good tip for those with BNET accounts is to change the email address to something completely new and dont use that email for anything else but bnet. If you get a blizzard email going to that then, it'll most likely be genuine (but extremely rare as they never contact you unless your buying something from them or get banned lol).

I did this with my bnet and I still get emails daily to the old address saying that my BNET is compromised etc so I can just delete them without reading now.

Snograt · 28 Jan 2011 at 15:13

The majority of the bogus battle.net scams have a plausible-looking URL in a format similar to accounts.battle.net.somethingbogus.com.

I've had hundreds of these damn things - some of them even manage to get through the junk filter.

I sometimes click on the link anyway, just to remind myself what a bogus site warning looks like

Skellig · 28 Jan 2011 at 15:25

Snograt said:
The majority of the bogus battle.net scams have a plausible-looking URL in a format similar to accounts.battle.net.somethingbogus.com.

I've had hundreds of these damn things - some of them even manage to get through the junk filter.

I sometimes click on the link anyway, just to remind myself what a bogus site warning looks like

Yup - always spammed in my hotmail. Hasn't touched any of my gmail accounts yet.

nin9abadga · 28 Jan 2011 at 15:25

the key thing to remember though is that non of these MMO games or account based games ever email you asking you complete your details, everyone I've seen or played or created says in big bold letters "we will not email you asking you to confirm details" (or words to that effect) when you create the account. so if you get an email asking you to follow a link and input your details - don't.

Evilsod · 28 Jan 2011 at 15:37

Snooble said:
:S Who taught you internet?

https can be faked with ease and is completely unnecessary for phishing pages..

Can simply copy source
Change form action to direct to your page
Your page takes POST variables and puts them in SQL or f writes them to .txt file.
You retrieve ftp file or query db for info.

Simples.

No URL masking works for all browsers.. there used to be a common exploit for firefox but it was patched. The only 'masking' that can occur is by 'link labeling' e.g.
Hey click me for sweets!

Code:

<a href="IAMGOIGNTOHACKYOU.COM">Hey click me for sweets!</a>

S

... seriously what the hell are you on about?

billyboyd · 28 Jan 2011 at 15:43

Yeah i have had at least 10 of the blighters in the past month. Spot them a mile off as the link they want you to click on is usually along the lines of wor1dofwarcraft instead of the proper worldofwarcraft.

Snooble · 28 Jan 2011 at 15:49

Evilsod said:
... seriously what the hell are you on about?

You said:

"Yeah they all look legit but have https at the start."

I say, that's not true. They don't all have https at the start -

The rest is me describing how people make phishing pages along with a little demo of the most common trick used within emails..

Did I really have to explain that? Or could you have just read my post and googled..

McGray · 28 Jan 2011 at 15:52

Wonder how many people they fool a day. Quite a few I imagine..

Evilsod · 28 Jan 2011 at 15:55

Well you could have interpreted that literally or you could have read it as what i thought was the more obvious "what the hell did you go off on a rant about the basics of posting links for". Clearly you read it as the former.

I know they don't all have https, but several of the scam emails I received used addresses that began with https, quite likely because the rest of the link is completely legit and is the actual blizzard address (theres also a link to what i believe is the real blizzard site about password security FAQ before the phising addresses are linked).

Redman · 28 Jan 2011 at 15:58

McGray said:
Wonder how many people they fool a day. Quite a few I imagine..

Some of the ones they fool may even have Battlenet accounts!

Snooble · 28 Jan 2011 at 16:06

Evilsod said:
Well you could have interpreted that literally or you could have read it as what i thought was the more obvious "what the hell did you go off on a rant about the basics of posting links for". Clearly you read it as the former.

I know they don't all have https, but several of the scam emails I received used addresses that began with https, quite likely because the rest of the link is completely legit and is the actual blizzard address (theres also a link to what i believe is the real blizzard site about password security FAQ before the phising addresses are linked).

:S I tend to read things literally..

Anyway. A https link is completely irrelevent in this tread. So I guess you're just throwing out things you've heard of but don't understand? Having an SSL cert or TLS doesn't mean ---- when it comes to phishing.

If you believe it does, please acknowledge you've learnt something today and go on with life feeling no more confident clicking https links sent via email.

Then the word will be a better place with one less phish for these nasty people to catch.

S
PS: By explaining myself I covered both bases.

Destination · 28 Jan 2011 at 16:30

Kenai said:
Could this be a scam?

This is an automated notification regarding your Battle.net account.

I don't have a battle.net account.

...seems entirely legit to me, an email regarding your non-existent battle.net account must surely be genuine!

I mean come on, really, how stupid do you have to be?

Ohhh yeah....

Evilsod · 28 Jan 2011 at 16:40

Snooble said:
:S I tend to read things literally..

Anyway. A https link is completely irrelevent in this tread. So I guess you're just throwing out things you've heard of but don't understand? Having an SSL cert or TLS doesn't mean ---- when it comes to phishing.

If you believe it does, please acknowledge you've learnt something today and go on with life feeling no more confident clicking https links sent via email.

Then the word will be a better place with one less phish for these nasty people to catch.

S
PS: By explaining myself I covered both bases.

No this time i just have no idea what you're on about. I don't know the intricate details about SSL cert or TLS and frankly i couldn't give a flying ****. I wasn't aware you had to have a degree in computer science before you could figure out the difference between a phising link and a legit link.

Since you clearly aren't understanding the simplicity of what i'm writing i'll make it as easy as possible.

I've got several blatantly obvious spam emails about my non-existant WoW account.

Within these emails are links, some to, i believe the real blizzard site (generally ones about FAQs so nothing needs to be entered) followed by the fake ones which mostly began with https with the rest of the link most likely matching perfectly the real battle.net link. No i did not say "a phising email begins with https", nor did i even imply it, you just read it that way and jumped down my throat.

Snooble · 28 Jan 2011 at 16:45

Okay, my bad - Just wanted to clarify.

Plus the address cannot link to the EXACT same address as blizzard use only with https... it's a protocol. So if you look carefully there's likey a small difference.

I'm also aware that Blizzard did send out an email regarding a security leak legitimately.

S

Evilsod · 28 Jan 2011 at 16:47

Snooble said:
Okay, my bad - Just wanted to clarify.

Plus the address cannot link to the EXACT same address as blizzard use only with https... it's a protocol. So if you look carefully there's likey a small difference.

Well that i wasn't aware of but it probably won't matter. If i have to scrutinize a link piece by piece to figure out if somethings a phising attempt then either i've got dumber or the scammers have upped there game.

Krellor · 28 Jan 2011 at 17:02

I once got a phone call from "Microsoft" telling me my mothers pc had been infected with a dangerous virus. But dont panic as they would help me delete the virus from her pc. All I needed to do was enable remote assistant and give them the the IP of that computer
My mum doesn't have a pc, and never has.
DTA mate, especially emails.

Shadez · 28 Jan 2011 at 17:13

Warning all your accounts have recently been changed please goto

http://forums.overclockers.co.uk

and check them