Phishing is a technique used by cyber-criminals to trick you into providing confidential information by pretending to be an official or trusted source. The most common form of phishing involves the use of emails that include links to fake or malicious websites. These emails are usually disguised as "official" communiques—in our case, they claim to be from the ArenaNet or Guild Wars 2 team—and include links to sites that spread viruses, keyloggers, or other malicious software to your computer.
Because phishing emails can be difficult to spot and decipher, we’ve prepared some useful guidelines that will help you identify and defend against phishing attacks.
How to Spot a Phishing Email
The most effective way to avoid a phishing attack is to understand the warning flags that indicate whether you’re dealing with a dangerous email. Phishing emails will look authentic on the surface, but there are several characteristics to look for that will help you determine whether it's a legitimate message or a scam:
-
Check the address of the sender. If it is from an unusual sender or a strange IP, it is probably a scam. Official emails will always come from a @arena.net, @guildwars2.com, or @guildwars.com domain, though these domains can also be spoofed by experienced hackers. If you're ever in doubt about an email you receive, please contact support via our official helpdesk!
-
NEVER click a suspicious link. It’s not difficult for someone to disguise a link so that it points somewhere other than where it reads. A good practice is to hover over a hyperlink WITHOUT clicking it to see where it leads. If it points somewhere suspicious or to a different address than what it suggests, DO NOT click the link.
-
Check the spelling and grammar of the message. Official emails from the company go through several rounds of editing and grammar checks before being distributed to the public. If you notice any obvious errors, or if the email reads like it’s been written using Google Translate, think twice about clicking any links.
Here are a few things to watch for if an email claims to be from the ArenaNet team:
-
ArenaNet will NEVER terminate your account based on whether you respond to an email. Don't fall for this trap! Phishing emails of this type are common, since they fabricate a false call to action that provokes a user to share their account details on a phony website.
-
ArenaNet will NEVER ask for personal information if unprompted. If we ever need personal details, we'll open a ticket via our official help site or reply to a ticket you've already opened with us.
-
ArenaNet will NEVER ask for your password. We will NEVER ask for your password under any circumstance. Never give it out to anyone!
-
ArenaNet will NEVER send you files. If an email includes a file attachment, it is probably a phishing attack. Do not open the file, and delete the email.
The only times you'll be contacted by an ArenaNet or Customer Support representative is when your account has already been actioned for violating the rules of conduct or Guild Wars 2 user agreement. For example:
- If your account was suspended for a violation of the rules of service.
- If your account was suspended for a chat or naming violation.
- If your account was suspended for botting.
- If your account was closed for engaging in, or helping with, gold sales.
Best Practices to Avoid Phishing Attacks
In addition to learning how to spot a phishing email, these practices will help you protect your account from potential phishing attacks:
- For any matter related to account security, never click a link! Instead, bookmark and access the official account page directly by navigating to https://account.arena.net/login and signing in there.
- To be extra secure, re-type (or copy and paste) URL's into your browser instead of clicking to open them from the email message. This lets you navigate to where the link says, rather than where it is secretly leads.
- Keep in mind that we do our best to write clearly and properly. If you see grammatical errors or odd phrasing in an email message, these could be telling signs that something is “phishy” with the email in question.
If You Think You've Been Phished
If you suspect you've clicked a bad link or that someone might have access to your account, take these steps to secure your personal information:
- Scan your hard drive for viruses, keyloggers, and any other sort of malware. Make sure your anti-virus software is up-to-date so it can identify the latest threats.
- Change the password of your game account to a complex password you've never used before. Tips on how to create a strong password can be found in this article.
- Change the password of your email account. You should follow similar standards for choosing your email password that you use to choose your game account password.
- Consider using two-factor authentication to protect your game account. You can find more information about how to setup and use an authenticator in this article.
- If your email provider offers any two-factor authentication or similar options, take advantage of those to strengthen the security of your email account.
Phishing Email Examples
Here is one of the most common phishing emails. The phony threat of account closure is aimed at frightening people into providing their account details on a phony website.
|
SUBJECT LINE: Guild Wars 2 Account Will Be Shut Down Inform
EMAIL:
We are sorry to inform you that your login account [EMAIL ADDRESS REDACTED] will be shut down or partially limited within 72 hours due to currency transactions or abnormal login. If you want to remove restrictions, please click the following link to validate:
[REDACTED LINK]
Please keep in mind that Guild Wars 2 is a global game with hundreds of thousands of players. This means that standards of behavior must be upheld. For your convenience, you can obtain more information about our rules at the address listed below.
https://www.guildwars2.com/en/legal/
Guild Wars 2 Account Support Team
|
WARNING SIGNS:
- The first warning flag is the subject line. The "Guild Wars 2 Account Will Be Shut Down Inform" doesn't follow English grammar rules, which is a suspicious start.
- Hovering over the first link identifies it as a phishing link. While the text looks like a legitimate link, hovering over the link reveals that it instead points to the .tk domain, or Tokelau—a territory of New Zealand located in the South Pacific—rather than an official ArenaNet or Guild Wars 2 domain.
- Many sites will use legitimate links (such as the guildwars2.com/en/legal link) to make their email look more authentic. Remember to check EVERY link before clicking them!
|
This phishing email threatens the user with account closure if they do not respond.
|
EMAIL:
Greetings!
It has come to our attention that your Guild Wars 2 account [EMAIL REDACTED] for engaging in or assisting wiht gold or item sales for real-world money, If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by ArenaNet Entertainment’s employees. If you wish to not get your account suspended you should immediately verify your account ownership.
You can confirm that you are the original owner of the account to this secure website with:
[RIDICULOUSLY LONG WEBSITE ADDRESS]
We will investigate into this case through verifying the account’s ownership. If the verification goes through, we will cancel any restriction. If you ignore this mail your account can and will be closed permanently.
Thank you for your understanding in this matter and respecting our position and all statutes within the Guild Wars 2 Terms of Use.
Regards,
Kenrich
Guild Wars 2 Support Team
|
WARNING SIGNS:
- Numerous misspellings and grammatical errors.
- Refers to ArenaNet as "ArenaNet Entertainment."
- The email threatens account suspension if you fail to provide personal information. We will NEVER ask for personal information or threaten account suspension.
- Hovering over the website link reveals that it points to a malicious website.
|
This phishing email tries to disguise itself as an account action email.
|
SUBJECT LINE: Account Ownership
EMAIL:
Greetings!
It has come to our attention that you are trying to sell your personal Guild Wars account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by ArenaNet Entertainment’s employees. If you wish to not get your account suspended you should immediately verify your account ownership.
You can confirm that you are the original owner of the account to this secure website with:
[REDACTED LINK]
If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.
Regards,
Account Administration Team
Thanks! —The ArenaNet Team
|
WARNING SIGNS:
- Numerous misspellings and grammatical errors.
- Refers to ArenaNet as "ArenaNet Entertainment."
- The email threatens account suspension if you fail to provide personal information. We will NEVER ask for personal information or threaten account suspension.
- While the link in this email suggests that it's directing you to account.guildwars2.com (an official site), hovering over the link reveals that it points to an unofficial (malicious) website. In this case, the URL points to the .vu domain, which represents a small island nation called Vanuatu. (It should be noted that we do not have any employees working for us in Vanuatu, nor do we send emails through that territory for some reason.)
|
Many phishing emails will use text and links from official emails to trick the user into believing it is a legitimate email.
|
EMAIL:
Dear customer,
Due to suspicious activity, your ArenaNet account has been locked. You tried to login your [NAME REDACTED] account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:
Step 1: Secure Your Computer
In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.
Step 2: Secure Your E-mail Account
After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.
Step 3: Restore access to Your account
We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account:
[REDACTED LINK]
If you still have questions or concerns after following the steps above, feel free to contact Customer Support at https://www.guildwars2.com/en/legal/.
Sincerely,
The ArenaNet Account Team
Online Privacy Policy
|
WARNING SIGNS:
- There are several grammatical errors.
- The link is the biggest giveaway. While the text of the link points to the account site, hovering over the link reveals that the last part of the URL points to the .asia domain.
Learning how to read a domain address is an important way to avoid navigating to a malicious site. For example, a link that points to account.guildwars2.maliciouswebsite.com would take you to the maliciouswebsite.com site, since this is the last part of the domain name (what is known as the top-level domain).
|
This phishing email uses several legitimate links to hide the dangerous link it wants you to follow.
|
EMAIL:
We are sorry to inform you that your login account [ACCOUNT NAME REDACTED] is temporarily closed because it was involved in the sale of in-game items for cash or other items with real world value, or otherwise engaged in gathering items to be sold for cash or other items with real world value. Both actions are against our User Agreement: https://www.guildwars2.com/en/legal/guild-wars-2-user-agreement/
If you wish to reactivate your account, you should immediately verify your account ownership. Click the link below to validate: [REDACTED LINK]
Please keep in mind that Guild Wars 2 is a global game with hundreds of thousands of players. This means that standards of behavior must be upheld. For your convenience, you can obtain more information about our rules at the address listed below.
https://www.guildwars2.com/en/legal/
Regards,
GM [FAKE GM NAME]
Guild Wars 2 Support Team
http://support.guildwars2.com
|
WARNING SIGNS:
- The validation link is the biggest giveaway. While the link text reads account.guildwars2.com, the actual link points to a fake site that installs malware on your computer.
|
This phishing email threatens action if you do not respond, but redirects you to a malicious website to enter your credentials.
|
EMAIL:
Greetings!
