| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Dave Day
   |
Posted - 2005.10.08 10:34:00 -
[1]
Edited by: Dave Day on 08/10/2005 10:36:20
Hi.
When the last phishing scam was happening, we all assumed that some unscrupulous person(s) were sending phishing mails to players whose e mail addresses they had been given by the player themselves in game. Though this seemed a bit unlikely, we were satisfied that the players themselves must have, at some time, compromised their own security.
However, this latest phishing attempt raises questions. GM Arkanon reports that 'Mass mailing' is happening and, far more worrying that he ''can only look forward to locating this person's account, if he/she has one.''
Excuse me...If they even HAVE an account??? It was far fetched for us to swallow the last time round that the scammers had just conned a load of people out of their e mail addresses in game, but if a GM is publicly acknowledging the possibility that this person doesn't even have an Eve account, then can someone from CCP explain just how they came to be in possesssion of players e mail addresses? And if they have e mail addresses, what's next? Account passwords? CREDIT CARD DETAILS?
This situation is not acceptable. I think a more in depth explanation of Arkanons statement is urgently called for...
Dave.
|
Gunstar Zero
|
Posted - 2005.10.08 10:56:00 -
[2]
more likely some random player forum has been hacked for email addresses.
|
EzTarget
|
Posted - 2005.10.08 10:59:00 -
[3]
 Originally by: Gunstar Zero
more likely some random player forum has been hacked for email addresses.
Probably, that's why I use a WTFSPAMBBQ e-mail account for all forums, and only a small few have my real e-mail addy...
One of the devs for the new Future Falcon Suite of Eve Tools, visit us here
|
Svett
|
Posted - 2005.10.08 11:01:00 -
[4]
Originally by: Gunstar Zero
more likely some random player forum has been hacked for email addresses.
please email me at [email protected]
|
Deka Kador
|
Posted - 2005.10.08 13:05:00 -
[5]
There are freely available programs or robots out there that can filter emails from sites such as EVE-I's forums and other player created websites.
|
Graelyn
|
Posted - 2005.10.08 13:16:00 -
[6]
True.
Many an EVE realted website exists out there, be it an alliance forum or other. All would provide such information to someone who had managed to move up it's ranks or run it.
Minister of Foreign Affairs - Aegis Militia
Fleet Admiral/CEO - The Aeternus Crusade |
Sergeant Spot
|
Posted - 2005.10.08 14:09:00 -
[7]
Only thing I want to read about on this issue is a felony conviction of the scamming sub-human who tried to pull this crap. ESPECIALLY if it is some punk kid who thinks the folks convicting him are over reacting. Kick the punk even harder, and then kick his parents with a conviction to top it off.
|
Allen Deckard
|
Posted - 2005.10.08 14:11:00 -
[8]
or you can be like me.
I actually havent had an e-mail account for almost 2 years now. After the last one I had was getting spamed with over 700 mails a day.
|
|
Valar
|
Posted - 2005.10.08 14:18:00 -
[9]
I can assure you that CCPs customer database has not been compromised. The "phisher" has has most likely gained access to a list of EVE player e-mail addresses via corporation, alliance or fansite user database, like others have pointed out in this thread.
To address other concerns in the original post, I'd like to point out that account passwords are stored in the database using a one way encryption and that we don't keep your credit card details. Credit card details are only kept with our billing provider.
------
Valar
Quality assurance department
CCP games
How to write a good bugreport |
|
Spathi
|
Posted - 2005.10.08 18:24:00 -
[10]
I laugh when I get spam and phishing scams now because I know exactly where they got my email address from. I have a throwaway domain setup which I create new emails on for every site I put an email address on. I even make new emails for putting into posts or anything.
For example (and this isnt the way its setup here): the email address [email protected] goes to my real inbox and is used on my account. If I was posting here I would put an email like [email protected]. If I get scams and spam to them I instantly know where it was harvested from and then turn off the temporary email.
It works very well.
|
Avon
|
Posted - 2005.10.08 18:47:00 -
[11]
Originally by: Spathi
Edited by: Spathi on 08/10/2005 18:37:26
I laugh when I get spam and phishing scams now because I know exactly where they got my email address from. I have a throwaway domain setup which I create new emails on for every site I put an email address on. I even make new emails for putting into posts or anything.
