Page 1 of 2
Phishing?
Posted: 27 Oct 2012, 22:51
by Wings of Steel
Received a whisper from "Wiz Khalifa" stating that "because of lag themanaworld has created another website
http://www.themanaworld.tk" and was told to sign up for an account. Smells phishy so I'm reporting it instead.

(resized, click for full pic)
Re: Phishing?
Posted: 27 Oct 2012, 23:15
by Crazyk8e
And me too, and countless other players I am sure. Makes me mad that people stoop so low to take advantage of others and to not play fairly. Grr.
Re: Phishing?
Posted: 27 Oct 2012, 23:17
by Nard
Hello everyone

we received that message from a char named wiz khalifa:
##C[22:14] wiz khalifa: because of a lot of lags themanaworld has created another website
http://www.themanaworld.tk hurry up enter and update ur account
IT seems that Salah is back again (maybe his twin)
THIS IS MOST LIKELY TO BE A SCAM
Do not even connect to the site: see these topics, especially the first one:
http://forums.themanaworld.org/viewtopi ... hilit=King
http://forums.themanaworld.org/viewtopi ... ilit=Salah
http://forums.themanaworld.org/viewtopi ... ilit=Salah
http://forums.themanaworld.org/viewtopi ... lah#p91859
[*]
http://forums.themanaworld.org/viewtopi ... ilit=Salah
Re: Phishing?
Posted: 28 Oct 2012, 00:54
by firekitty
Same to random chars:
[21:58] wiz khalifa:
www.themanaworld.tk new event website of themanaworld be the first who check it and win a lot of money and items ....
[22:06] wiz khalifa:
www.themanaworld.tk new event website of themanaworld be the first who check it and win a lot of money and items !!
[22:16] wiz khalifa: because of a lot of lags themanaworld has created another website
www.themanaworld.tk hurry up enter and update ur account!!!
Re: Phishing?
Posted: 28 Oct 2012, 06:06
by o11c
Hm, since Elven owns the trademark for TMW, that means we could takedown that domain.
Re: Phishing?
Posted: 28 Oct 2012, 08:44
by tux9th
Dear lord!
O11c that would be great. We should do ingame announcements and / or update the news!
Re: Phishing?
Posted: 28 Oct 2012, 10:15
by Crush
Moved from Court House to Player Talk
I just made an ingame announcement warning players to enter their account info into websites. I would like to encourage the developers and GMs to do the same from time to time in the next days.
Re: Phishing?
Posted: 28 Oct 2012, 11:59
by Chicka-Maria
sadly this is not a uncommon thing that happens, its happened to 2 friends of mine in the past week...
Its really damn simple how to not get scammed...
DON'T TELL YOUR PASSWORD TO ANYBODY EVEN "ADMINS", THEY CAN SEARCH YOUR PASSWORD AND DON'T NEED YOU TO TELL THEM AT ANY TIME AT ALL.
In other words don't be stupid.. keep your information to yourself. If there was another website because of "lag" somehow there would be global announcements from GM's or Admins.
Regards,
Re: Phishing?
Posted: 28 Oct 2012, 13:17
by firekitty
Crush wrote:Moved from Court House to Player Talk
I just made an ingame announcement warning players to enter their account info into websites. I would like to encourage the developers and GMs to do the same from time to time in the next days.
Same about using different username-passwd on other servers.Sometimes they practice invitations to a 'new,cool servers with new maps,monsters,items etc etc'
Re: Phishing?
Posted: 28 Oct 2012, 21:04
by Ablu
Code: Select all
[12:59:11] <Ablu> the phishing page is hosted here: http://com2us.bugs3.com/tmw/
[12:59:20] <Ablu> you can maybe mail owner of that page?
[12:59:30] <Ablu> it looks like it is a page where people can host stuff
EDIT: Mail of owners can be found at
http://com2us.bugs3.com/
Re: Phishing?
Posted: 29 Oct 2012, 10:49
by Doofus
The trouble with phishing is that there is a market for it. As long as there is a market for it, people will take advantage of it. You can try as hard as you like to police it but you'll end up failing and at the extreme end making everyones lives miserable in an attempt to do so (AACS).
Eliminating the demand; however, will eliminate phishing. So I was thinking why not as an additional security measure add say a secret question or two for each account. tmw will never ask for this (so users aren't in the habit of entering it and are thus more wary if asked) it's only checked by admins if a report is made by someone that their account has been hijacked. Customers of phishing sites aren't going to pay up as readily if they can tell that their limited account/password pair will be identified as stolen and closed down quickly.
Re: Phishing?
Posted: 29 Oct 2012, 12:05
by blackrazor
@Doofus
You would be surprised at how well dedicated phishers can take advantage of layers of security questions. I had my Runescape account hijacked, not because I entered my user/pass on a bad site, not because my password was easy to guess or used anywhere else, but instead because a phisher was dedicated enough to jump through the various hoops and knew enough about my life to guess at enough of my security questions and personal details, sufficiently to fool Jagex staff into handing over the account.
You would be surprised at how someone, pretending to be your friend, can over time work into a conversation what ISP they (and you) are using, what are the names of your pets, maiden name of your mother, etc.
I would rather keep it simple and stupid. Username and password, tied to an email address given during registration. If I lose the password and the email address without first specifying a new one, then too bad for me. That's far better a risk than having to be constantly paranoid at every seemingly innocent question about my life that comes my way.
EDIT: On the subject of wiz khalifa, I hope there is a way for the admins to track the IPs used back to their main account(s), so they can be perma banned. Heck, if I could, I would set up the client to check a central database of ultra-perma-banned players (like this one) and not even load up the serverlist for any servers. But that might be beyond the licence or other technical issues; still I can dream, can't I ?
Re: Phishing?
Posted: 29 Oct 2012, 20:10
by Wings of Steel
blackrazor wrote:On the subject of wiz khalifa, I hope there is a way for the admins to track the IPs used back to their main account(s), so they can be perma banned. Heck, if I could, I would set up the client to check a central database of ultra-perma-banned players (like this one) and not even load up the serverlist for any servers. But that might be beyond the licence or other technical issues; still I can dream, can't I ?
The problem is that IP addresses can be changed, proxies can be used and banning IP ranges tends to be more problematic for legit players than the nefarious users intended. Some websites allow a mobile phone to be registered to the account so the user can validate himself as the true owner. Not sure if it's a viable option for TMW, though.
Re: Phishing?
Posted: 29 Oct 2012, 22:45
by Matt
o11c wrote:Hm, since Elven owns the trademark for TMW, that means we could takedown that domain.
Buttshit. TMW is no trademark and Elven for sure does not own it. If so, Sony might want to talk with us about "World of Mana".
BTW, this reminds of me of this old thread
http://forums.themanaworld.org/viewtopic.php?t=990&
And we are still here, yay! And of Dayne...
Ontopic, sounds legit, I will register.
Re: Phishing?
Posted: 29 Oct 2012, 23:06
by o11c
Matt wrote:TMW is no trademark and Elven for sure does not own it.
Sure it is, and sure he does.
I was specifically thinking of
that facebook thing,
but remember, you don't have to register a trademark, you only have to use it in "trade".
Unregistered trademarks use ™.
Registered trademarks use ®.