test content
What is the Arc Client?
Install Arc

A *HUNDRED* Account Hijack Attempts In The Past Hour!

2

Comments

  • eiledoneiledon Member Posts: 595 Arc User
    edited January 2015
    check the headers in one of the emails. there should be an option in your client or webmail to do this.


    within the header see if you can determine wether these are official emails or spoofed addresses. it may be that someone is trying to obtain your log in details rather than actually trying to log in and change your password.
  • solemkofsolemkof Member Posts: 0 Arc User
    edited January 2015
    erei1 wrote: »
    If a bot try a hundred time to reset your password, you'll receive a hundred mail. Can you see the problem ?
    It seems use of the password reset function requires input of the email address. If a malicious party already knows your email, they don't need to use PWE's services to flood your mailbox.

    Also, those hundred mails per hour are a reminder to check and, if possible, improve your mailbox's security; because if they really want to hijack your account, the password reset is getting them nowhere unless they manage to break into your mailbox.
  • sgtschatzsgtschatz Member Posts: 45 Arc User
    edited January 2015
    DOOM!!!!!!!!!!!!!!!! Your act is going to go PEW PEW PEW!!!!!!!!!!!!!! Ahhh The humanity of it all. Chill you still has your account. It is safe Life is good. What is the purpose of this????:confused:
    [SIGPIC][/SIGPIC]
  • monkeybone13monkeybone13 Member Posts: 4,640 Arc User
    edited January 2015
    eiledon wrote: »
    check the headers in one of the emails. there should be an option in your client or webmail to do this.


    within the header see if you can determine wether these are official emails or spoofed addresses. it may be that someone is trying to obtain your log in details rather than actually trying to log in and change your password.

    That was my first thought: phishing emails made to look like they came from PWE in an effort to trick the user into going to some legitimate looking website and give up their user name and password so they can log into the user's account and clean them out. If that's the case it would explain why customer support told the OP they didn't see any account hijack attempts.

    My best advice is to add the sender to your email blocklist and change your email password.

    I've received weird phishing emails in the past telling me my WoW account is at risk of being banned for selling gold and to go to some website to log in and discuss the matter with customer support. The funny thing is I have never ever, not then or now, had an account of any kind for WoW, Blizzard, or anything related to them, especially not with the email address that received these phishing emails.
  • nyx219nyx219 Member Posts: 207 Arc User
    edited January 2015
    My husband's PWI account has been TRIBBLE twice in the last week. Both times, the staff did take care of it, as the hacker had been a (presumably stolen) credit card to purchase a lot of Zen. When he checked his email & saw the confirmation email, he logged in as fast as he could. In his case, it seems they were buying up a bunch of unbound store stuff, posting it on the exchange, and the profits immediately were transferred to another player, likely one of the 3 brand-spanking new pending friend requests he didn't know about prior to logging in.

    In the end, they caught the hacker red-handed trying to log in while he was online chatting back & forth with a GM. Whatever went into doing that from the tech end, it was fast, and an IP ban got dished out.

    Considering what he had to deal with, I don't doubt the OP is either the victim of a hack attempt, or a phishing attempt.
  • gfreeman98gfreeman98 Member Posts: 1,201 Arc User
    edited January 2015
    Best advice I think would be to login and change the email address associated with your account to another.

    Make sure you're using strong passwords on both your STO account and your email, and do not use the same password for them!
    screenshot_2015-03-01-resize4.png
  • imruinedimruined Member Posts: 1,457 Arc User
    edited January 2015
    jonsills wrote: »
    So, what you're saying is, someone set a bot to try to hack your account. And every last time it failed, as you did not respond to any of those emails asking you to verify the attempt.

    I'm really not seeing what exactly you're upset about. The verification system worked as designed; the bot was unable to hack your account. PWE isn't seeing anything, because as far as their system is concerned, nothing happened. Other than a user attempting to change their password, of course, which probably happens a couple thousand times a day across all PW games.

    So, you've now proved Account Verification is indeed a secure system. Thanks!
    erei1 wrote: »
    Are you avoiding the point on purpose, or are you just born that way ?


