It is currently Sat Dec 21, 2024 6:27 pm

New spammer technique targeting games?

Interested in games? So are we! Share your thoughts, strategies, and tips with the rest of the guild! (Previously Non-Warcraft Game Chatter.)

New spammer technique targeting games?

Postby Zancarius » Wed Nov 26, 2014 11:05 pm

I just got this email tonight:

Code: Select all
Dear zancarius,

You have requested that your password be reset. Please click the following link to do so.

[url redacted]
If the link above is not clickable, copy and paste it into your browser to reset your password.

If you did not request this, just ignore it. Nothing will be changed.


All the best,
-Perfect World Entertainment, Inc.


And while I don't ever remember signing up for there services, I vaguely seem to recall having set up an account with some odd game that required registration with them at some point (or something to that effect) many months ago. Was it Neverwinter? I don't recall.

Anyway, examining the headers, the email is legit, and the SPF tags indicate the email was dispatched from an IP address perfectworld.com designates as an authorized sender. Since it's not likely to be spam, my first thought was "Some asshole is trying to use my account name!"

But then I realized that's probably not likely the case and elected to do some investigating.

It turns out that their password reset form doesn't ask you for an account name--only an email address. So, my next thought was essentially: If someone wasn't interested in my account for whatever reason, what's the other possibility.

Then it occurred to me: Targeted spam.

If their password reset form answers with an affirmative when an email has been registered with their system and a negative when it's not, someone can deduce whether or not that specific email address is in use by their system. Therefore, someone can further deduce that the email account owner is likely to play one of the several games Arc now controls the rights/accounts/whatever for.

Why should you care? Because this means one of two things. Either a) someone is trying to attack accounts for purposes of attempting to gain access to them for whatever reason or b) further target those email addresses that are known to be associated with an Arc account with targeted phishing (spear phishing) in an attempt to gain access to the account. If you receive password reset notices that don't originate from Arc and are related to any number of games (Neverwinter, Torchlight, etc.), you may likely be targeted by this sort of an attack.

Be safe out there.
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Re: New spammer technique targeting games?

Postby Zancarius » Wed Nov 26, 2014 11:33 pm

Hmm.

I just sampled their password reset page from arcgames.com, and it sends an entirely differently formatted email. I'm wondering if the previous one was somehow derived from a game client (or server). If so, I'd imagine there would be fewer checks (like CAPTCHAs) to prevent a password reset?

Curious.

I don't have Neverwinter installed, so there's no way for me to test it, but this is a bit strange.
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male


Return to The Gaming Forum

Who is online

Users browsing this forum: No registered users and 9 guests