These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
123Next page
 

Account security and Phishing emails

First post
Author
Previous Topic Next Topic
GM Nova
Game Master Retirement Home
#1 - 2011-11-06 16:57:14 UTC  |  Edited by: CCP Logibro
Dear Players

Players are increasingly receiving phishing emails from hackers who pretend to be EVE Online Customer Service. A common notice would be that your character is about to be transferred or that you are receiving PLEXs you supposedly purchased. Players are then asked to follow a link to confirm or cancel the "services." The link is a tinyURL named to make it appear you are accessing CCPs website, but takes you elsewhere.

This method of phishing uses a form of technical deception designed to make a link in the e-mail (and the spoofed website it leads to) appear to belong to CCP, when in fact it does not.

It is very important that you are aware of this and that you contact Customer Support whenever you receive suspicious emails that you do not anticipate. Do not follow any links, simply access our website and create a petition from there or send us an email to support@eve-online.com.

If you receive what you believe to be a phishing email please forward the mail to security@ccpgames.com. That way we can deal with the matter in order to prevent others from falling victim to this scam.

If you register to any corp or alliance forums or any other game related website, I suggest you use a different email that you use to for your EVE account. Hackers have been hacking into corp/alliance forums, retrieving a list of the registered users email addresses and sending members these phishing emails.

Please be conscious about security and that there are those out there that covet your "Stuff."

Yours truly,
GM Nova

GM Nova Senior Game Master EVE Online Customer Support
Ifly Uwalk
Perkone
Caldari State
#2 - 2011-11-06 18:21:49 UTC  |  Edited by: Ifly Uwalk
Not that I disagree with any of this, but did this really need its own post? Peeps who can't/won't read the other sticky ("Protect Your Accounts") aren't going to read this one either imo.

That said, all IRL scammers should diaf(irl). X
Nyio
Federal Navy Academy
Gallente Federation
#3 - 2011-11-07 03:26:58 UTC
Thanks for the heads up GM Nova.
I'd like to add that I've never got an EVE related phishing e-mail, not once in over 3 years of playing.

I haven't ever registered with a killboard or any other 3rd party EVE related services though, nor have I bought ISK from non authorized retailers. Perhaps that is why?

GolemCCP In-Game Event 2011.11.23NyioGrenade?
T' Elk
Strategically Bad
Goonswarm Federation
#4 - 2011-11-10 01:34:52 UTC
I actually got one not long ago, was kinda obvious cause the html code was broken... Was tempted to reply with fixed code.

~Badposter since FOOOOREEEEEVAAAAAR~ I come back after 2 years to THIS? ~Now 4 years apparently
Lightnin
DieHarder LiveLonger Corporation
#5 - 2011-11-10 11:53:25 UTC
Hello

yes i recieved serverial of these e-mail's on my personal mail account, they where of course really suspicous due to the fact I have not asked for any PLEX or tryed to buy any

Also i did not want any character transfered or have one that needed to be

i have recived at lest 6 of these in the last four months, i will turn them in to you has soon has i get another one

i only opened one but never have fallowed the link

Go Far Go In or Don't Go
Tanya Powers
Doomheim
#6 - 2011-11-12 14:58:25 UTC
1st never click on links from whatever mail

2nd if you have something to say or read from/to CCP log on or use official links previously stocked in your contact book.

Problem solved.
Alpheias
Tactical Farmers.
Pandemic Horde
#7 - 2011-11-17 18:18:18 UTC
I got my first phising mail ever today! *sniff* I am so happy! Big smile

from: sisi-support via mta01.ccp.cc
reply-to: sisi-support,
77%sisi-community,
26%sisi-mods,
101
to:
date: Thu, Nov 17, 2011 at 12:48 PM
subject: RE: Your petition
mailed-by: mta01.ccp.cc

Hi.
Thank you for contacting EVE Online customer support.

One of your petitions has recently been closed and we would greatly appreciate your input on how well it was handled so we can continue to improve our services.
To do so, please follow this link, select the closed petition and fill in the survey.

Best regards
The EVE Online Customer Support team

Agent of Chaos, Sower of Discord.

Don't talk to me unless you are IQ verified and certified with three references from non-family members. Please have your certificate of authenticity on hand.
Sassums
Dark Venture Corporation
Kitchen Sinkhole
#8 - 2011-11-30 12:45:40 UTC
I got another email from that sisi-support address again, I emailed the account security email address listed in this thread and got no response back.

It seems I only get these phishing emails when CCP sends me an email letting me know they closed my petition, the sisi sends the exact same thing.

How do they know CCP is emailing me?
Leocadminone
Gem Concordance
#9 - 2011-12-07 14:02:03 UTC
GM Nova wrote:
Dear Players

It is very important that you are aware of this and that you contact Customer Support whenever you receive suspicious emails that you do not anticipate. Do not follow any links, simply access our website and create a petition from there



GM Nova


Care to suggest how we can do that when y'all BROKE that link on the website recently?

Yes, the PICTURE of the link is still there, but when you scroll over it to use it, there is NO link actually there.
Astrid Stjerna
Sebiestor Tribe
#10 - 2011-12-08 00:25:10 UTC
Alpheias wrote:
I got my first phising mail ever today! *sniff* I am so happy! Big smile

from: sisi-support via mta01.ccp.cc
reply-to: sisi-support,
77%sisi-community,
26%sisi-mods,
101
to:
date: Thu, Nov 17, 2011 at 12:48 PM
subject: RE: Your petition
mailed-by: mta01.ccp.cc

Hi.
Thank you for contacting EVE Online customer support.