    If a bot try a hundred time to reset your password, you'll receive a hundred mail. Can you see the problem ?

    You mean to say there was, at some stage other than what I quoted from Jonsills, a legitimate point made in this thread prior?

    Someone complaining about being spammed by an automated hack-avoidance system has no point, it was general whinging...

    Jonsills' quote above, is about the first real post to contain anything of legitimacy and you try and attack it? Why? What's your point that you're trying to make?

    Jonsills' post is entirely correct... The spam of messages were automatically generated, and the very fact the OP recieved such a large number (however many that truly was without exaggeration) means that the login systems' security measures are indeed working...

    Truth is, there is nothing that Cryptic/PWE can do about ATTEMPTED fraudulent logins, even if they admitted to being aware of them, as those attempts would have been from some bot that was programmed to hammer a known account with random passwords until access was granted...

    At most, Cryptic/PWE would see a large number of failed login attempts but there would be nothing they could do about them, despite the OP's apparent desire otherwise...

    Admittedly, one step that Cryptic/PWE could take would be that after X number of login attempts (5 - 10 perhaps), the account is suspended for a period of time (possibly even requiring contact with Customer Service), but beyond that, Cryptic/PWE's hands are tied as to dealing with hack attempts...
    The entitlement is strong in these forums...

    not_funny_Q_shadows_small.jpg
  • seaofsorrowsseaofsorrows Member Posts: 10,919 Arc User
    edited January 2015
    equinox976 wrote: »
    Whilst I'm sure its not very nice, what exactly do you think we or the forum mods can do about it ?

    You just need to understand the OP.. anything that ever happens anywhere is Cryptics fault and demands a screaming rant thread.

    He reads something he doesn't understand.. Cryptics fault.

    Someone tries to hack his account.. Cryptics fault.

    It's 5 degrees warmer today then the weather guy said it would be.. Cryptics fault again.


    You need to take anything this guy says with a grain of salt. He doesn't want help, he wants to rant.
    Insert witty signature line here.
  • horridpersonhorridperson Member Posts: 665 Arc User
    edited January 2015
    posted by mhirtesc
    No. I just refuse to be your dancing monkey.

    You behave like a dancing monkey of your own volition. Frequently. If you threw down a hat maybe someone would put zen in it.
    battlegroupad_zps8gon3ojt.jpg

  • olliereportolliereport Member Posts: 721
    edited January 2015
    iconians wrote: »
    So, you are not willing to back up your claims that you state have happened?

    don't be a weenie. he could be lying but why? this stuff happens all the time.

    but they probably "see no hijack attempts" because you aren't responding to the phishing emails
  • erei1erei1 Member Posts: 4,081 Arc User
    edited January 2015
    imruined wrote: »
    Jonsills' post is entirely correct... The spam of messages were automatically generated, and the very fact the OP recieved such a large number (however many that truly was without exaggeration) means that the login systems' security measures are indeed working...
    Oh yeah, the security measure is working. Not that it was solicited mind you, because asking for someone's username/password is not really trying to hack him.
    Meanwhile, this player is getting is mailbox flooded by unsolicited mail. And if check them as spam, he might miss an important information from PWE.

    Really, I think you guys do your best to ignore the OP point, and argue about something else remotely related.
    He speak about getting his mailbox flooded by PWE mail, and you speak about.... security measures. Right...


    Quite frankly I'm a bit disappointed by this thread. Someone have a problem, even post screenshot to show his problem, and all he gets is being trolled. Perhaps it's his fault if he is victim of some cyber troll ?
    [SIGPIC][/SIGPIC]
  • iconiansiconians Member Posts: 6,987 Arc User
    edited January 2015
    he could be lying but why?

    I don't care too much about the why behind someone's thought processes. If I did, I would likely die of a brain aneurysm from my exposure to the STO forums.

    If someone makes an accusation, it is a typical human response to ask for proof to back up that accusation.

    Somebody asking for proof does not make them a troll.