For example (and this isnt the way its setup here): the email address [email protected] goes to my real inbox and is used on my account. If I was posting here I would put an email like [email protected]. If I get scams and spam to them I instantly know where it was harvested from and then turn off the temporary email.
The best ones are claiming to be from "my bank".. Not only do I not bank with the people they are claiming to be but the email is to my slashdot email address. Funny.
Basically EVERY site has a unique email.
It works very well.
Same.
I also have different domains for different types of emails (ie forums use one domain, game subscriptions another - each using a unique username before the @)
______________________________________________
The Battleships is not and should not be a solo pwnmobile - Oveur |
|
Valar
|
Posted - 2005.10.08 20:15:00 -
[12]
Originally by: Spathi
Edited by: Spathi on 08/10/2005 18:37:26
I laugh when I get spam and phishing scams now because I know exactly where they got my email address from. I have a throwaway domain setup which I create new emails on for every site I put an email address on. I even make new emails for putting into posts or anything.
For example (and this isnt the way its setup here): the email address [email protected] goes to my real inbox and is used on my account. If I was posting here I would put an email like [email protected]. If I get scams and spam to them I instantly know where it was harvested from and then turn off the temporary email.
The best ones are claiming to be from "my bank".. Not only do I not bank with the people they are claiming to be but the email is to my slashdot email address. Funny.
Basically EVERY site has a unique email.
It works very well.
I do a similar thing. I have a mailserver configured to catch all mails to one of my domains, so I don't have to create an account for every e-mail address. However, if I start to get spam on an address I add it as an alias on a disabled account, thus, mailserver rejects all messages to that e-mail address.
------
Valar
Quality assurance department
CCP games
How to write a good bugreport |
|
Spathi
|
Posted - 2005.10.09 00:57:00 -
[13]
Edited by: Spathi on 09/10/2005 01:00:28
Originally by: Valar
I do a similar thing. I have a mailserver configured to catch all mails to one of my domains, so I don't have to create an account for every e-mail address. However, if I start to get spam on an address I add it as an alias on a disabled account, thus, mailserver rejects all messages to that e-mail address.
I used to do catch-all before I was running my own mail server on my decicated machine. When I was doing the catch-all, the changes were made through a website and took like 2 hours to be reloaded into the system. That is why I changed to this method when I got the system up. I guess a catch-all would be better now I am the only person using the domain for emails (I wasnt before so catch-all occassionally got other email).
I am tempted to start switching sold email addresses to the people who sold them. Say (for only as an example) ccp sold my eve@ email address. I would then redirect the spam emails back to ccp. Poetic Justice? heheh I think so. Right now it just rejects with a nouser error and some lovely message to the spammer (should the return email address turn out to be real).
The best thing about my current method is I know every site I've used so far for an email address so I know where to track down their policy about selling email addresses and see if they broke them (just for fun mostly).
|
Ander
|
Posted - 2005.10.09 01:50:00 -
[14]
Edited by: Ander on 09/10/2005 01:50:28
Originally by: Valar
Originally by: Spathi
Edited by: Spathi on 08/10/2005 18:37:26
I laugh when I get spam and phishing scams now because I know exactly where they got my email address from. I have a throwaway domain setup which I create new emails on for every site I put an email address on. I even make new emails for putting into posts or anything.
For example (and this isnt the way its setup here): the email address [email protected] goes to my real inbox and is used on my account. If I was posting here I would put an email like [email protected]. If I get scams and spam to them I instantly know where it was harvested from and then turn off the temporary email.
The best ones are claiming to be from "my bank".. Not only do I not bank with the people they are claiming to be but the email is to my slashdot email address. Funny.
Basically EVERY site has a unique email.
It works very well.
I do a similar thing. I have a mailserver configured to catch all mails to one of my domains, so I don't have to create an account for every e-mail address. However, if I start to get spam on an address I add it as an alias on a disabled account, thus, mailserver rejects all messages to that e-mail address.
http://www.eve-pirate.com
http://oldforums.eveonline.com/?a=topic&threadID=233017 My first eve-video! |
Demarcus
|
Posted - 2005.10.09 03:07:00 -
[15]
I use a yahoo address anytime I need to use my email for signing up for something. Then I never have to worry about getting any junk mail to my main email.
-------------------------------------
You are all worthless, and weak.
|
Nee'kita
|
Posted - 2005.10.10 13:55:00 -
[16]
gmail for the win. [email protected] Although I think that account got full... :p
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |