devyn-m
(?)Community Member
Ruthless Bloodsucker
Offline
- Posted: Sun, 17 Dec 2006 00:58:13 +0000
Let me explain my goal and a brief back story to this thread. Hopefully, if nothing else, I can help to educate , even just one person... who may not have known this before.
I am a gaia member of over 2 years. I am extremely active with well over 60,000 Posts between my 2 accounts... and for this threads purpose only, I will say that in the least, I have some of the most valued items on gaia. (I am only letting you all know this, so that you are aware of the facts)
As a frequent exchange forum poster, I receive atleast 2 or 3 "hacking attempts" everyday. For me, they are easy to spot as I know that Gaia will never ask for your password. I have always been quick to report the PM and delete them immediately.
Last week, I was hacked. The hackers stole over 70 Million gold worth of Pure and items.
I will show you screenshots of just some of the hacking, that I was able to obtain.
I want you all to know that I did NOT give anyone, nor have I ever given anyone my password..
Thw way I was hacked is called "Phishing" I have since come to learn. Let me give you a simple definition:
this insert is taken directly from a friend of mine's thread..
I am a gaia member of over 2 years. I am extremely active with well over 60,000 Posts between my 2 accounts... and for this threads purpose only, I will say that in the least, I have some of the most valued items on gaia. (I am only letting you all know this, so that you are aware of the facts)
As a frequent exchange forum poster, I receive atleast 2 or 3 "hacking attempts" everyday. For me, they are easy to spot as I know that Gaia will never ask for your password. I have always been quick to report the PM and delete them immediately.
Last week, I was hacked. The hackers stole over 70 Million gold worth of Pure and items.
I will show you screenshots of just some of the hacking, that I was able to obtain.
I want you all to know that I did NOT give anyone, nor have I ever given anyone my password..
Thw way I was hacked is called "Phishing" I have since come to learn. Let me give you a simple definition:
this insert is taken directly from a friend of mine's thread..
empyrean
PLEASE TAKE NOTE: For any of you posting offers in this thread or just reading through the Exchange in general: IGNORE AND DO NOT RESPOND TO ANY PM'S YOU RECIEVE FROM THE AVATAR 'BetaLabRepresentative.' He will invite you to participate in some Gaia-related Beta Testing, and will give you a link to a website that looks EXACTLY like the Gaia log-in screen. DO NOT BE FOOLED, THIS IS A SCAM. It is called PHISHING, and is used to obtain your username and password without directly asking you for them. Please be aware of any links that may redirect you to a site who's address does not start with 'http://www.gaiaonline.com' and DO NOT FOR ANY REASON enter your user info into any section of any website that does not have 'http://www.gaiaonline.com' as the first part of the URL. ANY OTHER WEBSITE IS A BOGUS URL. Please be careful, as I have already seen at least one person lose Portable Headphones and Mini-Wings to this EXACT scam, and this very scam was attempted on several people browsing this thread yesterday. sad
You see, the hackers learn from their mistakes, they go back and revise new plans.
I have been asked by the admins NOT to reveal too many details about my paticular case, as they do not want the person responsible, knowing what the admins are up to, but I can tell you that, yes, the hacking was reported.
Why I am making this thread..
This is a quote DIRECTLY from one of the admis working on my case.
gaia admin
the reports are heavily backlogged, but the hacker's trading has been disabled. And a hacking case is ever unable to resolve and the mods WILL contact you once they get to your report, so I will have to ask for your patience, even if it might take months. It's just that we have to spend time to investigate each case carefully, I hope you understand.
Months.. They are so overwhelmed with hackings, they are literally MONTHS behind.. (please see additional quote):
gaia admin
The mod you contacted was a purple and hence was not able to trace down the whole thing, so the trade he disabled for was already too late. I've tried to track down as far down as it seems to be but there need to be a more through investigation to finish this as it IS a big case.
The hacker sent the items across several accounts to create confusion, but I managed to find the end account and the trading and vending for that account is disabled.
As we do not allow people to cut the line, as every hacking case is just as urgent, you will have to fill out a hacking report on the site.
The hacker sent the items across several accounts to create confusion, but I managed to find the end account and the trading and vending for that account is disabled.