    The fact I am here on a video game forum for Star Trek trying to explain why fact-based evidence is an extremely important facet to human communication should be seen as comical at best, and shameful at worst.
    ExtxpTp.jpg
  • theanothernametheanothername Member Posts: 1,511 Arc User
    edited January 2015
    Don't click on anything anywhere from unrequested password change mails/similar. About 3 weeks ago I also got a small flood of "You changed your PW password, just click here to confirm" mails that where all fake & looked nothing like the Perfect World changed password info mail.
  • imruinedimruined Member Posts: 1,457 Arc User
    edited January 2015
    erei1 wrote: »
    Oh yeah, the security measure is working. Not that it was solicited mind you, because asking for someone's username/password is not really trying to hack him.
    Meanwhile, this player is getting is mailbox flooded by unsolicited mail. And if check them as spam, he might miss an important information from PWE.

    Really, I think you guys do your best to ignore the OP point, and argue about something else remotely related.
    He speak about getting his mailbox flooded by PWE mail, and you speak about.... security measures. Right...


    Quite frankly I'm a bit disappointed by this thread. Someone have a problem, even post screenshot to show his problem, and all he gets is being trolled. Perhaps it's his fault if he is victim of some cyber troll ?

    Either you're consciously playing the fool, or you're just ignorantly naive to how such measures actually work...

    The 'flood of emails' is working as intended and is pretty standard practice when it comes to hack attempts for MMO's... What do you expect Cryptic/PWE to do? Please enlighten us...

    I'll also just point out I am not ignoring what the OP said, I just see no point legitimising such a pointless, baseless and exagerated whinge, especially not defend it as you seem intent on doing...

    Being inundated with emails can hardly be considered being victimised in some form or another... I, like I'm sure everyone on this forum, am inundated with unsolicited spam on a daily (hourly) basis...

    Automated warnings from a service which I subscribe, regarding the security of my account with them, can hardly be considered unsolicited, nor would I personally have any for of issue with several dozen warnings as I accept that they are automated messages and par for the course of the services' security features...
    The entitlement is strong in these forums...

    not_funny_Q_shadows_small.jpg
  • erei1erei1 Member Posts: 4,081 Arc User
    edited January 2015
    imruined wrote: »
    The 'flood of emails' is working as intended and is pretty standard practice when it comes to hack attempts for MMO's... What do you expect Cryptic/PWE to do? Please enlighten us...
    Ok, I'll use my superior intelligence to answer that one. Having a limit on how many mails per set time frame being sent to someone for password/username change request. For example, no more than 10-20requests per day or something.

    If you loose your username/password, you don't need 100mails, do you ?

    Now I really feel clever... Oh wait, it was quite obvious, was it ?
    [SIGPIC][/SIGPIC]
  • imruinedimruined Member Posts: 1,457 Arc User
    edited January 2015
    erei1 wrote: »
    Ok, I'll use my superior intelligence to answer that one. Having a limit on how many mails per set time frame being sent to someone for password/username change request. For example, no more than 10-20requests per day or something.

    If you loose your username/password, you don't need 100mails, do you ?

    Now I really feel clever... Oh wait, it was quite obvious, was it ?

    Firstly, you've missed the entire point of these emails completely... They are not to tell you you forgot your password, they are to inform you that someone has tried to recover the password... Given the only person who should be doing so is the owner of the account, anything outside of the account holder would be considered a hack attempt...

    By sending multiple emails it's intended to highlight just how many attempts there have been and to emphasise that the security of your account could be in question...

    What's especially funny about your response is that these 'hundreds' of messages are often quite a long time apart, one gap being almost 4 hours...

    If all of these messages were minutes apart I would agree, however, given that the emails are commonly 10 - 20 minutes apart, this is quite reasonable and highlighting when these attempts are being made...

    So, the complaint is still fairly baseless and difficult to defend...