One of your petitions has recently been closed and we would greatly appreciate your input on how well it was handled so we can continue to improve our services.
To do so, please follow this link, select the closed petition and fill in the survey.

Best regards
The EVE Online Customer Support team


I got one of those today. I followed the link (bu didn't log in), and after a bit of careful examination, there didn't seem to be anything *ahem* 'phishy' about it. Still didn't log in, though.

Or am I just missing something?

I can't get rid of my darn signature!  Oh, wait....
mingetek
Brainless in Space
#11 - 2011-12-11 09:45:26 UTC  |  Edited by: mingetek
i am fairly convinved i got one from testsupport.

original email sent to real ccp
..
Sieges
#12 - 2011-12-12 22:06:44 UTC
Astrid Stjerna wrote:
Alpheias wrote:
I got my first phising mail ever today! *sniff* I am so happy! Big smile

from: sisi-support via mta01.ccp.cc
reply-to: sisi-support,
77%sisi-community,
26%sisi-mods,
101
to:
date: Thu, Nov 17, 2011 at 12:48 PM
subject: RE: Your petition
mailed-by: mta01.ccp.cc

Hi.
Thank you for contacting EVE Online customer support.

One of your petitions has recently been closed and we would greatly appreciate your input on how well it was handled so we can continue to improve our services.
To do so, please follow this link, select the closed petition and fill in the survey.

Best regards
The EVE Online Customer Support team


I got one of those today. I followed the link (bu didn't log in), and after a bit of careful examination, there didn't seem to be anything *ahem* 'phishy' about it. Still didn't log in, though.

Or am I just missing something?


I got one of those too. But I had a petition that was closed. Are you sure this was a phishing email? Maybe real CCP emails should never include an actual link?
Astrid Stjerna
Sebiestor Tribe
#13 - 2011-12-14 16:14:38 UTC
Sieges wrote:
Astrid Stjerna wrote:
Alpheias wrote:
I got my first phising mail ever today! *sniff* I am so happy! Big smile

from: sisi-support via mta01.ccp.cc
reply-to: sisi-support,
77%sisi-community,
26%sisi-mods,
101
to:
date: Thu, Nov 17, 2011 at 12:48 PM
subject: RE: Your petition
mailed-by: mta01.ccp.cc

Hi.
Thank you for contacting EVE Online customer support.

One of your petitions has recently been closed and we would greatly appreciate your input on how well it was handled so we can continue to improve our services.
To do so, please follow this link, select the closed petition and fill in the survey.

Best regards
The EVE Online Customer Support team


I got one of those today. I followed the link (bu didn't log in), and after a bit of careful examination, there didn't seem to be anything *ahem* 'phishy' about it. Still didn't log in, though.

Or am I just missing something?


I got one of those too. But I had a petition that was closed. Are you sure this was a phishing email? Maybe real CCP emails should never include an actual link?


I had a petition closed before I got mine. I also went directly to the official EVE website and ran through the genuine 'My Petitions' section -- they looked identical.

How about it, CCP? Can we get an official word on these things?

I can't get rid of my darn signature!  Oh, wait....
Mioelnir
Brutor Tribe
Minmatar Republic
#14 - 2011-12-16 05:25:27 UTC
Not sure why CCP would run their mta under a Cocos Islands TLD, but ccp.cc appears to actually be registered to CCP.

Assuming that 'from' is in fact correct and not a forged header....
Najenna
Caldari Deep Space Ventures
#15 - 2012-01-10 06:11:11 UTC
Thank you Gm Nova I have sent all the emails I have recieved to the link you posted and also wrote a letter to the other link. This is very scary due to the fact I have been playing since beta and I have aquired alot of things in the game . I do not plan on transfering to or from either of my accounts.
Zleon Leigh
#16 - 2012-01-22 17:27:49 UTC
Suggestion passed on from a pilot who had his account hacked - if you have multiple accounts always put all of your toons under contact watchlists. Only way he knew he had been hacked was noticing that one of his other accounts logged in.

With the server going down all the time I keep thinking I've been logged off by someone hacking my account....

Incarna - Newest business example of mismanaged capital. CCP - Continuing to gank independent PI producers every day

PvP's latest  incentive program ** Unified Inventory **  'Cause you gotta kill something after trying to use it
DJ Reonic
Natural Selection Intervention Specialists Inc.
#17 - 2012-01-24 13:09:02 UTC
One way I've found to detect a phishing link is to copy the link, and paste it into notepad or something. You want the actual URL to show up. Then examine the URL. If it's phishy, then weird stuff will show up in it, and it won't look like a CCP url when compared to using the website.
Athelas Loraiel
Viziam
Amarr Empire
#18 - 2012-02-05 03:46:10 UTC
Please add mobile phone verification capabilities AND iPhone code verification for those that wish improved logging security enabled.

RIFT has it, and its working nicely. Simple code generator that is required to be run by your iPhone while logging in, or be connected via iTunes to send a code to PC.

Can it be done?
I know I would never ever be hacked into again (lol to statement...)
Sanya
Alexylva Paradox
#19 - 2012-02-18 20:58:55 UTC
During Fanfest 2011 we got a physical authenticator key gen. Any chance of this having a use soon?

.
Johan Civire
Caldari Provisions
Caldari State
#20 - 2012-03-03 02:17:44 UTC
Not every one is a forum warrior. I think a litle messenge in game or login topic will be increase there atention Idea
123Next page