open All Channels
seplocked EVE General Discussion
blankseplocked Latest RL-Scam Mail - DO NOT CLICK THE LINK
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

Shkval
Deep Core Mining Inc.
Posted - 2009.09.08 23:39:00 - [1]
 

I received a mail from an official looking sender named 'EVE Online <Offers@eveonline.com' with an advertisement for a free 5-day subscription to eve. The actual link is listed below. After doing an internet search it turns out this is a scam site of some sort. I dont have the inclination to find out what it actually is or what is on the site so Ive posted this as a warning to anyone who gets the mail and a notice to ccp.

T H I S - L I N K - G O E S - T O - A - S C A M - S I T E - O F - S O M E - T Y P E - D O N T - G O - T O - I T
---------------------------------------------------------------------------------------------------------
--*Edited: looks like secure.eve-online-
---------------------------------------------------------------------------------------------------------

Best not to even post the url. Zymurgist

Renarla
Posted - 2009.09.08 23:44:00 - [2]
 

Free 5 days? Lol wtf?

AdmiralJohn
Gallente
Origin of Sanshaa
Posted - 2009.09.08 23:46:00 - [3]
 

*click*

Agent Known
Posted - 2009.09.08 23:47:00 - [4]
 

Quote:
You don't have permission to access /~eveonline/ on this server.


Well, that lasted long. Rolling Eyes

On another note, Firefox already warns of a forgery site, so I suspect IE will soon (if not already).

Trustworthy Joe
Minmatar
Posted - 2009.09.09 00:12:00 - [5]
 

heres a tip.


DONT

LINK

KEYLOGGERS


you look like an idiot, and you get random people ****ed off.

Shkval
Deep Core Mining Inc.
Posted - 2009.09.09 00:28:00 - [6]
 

you know its a keylogger? I didnt go to the site to find out, how did you know?

for one thing, i didnt link it directly, for another i listed it for informational purposed because eventually someone will see it and make it known as a scam site. Since someone already stated firefox has mentioned its a fraud site the plan is going well. Eventually cccp will notice and add it to their records.

IVeige
Caldari
IVever.
Posted - 2009.09.09 00:32:00 - [7]
 

petitions is calling....

should have send it first to the gms.

In before the lock.


CCP Zymurgist


Gallente
C C P
Posted - 2009.09.09 01:23:00 - [8]
 

Originally by: IVeige
petitions is calling....



Sending in a petition would be a good idea. Very Happy

wickedpheonix
Caldari
Guy Fawkes Trust Fund
31ST Reliables Division
Posted - 2009.09.09 03:54:00 - [9]
 

Originally by: Shkval

--*Edited: looks like secure.eve-online


All I have to say to that is, LOL. It would be interesting to see how much legitimate CCP mail is being swept into the trash by paranoid users.

Lance Fighter
Amarr
Posted - 2009.09.09 04:08:00 - [10]
 

After looking at the link (well, before it got dissapeared), it looked in no way like a secure.eve-online link.. Especally not with the .b*something*.com after the eveonline part.

Oh, and the fact that it ended in .aspx.html didnt help at all - it clearly wasnt a keylogger though. It is merely you run of the mill phishing site, except instead of actually going through the work to rewrite the page so it does what you wants, they used some other method of faking it.. tbh i would think that the site would even emulate any given site, if you put it in properly.

Anyway, thats my random musing for the day.

wickedpheonix
Caldari
Guy Fawkes Trust Fund
31ST Reliables Division
Posted - 2009.09.09 04:21:00 - [11]
 

Edited by: wickedpheonix on 09/09/2009 04:22:42
Edited by: wickedpheonix on 09/09/2009 04:22:23
Originally by: Lance Fighter
After looking at the link (well, before it got dissapeared), it looked in no way like a secure.eve-online link.. Especally not with the .b*something*.com after the eveonline part.

