Thursday, 28 April 2011

My first Rift phishing attempt!

I feel so special. And proud. And all sorts.

The newest version seems to be trying to use coin locked emails to get account data. I'm not quite willing to give the link the scammers used a try, so I couldn't tell what it looks like. I can, however, show the email.

The first one was the one I recieved this morning (to an email account not even remotely associated with Rift, but hey). I'll attach one of the real coin lock emails down here. It's not a current one - I got several in the first few days of Trion learning about my ISP.

Only subtle differences. No linebreak after the greeting, they forgot the ascended and obviously the link instead of a coin lock code. Funnily enough, the images (Rift logo at the top, teen rating and Trion logo) are all just linked to the Trion webpage - so the scammers are also stealing bandwidth. Someone should sue them.

Can I make a few security suggestions while we're at it?

- Don't use an email adress you've previously published on the web for your Rift email. How about setting up a new account? The big ones sometimes still get spam (Hotmail, Googlemail) due to questionable service providers, but your local ISP might will probably have a few email adresses to give out and smaller, regional hosting services will likely be able to provide one as well.

- Display your emails in raw text form only. I can only show the images above because I clicked a few buttons to set my email program to display the annoying version. Only html display allows a link to appear like and instead send you to somewhere more malicious

- Don't listen to email threats. Even if they sound very convincing and come from the would be assassins themselves they are unlike to affect your playtime. A good guide to keep yourselves safe was posted by the other game. 

No comments:

Post a Comment