Forum Settings
       
Reply To Thread

Rift Scam Email (was forum=222)Follow

#1 Apr 07 2011 at 6:13 AM Rating: Decent
6 posts
About one week ago I registered at this website.
A few hours after registering at this website, I started getting Scam mails / Phishing mails; see below.
These mails are sent on a daily basis.

There isn't a single other website, company or person that knows I have purchased this game or has my email address, except Trion and ZAM. So either the ZAM database has a serious security issue / leak, or ZAM is selling email addresses to third parties (for advertising purposes).

PS. In my profile my address is hidden and I unticked the advertisement options.

Seriously dissapointed in ZAM for causing this.


Phishing mail below the line
************************************
Greetings Ascended!



We have already noted that you are trying to sell your personal RIFT account (s).

Terms of Use (http://www.trionworlds.com/en/legal/terms-of-use.php).



It will be ongoing for further investigation by Trion Worlds, Inc's employees.

If you wish to not get your account suspended you should immediately verify your account

ownership. You must complete the steps below to secure the account and your computer.





STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS

Account compromises most often occur when a player shares login information with an unauthorized

third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend you read and

apply the following tips to protect yourself and the account.





STEP 2: ACCOUNT INVESTIGATION

We now provide a secure website for you to verify that you have taken the appropriate steps to

secure the account, your computer, and your email address. Please go to this site and follow the instructions:

https://session.trionworlds.com/login?service=http%3A%2F%2Frift.trionworlds.com%2Fj_spring_cas_security_check&locale=en





STEP 3: VERIFY YOUR SUBMISSION WAS RECEIVED

We will contact you with further instructions once we have received and processed your submission.

If you do not receive a reply within 48 hours of submitting this form, please resend

it from the address listed above.





Please be aware that if unauthorized access to this account, it may lead to further action against

the account.




The RIFT Team



Trion Worlds, Inc.

www.RIFTgame.com



To ensure our emails are not filtered into your junk folder, use your email program to set trionworlds.com as a safe sender.

Edited, Apr 7th 2011 2:25pm by DaniWes
#2 Apr 07 2011 at 6:56 AM Rating: Excellent
Annoying Ass
ZAM Administrator
Avatar
*****
11,949 posts
Moving this to site and forum feedback, so it gets looked at quicker by the folks who could actually respond properly Smiley: smile
____________________________
Retired News Writer for the ZAM Network
WoW - Aureliano the Insane - level 90 Druid on Sen'Jin
Nanaoki - level 90 Mage on Sen'Jin
#3 Apr 07 2011 at 9:37 AM Rating: Excellent
Bad j00 j00
ZAM Administrator
Avatar
***
2,157 posts
Is there something missing from your cut and paste? Those URLs are safe. That is Trion's website.

session.trionworlds.com is the domain that is used to log in for riftgame.com.
#4 Apr 07 2011 at 10:16 AM Rating: Decent
*
150 posts
Cut and paste wont show what is behind the actual links as it will just transfer the text.
Most phishing emails use html to hide where the link is really going (ie the content of the link is one thing but the actual href is the phishing site).

So basically that whole cut and paste tells us nothing :(
#5 Apr 07 2011 at 10:44 AM Rating: Decent
6 posts
The actual URL you go to when you click the link is <url of obvious phishing domain removed to prevent users from clicking it>.

My webmail mentions it's unsafe to click the link and it marks the email as fraude, when I try to open it in Google Chrome it warns me it is a phishing website and I have to click the warning to allow the site to open, but then McAfee shuts down the browser to protect me from evil.

I'm not accusing ZAM to directly cause this, or be behind this, however since this is the only Rift related website I signed on thus far, and the same day I signed on here I get this phishing scam, there is definitely a relation and I would like ZAM to do an investigation into this matter.

PS. The email address I used for this website is different than my private email address I used to activate Rift, so that's why I knew 100% it wasn't coming from Trion.

Edited, Apr 8th 2011 1:02am by Nizdaar
#6 Apr 07 2011 at 11:02 PM Rating: Excellent
Bad j00 j00
ZAM Administrator
Avatar
***
2,157 posts
There's been no successful sql injection attacks and no unauthorized access to our user database.

I'm a little confused by the fact that you say you only just signed up here? Our records show your account was made in July, 2007. Recently a password reset was issued for your account, though. Which means we've had the same email address on file for you for 3 1/2 years.
#7 Apr 08 2011 at 5:04 PM Rating: Decent
6 posts
True I've had this account for a long time to access wowhead.

However what I meant was, only just signed in, after a long time of absense if you will, not registered.
I more or less reactivated my account, hence the password reset cause I forgot it.

Once again, I'm not accusing you guys or anything, it's just the sheer coincidence of signing on here and the same day getting scam, on the email address I registered with at this website.

#8 Apr 09 2011 at 2:41 PM Rating: Excellent
Avatar
******
29,886 posts
If a hypothetical hacker was able to get login information from our site servers, there would be thousands of people affected and posting in here. Given that we aren't seeing that, the issue may lie elsewhere. Furthermore, passwords on the site servers are stored in an encrypted hash value. I couldn't tell you what your password is even if you paid me to. Possibilities would include other websites, potentially your password if it was fairly simple and could be bruteforced, or potentially a keylogger or something along those lines on your computer.


I'd suggest running through my "computer security" document here and seeing if there are any areas that might need to be addressed:
http://everquest.allakhazam.com/forum.html?forum=25&mid=130025123118577481&page=1

If you need assistance with determining if you might be infected, I would be happy to help

DaniWes wrote:
Seriously dissapointed in ZAM for causing this.

DaniWes wrote:
Once again, I'm not accusing you guys or anything


That certanly seems rather accusatory to me.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#9 Apr 15 2011 at 9:30 PM Rating: Decent
/confirm. Some Trion employee is definately leaking our emails to the phish.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 21 All times are in CDT
Anonymous Guests (21)