    Something else you're failing to consider here, perhaps if the OP had not used these password recovery attempts as an infantile attempt to have a crack of Cryptic they'd have not been 'trolled' in response... It was a ridiculous and incredulous comment that was deserving of retort in kine frankly...
    The entitlement is strong in these forums...

    not_funny_Q_shadows_small.jpg
  • edited January 2015
    This content has been removed.
  • jexsamxjexsamx Member Posts: 2,803 Arc User
    edited January 2015
    iconians wrote: »
    The fact I am here on a video game forum for Star Trek trying to explain why fact-based evidence is an extremely important facet to human communication should be seen as comical at best, and shameful at worst.

    Ah, I see we have an early contender for "Best Post of the Year".
  • iconiansiconians Member Posts: 6,987 Arc User
    edited January 2015
    shazia9191 wrote: »
    Iconians is also a bit skeptical of the numbers and asks for some evidence, and the OP's response is to jump straight into namecalling, hostility, and completely unprovoked defensiveness.

    It's not just the numbers. Really, there could have been 100 and like you said... sure, we'll go with it.

    It was a number of things in their post that they simply weren't willing to back up.
    Tried to send a trouble ticket to Cryptic

    No screenshot of that, either. Or what the ticket consisted of.
    All got was a "DUH-UHHHHH! We see no hijack attempts! DERRRRRRP!"

    No screenshot of that, either. Or what their actual, non-satirical response consisted of and why.
    Seems that trying to level a new account is so hard & nasty now that stealing another players' STO account is a more viable option. Good going, Cryptic!

    And just as a last point of contention, why the OP felt it necessary to blame Cryptic for the unscrupulous, and unethical acts perpetrated by a third party. Like blaming Nike for creating Air Jordans that people want to steal. :confused:

    Ideally, if the OP was being 100% truthful, they had the ball in their court to convince me that they were slighted by poor customer service at PWE. By providing actual evidence, they could have actually made me eat crow. They could have pointed out how dumb I am, how naive I am, or how I let my skepticism blind me to the horrific tragedies that befall them.

    Instead, yeah... the usual toxic rhetoric around these parts.
    jexsamx wrote: »
    Ah, I see we have an early contender for "Best Post of the Year".

    That's even more depressing. I don't want any applause or accolades for doing something people should be doing all along.
    ExtxpTp.jpg
  • virusdancervirusdancer Member Posts: 18,687 Arc User
    edited January 2015
    he could be lying but why?

    Er...given the OP's thread creation history...
  • js26568js26568 Member Posts: 0 Arc User
    edited January 2015
    Person raises an issue, admittedly in an over-the-top slightly insane manner.

    Another person comes along and immediately dumps on it from a great height for no reason.

    Thread continues for many pages but both people look like idiots.

    *awaits overly long boring post from either the OP or Iconians that I won't bother to read*
    [SIGPIC][/SIGPIC]
    Free Tibet!
  • iconiansiconians Member Posts: 6,987 Arc User
    edited January 2015
    js26568 wrote: »
    Person raises an issue, admittedly in an over-the-top slightly insane manner.

    Another person comes along and immediately dumps on it from a great height for no reason.

    Thread continues for many pages but both people look like idiots.

    *awaits overly long boring post from either the OP or Iconians that I won't bother to read*

    I think you're absolutely correct, and admit I am an idiot in all possible ways ever imaginable.
    ExtxpTp.jpg
  • virusdancervirusdancer Member Posts: 18,687 Arc User
    edited January 2015
    js26568 wrote: »
    Person raises an issue, admittedly in an over-the-top slightly insane manner.

    Another person comes along and immediately dumps on it from a great height for no reason.

    Thread continues for many pages but both people look like idiots.

    *awaits overly long boring post from either the OP or Iconians that I won't bother to read*

    Favoritism! Favoritism! Favoritism! You clearly stated Iconians' name while merely alluding to er...the other fellow...uh...as the OP.
  • chaelkchaelk Member Posts: 5,727 Arc User
    edited January 2015
    to the OP,

    the reason your emails are a certain time apart, only 2 are 2 mins apart(the rest are between 20 and 40 mins apart on that picture), is because after a certain amount of wrong passwords, it blocks you from retrying. so they have to wait.

    1.as Jonsills stated, since you are getting the warning messages. it means that someone has FAILED to get into your account.