As we do not allow people to cut the line, as every hacking case is just as urgent, you will have to fill out a hacking report on the site.
I was told that the amount of hacking on Gaia, has increased so dramatically in the last few months that the admins are literally overwhelmed with reports.. LITERALLY.
Its not Gaia's fault, nor the admins.. They are doing the best they can.. But there is no way to stop people from making bogus account just for the sake of hacking.. Thats an impossible thing to even suggest.
I have a friend who has been waiting OVER 4 months, and still has not received one item back. D:.
You see, I dont know about everyone else, but I worked my a** off for almost every item I had.. I fished myself to a trophy in Jan 05" I gambled for hours and hours for my hats , and I post like crazy... I am a donator as well, but as a college student, with limited funds, my donations are far from excessive..
WHAT ID LIKE TO SEE HAPPEN:
I would like to know what you all think about having Gaia, impliment a COMPLETELY different password, that you must enter, while conducting any business at the bank. Yes, it will be less convenient to have to enter a seperate password.. But I believe security FAR OUT WEIGHS the inconvenience of an additional 3 seconds that it would take you to type the password in. You see, this way, we can atleast have some mechanism of defense to fight back against these hackers. They will not be able to trade any of your items out of your account unless they know BOTH your account password and your Trading password.
If you disagree, try being hacked, and come back and tell me you feel the same way.
Here are some of the pictures for you. I have also included the copy of the PM the hacker sent me as well so you can all be on the look out for similar scams.
NoOne deserves to be stolen from.. Its an awful feeling of violation and helplessness... and no matter if someone has a lot of items, or just a few, they are YOUR ITEMS, and just as important to you, as anyopne else.
Screenshots are of 2 of the 5 trades... and the original PM
Thanks for your time, and support. To everyone that has helped me through this.. You are all amazing people, and I am greatful to know you.
PLEASE, IN ALL DO RESPECT, DO NOT FLAME. I will report it.
devyn-m
yes, and now I am aware of that.. I am not asking anyone to take blame for me falling for the scam... that has already been established.
But look at it this way:
If you leave your car unlocked.. does that give ANYONE the right to steal it? Ofcourse not! Its still a crime, and you will still go to jail for doing that crime.
No one has the right to take anything from another person that is not rightfully give to them IT IS STILL THEFT.. So, you see... telling someone that its their fault for falling for a scam or being tricked, is absolutely pointless here.
Move beyond that ... its about implimenting better safety measures to decrease the amount of successful attempts of a scam or hack.
Let me also tell you, that not once, but two times, I have been sent the exact same PM , FROM GAIA, to test towns in 05" and test profiles in 06". Being that the PM of the hacker was almost IDENTICAL to those, I had no reason to suspect that it wasnt authentic.
But look at it this way:
If you leave your car unlocked.. does that give ANYONE the right to steal it? Ofcourse not! Its still a crime, and you will still go to jail for doing that crime.
No one has the right to take anything from another person that is not rightfully give to them IT IS STILL THEFT.. So, you see... telling someone that its their fault for falling for a scam or being tricked, is absolutely pointless here.
Move beyond that ... its about implimenting better safety measures to decrease the amount of successful attempts of a scam or hack.
Let me also tell you, that not once, but two times, I have been sent the exact same PM , FROM GAIA, to test towns in 05" and test profiles in 06". Being that the PM of the hacker was almost IDENTICAL to those, I had no reason to suspect that it wasnt authentic.
Empyrean
Heya Dev ^^
Just thought I'd drop by and give a bit better explanation of Phishing, what it entails, and how widespread it is, since it's unlikely that Gaia is the last place most people will encounter it.
Dictionary.com defines 'Phishing' as:
Phishing is an unusually dirty way to get ahold of someone's account information, because it does not display the normal traits of a user account for a website claiming to need various types of information. It is very often unnoticeable, unless you are specifically looking for it.
Websites created for Phishing purposes can be as simple as a look-alike login screen. Most are look-alike sites that simply offer you a duplicate error page for the site they are trying to copy, and ask you to log in again. When you enter your username and password into the form, instead of being transmitted to the real website, the information you entered is simply emailed to the creator of the fake page, and you are redirected to the real one.