Oh, and the fact that it ended in .aspx.html didnt help at all - it clearly wasnt a keylogger though. It is merely you run of the mill phishing site, except instead of actually going through the work to rewrite the page so it does what you wants, they used some other method of faking it.. tbh i would think that the site would even emulate any given site, if you put it in properly.

Anyway, thats my random musing for the day.


Just screw around with them then. Unless phishing technology has progressed somewhat, phishers still need to check log-in info manually after having phished it, so if you come across a site log-in claiming to be a CCP official site (and not just "give us your user name and password so we can give you 100m SP and 600b isk") then just enter gibberish in both fields, if the site accepts it as a legitimate log-in then it's not real. If it actually does log you in, then it's a legit site.

.... which means, smart phishers just return a "failure to log-in" message no matter what, since if it was a legit site, users would simply try their log-in details again until if it worked, and if it STILL wouldn't work, would then try to reset their password under the guise of a server corruption/malfunction. It also provides a sort of redundancy against the users who mistakenly enter an incorrect password (due to a typo) the first time around since the user will try again and then enter the legitimate password into the phishing net.

Or you could just use common sense, since the only way to defeat a phisher is to think like a phisher... and there is no counter towards a firm no (there's no equivalent to criminally-forced intercourse (thanks language filter) in phishing).

Jarna
Amarr
Air EVE
Posted - 2009.09.09 04:33:00 - [12]
 

Originally by: IVeige
petitions is calling....

should have send it first to the gms.

In before the lock.



yeah ok. I bet by posting this here, he has done more good for the community because people actually get to SEE it.
CCP will take 5 years to resolve the petition.

Lance Fighter
Amarr
Posted - 2009.09.09 04:38:00 - [13]
 

Originally by: wickedpheonix
Edited by: wickedpheonix on 09/09/2009 04:22:42
Edited by: wickedpheonix on 09/09/2009 04:22:23
Originally by: Lance Fighter
After looking at the link (well, before it got dissapeared), it looked in no way like a secure.eve-online link.. Especally not with the .b*something*.com after the eveonline part.

Oh, and the fact that it ended in .aspx.html didnt help at all - it clearly wasnt a keylogger though. It is merely you run of the mill phishing site, except instead of actually going through the work to rewrite the page so it does what you wants, they used some other method of faking it.. tbh i would think that the site would even emulate any given site, if you put it in properly.

Anyway, thats my random musing for the day.


Just screw around with them then. Unless phishing technology has progressed somewhat, phishers still need to check log-in info manually after having phished it, so if you come across a site log-in claiming to be a CCP official site (and not just "give us your user name and password so we can give you 100m SP and 600b isk") then just enter gibberish in both fields, if the site accepts it as a legitimate log-in then it's not real. If it actually does log you in, then it's a legit site.

.... which means, smart phishers just return a "failure to log-in" message no matter what, since if it was a legit site, users would simply try their log-in details again until if it worked, and if it STILL wouldn't work, would then try to reset their password under the guise of a server corruption/malfunction. It also provides a sort of redundancy against the users who mistakenly enter an incorrect password (due to a typo) the first time around since the user will try again and then enter the legitimate password into the phishing net.

Or you could just use common sense, since the only way to defeat a phisher is to think like a phisher... and there is no counter towards a firm no (there's no equivalent to criminally-forced intercourse (thanks language filter) in phishing).

To be honest, I wouldnt be suprised if the site in question actually did log you on to the real eve site, but remembered your login details. This is certainly not outside the scope of modern technology, and it would be rather annoying tto tell the difference in an unsuspecting user.

BiggestT
Caldari
Amarrian Retribution
Posted - 2009.09.09 04:50:00 - [14]
 

OP is a noob.

There is no point linking it.

If you really want to show ppl what the dodgy url looks like, just paste it without putting a link on Rolling Eyes

Lance Fighter
Amarr
Posted - 2009.09.09 05:00:00 - [15]
 

Originally by: BiggestT
OP is a noob.

There is no point linking it.