    2.as someone else pointed out, change your email address.
    as long as you have the same email attached, they will continue trying.

    3.don't use a similar email name to what you have on ANY game login.

    4.don't use a common password. acct hacks work on a long list of common passwords to game accts. GW2 actually has the list as banned passwords, so you can't use them.

    Monkeybone- those emails about wow accts are all phishing ones. I used to send them on to Blizzard security before I got bored and wiped that email.(which was my old acct email before their acct guard was installed)

    If you check your recent email access file, you should see a different login attempt for each of them. I got them from all over the world.
    Stuffing up Freeform builds since Mid 2011
    5e4fd3cb-b728-4870-849c-b007bccaf5e9_zpsqomajucn.jpg

    Get the Forums Enhancement Extension!
  • coupaholiccoupaholic Member Posts: 2,188 Arc User
    edited January 2015
    Wouldn't this be better served in the support section? It looks eerily like a technical issue to me.
  • heckgoblinheckgoblin Member Posts: 685
    edited January 2015
    Trekkies are such total spergs.
    I AM WAR.
  • meimeitoomeimeitoo Member Posts: 12,594 Arc User
    edited January 2015
    mhirtesc wrote: »
    Dude, you aren't my keeper. I do not need to run around doing stuff to appease YOU. I did more than I needed to just to provide you with a screencap and now you want to make me run around some more. Go foul up some other thread.


    ^^ This.

    I suspect the only reason you posted about it was to maybe grab the attention of Cryptic (after their alleged CS totally fobbed you off, as usual). You are not beholden to Iconians, in any matter whatsoever.

    I hope you get your issue resolved soon.
    3lsZz0w.jpg
  • edited January 2015
    This content has been removed.
  • mirrorchaosmirrorchaos Member Posts: 9,844 Arc User
    edited January 2015
    mhirtesc wrote: »
    Tried to send a trouble ticket to Cryptic they last time they pulled this a few weeks ago. All got was a "DUH-UHHHHH! We see no hijack attempts! DERRRRRRP!", yet I get my email inbox flooded with over a 100 attempts per hour this weekend.

    Seems that trying to level a new account is so hard & nasty now that stealing another players' STO account is a more viable option. Good going, Cryptic!

    and how does any of that help on this forum? this isnt a support section. so why this thread exists for in the first place...

    as for the rest, there is fairly little one can do in an age where people will do anything to defeat something when they have the tools, some can get target fixation and fly into the ground with the target. who knows, but the point in the end is simple you can in a vain attempt to try a different pass, email and usernames if its possible, but that only delays further attempts until it happens again. cryptic cant be held to blame for what others do but they are not completely faultless or even the user in question being TRIBBLE for making it as easy as it is. in the end its just a game, right? :P
    T6 Miranda Hero Ship FTW.
    Been around since Dec 2010 on STO and bought LTS in Apr 2013 for STO.
  • meimeitoomeimeitoo Member Posts: 12,594 Arc User
    edited January 2015
    shazia9191 wrote: »
    Oh boy what a surprise. STO's posting all-stars coming together, giving each other a shoulder to lean on. Thanks, Meimeitoo, for jumping in with your "two cents." You are absolutely right -- no one is beholden to Iconians; however, the OP's descent into juvenile, namecalling troll. He could have just said no to a screenshot; he could have just ignored Iconians instead of posting an image with the tags "I'm" "G*y" at the top, apparently as a means to insult Iconians. Hmm....using the word G*y as a derogatory insult to someone? Yes, that is completely within the bounds of good taste.

    Westboro Church: God hates G*ys.
    Meimeitoo: This sounds very reasonable too me. I wonder why these people keep getting trolled.


    LOL. In all fairness, I didn't look at his posted screenshot. (And something tells me I probably shouldn't. :P) It just felt somewhat out of character for Iconians -- who's usually the voice of equity -- to go after this guy so much. I guess your post explains a few things.

    All I know, at least, is that a hundred attempts to hack my account would seriously make me nervous too, and I'd probably wind up posting about it as well.
    3lsZz0w.jpg
This discussion has been closed.