Once the scammer has your account name and password, they can log into your account, and lock you out within minutes by changing your username, password, and even the email address you registered it with.
Why would someone do this, you ask? Because of websites like this: http://www.vponsale.com/gaia-online-gold ... Because people make real money by stealing your account information and your items, and a lot of it. It's the same concept as http://www.ige.com ~ they just found yet another way to do it. : /
But the dangers can go deeper than lost pixels.
Phishing is one of the most popular emerging ways for identity thieves to gain credit card information, social security numbers, names, addresses, birthdates, and even phone numbers online. In spite of warnings, many, many people will used the same password over and over online, for tens or hundreds of different accounts. Once a Phisher gets a name and password for someone's account, there is something like a one in three chance that they will be able to use that SAME password to gain access to the victims email.
This is the dangerous part: since so many websites send lost passwords to your email address, the scammer can look through your email, figure out what other websites you have accounts with, and request passwords for them, without ever having to directly speak to you to do it. Other accounts may yield gold mines of information to them, including credit card and social security numbers.
So, a word to the wise. Never, ever, ever use the same password that you use for your email for ANY other online account. If you have accounts with active or shown credit card information on them, never use the same password for any of them. If you feel that you may have been the victim of a phishing scam, change any other identical passwords online immediately, and report it to the sites you may have been affected by. Be aware of the URLs of any links that are not part of a real website; these replica websites are often URLs sent in emails, posted on message boards, and posted in chat rooms. If you have any doubts, don't click it; contact someone at the real website to make sure the link you have is legitimate.
Be safe with your personal information, so that this doesn't happen to you. 3nodding
Just thought I'd drop by and give a bit better explanation of Phishing, what it entails, and how widespread it is, since it's unlikely that Gaia is the last place most people will encounter it.
Dictionary.com defines 'Phishing' as:
Quote:
Main Entry: phishing
Part of Speech: n
Definition: the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords
Example: 1996; as in 'fish' for users
Part of Speech: n
Definition: the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords
Example: 1996; as in 'fish' for users
Phishing is an unusually dirty way to get ahold of someone's account information, because it does not display the normal traits of a user account for a website claiming to need various types of information. It is very often unnoticeable, unless you are specifically looking for it.
Websites created for Phishing purposes can be as simple as a look-alike login screen. Most are look-alike sites that simply offer you a duplicate error page for the site they are trying to copy, and ask you to log in again. When you enter your username and password into the form, instead of being transmitted to the real website, the information you entered is simply emailed to the creator of the fake page, and you are redirected to the real one.
Once the scammer has your account name and password, they can log into your account, and lock you out within minutes by changing your username, password, and even the email address you registered it with.
Why would someone do this, you ask? Because of websites like this: http://www.vponsale.com/gaia-online-gold ... Because people make real money by stealing your account information and your items, and a lot of it. It's the same concept as http://www.ige.com ~ they just found yet another way to do it. : /
But the dangers can go deeper than lost pixels.
Phishing is one of the most popular emerging ways for identity thieves to gain credit card information, social security numbers, names, addresses, birthdates, and even phone numbers online. In spite of warnings, many, many people will used the same password over and over online, for tens or hundreds of different accounts. Once a Phisher gets a name and password for someone's account, there is something like a one in three chance that they will be able to use that SAME password to gain access to the victims email.
This is the dangerous part: since so many websites send lost passwords to your email address, the scammer can look through your email, figure out what other websites you have accounts with, and request passwords for them, without ever having to directly speak to you to do it. Other accounts may yield gold mines of information to them, including credit card and social security numbers.
So, a word to the wise. Never, ever, ever use the same password that you use for your email for ANY other online account. If you have accounts with active or shown credit card information on them, never use the same password for any of them. If you feel that you may have been the victim of a phishing scam, change any other identical passwords online immediately, and report it to the sites you may have been affected by. Be aware of the URLs of any links that are not part of a real website; these replica websites are often URLs sent in emails, posted on message boards, and posted in chat rooms. If you have any doubts, don't click it; contact someone at the real website to make sure the link you have is legitimate.
Be safe with your personal information, so that this doesn't happen to you. 3nodding