If you really want to show ppl what the dodgy url looks like, just paste it without putting a link on Rolling Eyes

for those of us who actually know what we are talking about.

he didnt link it, it was indeed a copy paste, and as a matter of fact, linkifiation was also broke, because he put a - at the end Laughing

Soooo..

lol.

fuze
Gallente
Quam Singulari
Posted - 2009.09.09 08:24:00 - [16]
 

Originally by: CCP Zymurgist
Sending in a petition would be a good idea. Very Happy

But how long would it take to get processed?
In that light it most certainly wouldn't hurt to post on the forums to warn faster.

Lord Bentley
The Syndicates
Posted - 2009.09.09 08:25:00 - [17]
 

Edited by: Lord Bentley on 09/09/2009 08:25:36
Originally by: Lance Fighter
Originally by: BiggestT
OP is a noob.

There is no point linking it.

If you really want to show ppl what the dodgy url looks like, just paste it without putting a link on Rolling Eyes

for those of us who actually know what we are talking about.

he didnt link it, it was indeed a copy paste, and as a matter of fact, linkifiation was also broke, because he put a - at the end Laughing

Soooo..

lol.


Goddamn, i clicked that link... Now installing Avast antivirus.. ****ing ****. What do i do now? My account still works tho

Lord Bentley
The Syndicates
Posted - 2009.09.09 08:39:00 - [18]
 

Hmm, avast didnt find anything maybe upgrading to windows 7 has saved me !!

Alexeph Stoekai
Stoekai Corp
Posted - 2009.09.09 09:23:00 - [19]
 

Originally by: wickedpheonix
All I have to say to that is, LOL. It would be interesting to see how much legitimate CCP mail is being swept into the trash by paranoid users.
CCP hardly sends any e-mails at all, so...

Originally by: Lord Bentley

Goddamn, i clicked that link... Now installing Avast antivirus.. ****ing ****. What do i do now? My account still works tho

Not logging in might be a good idea.

Shkval
Deep Core Mining Inc.
Posted - 2009.09.12 17:15:00 - [20]
 

- i didnt make the address a direct link. the extra characters i added prevented the forums from recognizing it as a direct link so accidentally clicking it wasnt possible
- the point of making this thread was to provide information to both CCCP and the players. mainly the players because cccp could care less. what the readers do with the information is their business. if whining about what i post is what you chose to do with it, go for it. if you dont want to read it, dont click the thread.
- the last time i petitioned a similar RL email scam issue it took the GMs 9 days to respond.


- received another one of these RL email scam mails...
sender: EVE Online <Offers@eveonline.com>

i wont post the link since it didnt go over well the last time. this link was different from the last one and didnt have a blatantly obvious fake name. the link was closer to the actual eve online website

Johnny thorir
V0LTA
VOLTA Corp
Posted - 2009.09.12 17:29:00 - [21]
 

careless as i was i clicked the link, then i saw the link wasent legit cuz it looked wierd,
i did not log inn or try that or anything just exited it,

is this know to install keyloggers just on exec or ?

is it just fishing people to logg in?

Arous Drephius
Posted - 2009.09.12 20:23:00 - [22]
 

Originally by: Johnny thorir
careless as i was i clicked the link, then i saw the link wasent legit cuz it looked wierd,
i did not log inn or try that or anything just exited it,

is this know to install keyloggers just on exec or ?

is it just fishing people to logg in?


Darwin wants a word with you.

Malthros Zenobia
Posted - 2009.09.12 20:41:00 - [23]
 

Originally by: Lord Bentley

Goddamn, i clicked that link... Now installing Avast antivirus.. ****ing ****. What do i do now? My account still works tho



Do a password reset, and don't go to your email.

Password reset will let you generate a randomize temporary password, which the keylogger won't have or get it once it's inactive. Logging into your email gives them the email password too though so don't do that if possible.

Once you clean your system, reset the password (again) and setup a new password then. Should help


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only