Please read this e-mail carefully, as it is related to your account state of Guild Wars 2 account.
First and foremost, I’d like to let you know that we take matters of account very seriously. It has come to our attention that you are trying to sell your personal Guild Wars 2 account. As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled.
Click on the link below to verify your Guild Wars 2 account e-mail address:
[REDACTED LINK]
If you ignore this mail, your account will be permanently closed. Once we verify your account, we will promptly reply to your E – mail to inform you that we have abandoned the investigation.
Please keep in mind that Guild Wars 2 is a global game with hundreds of thousands of players. This means that standards of behavior must be upheld. For your convenience, you can obtain more information about our rules at the address listed below.
[REDACTED LINK]
We’ll see you in-game!
The Guild Wars 2 Team
|
WARNING SIGNS:
- There are several misspellings and grammatical errors. As an example, "email" is spelled multiple different ways in the body of the text.
- The email threatens account suspension if you fail to provide personal information. We will NEVER ask for personal information or threaten account suspension.
- Hovering over the website links reveal that they point to malicious websites.
|
This phishing email is short, and requires you to spot the few characteristics that reveal its intent.
|
FROM: ArenaNet <noreply@guildwars2.com>
SUBJECT: Guild Wars Account Will Be Shut Down Inform
EMAIL:
We are sorry to inform you that your login account will be shut down or partially limited within 72 hours due to currency transactions or abnormal login. If you want to remove restrictions, please click the following link to validate:
[REDACTED LINK]
Guild Wars 2 Team
|
WARNING SIGNS:
- The first warning flag is the subject line. The "Guild Wars 2 Account Will Be Shut Down Inform" doesn't follow English grammar rules, which is a suspicious start.
- While the sender looks legitimate, checking the properties of the email identifies the IP as coming from the Netherlands. This is a undoubtedly a proxy used by cyber-criminals to hide their real location.
- The email threatens account suspension if you fail to provide personal information. We will NEVER ask for personal information or threaten account suspension.
- Hovering over the website link reveals that it links to a malicious website.
|
This phishing email (falsely) suggests that your account has been stolen, and prompts you to recover your account before it is closed.
|
SUBJECT: Guild Wars 2 Account New Security Measures
Due to large amounts of the players’ accounts were stolen, we found that all methods used to steal is E-mail authentication. To protect your account, and avoid account theft or stolen by hackers which will cause account closed, our security department has developed a new dynamic password card security measures. Now they will be distributed free of charge to all players. Please click on the link to receive dynamic password card to ensure account security.
[REDACTED LINK]
To maintain account security is the responsibility of the account holder. Please note that if your account has been stolen, it will be blocked by the security sector. If this happens, please click on our account recovery channel.
[REDACTED LINK]
We will come up with certain security protection measure to protect this account.If your account is limited due to our negligence, we will remove the restriction on our end and offer you a mysterious gift in game as compensation for the inconvenience.
If you need additional help, Please visit our:
[REDACTED LINK]
|
WARNING SIGNS:
- There are several grammatical errors.
- Promises you a "mysterious gift" as an incentive to recover your account.
- Threatens account suspension if you fail to provide personal information. We will NEVER ask for personal information or threaten account suspension.
- Hovering over the website links reveal that they point to malicious websites.
|
Here is an example of an in-game mail message that some players received via the in-game mail system.
|
IN-GAME MAIL:
Hello [DISPLAY NAME REDACTED],
We are sorry to inform you that your account will be closed or partially limited in 72 hours because of a monetary transaction. If you want to remove this restriction, click on the following link:
[NON-CLICKABLE LINK TO PHISHING WEBSITE]
Keep at heart that Guild Wars 2 is a global game with thousands of players. It means a certain standard of behavior must be respected.
GM [FAKE GM NAME]
|
WARNING SIGNS:
- Even if they use a GM name that you know is real, note that ArenaNet will NEVER contact you about an account issue using the in-game mail system. DO NOT follow any links provided by players in the game.
|
This phishing email (falsely) suggests that your account has been stolen, and prompts you to recover your account before it is closed.
|
FROM: ArenaNet <support@guildwars2.com>
SUBJECT: GuildWars2 Account Will Be Shut Down
EMAIL:
We are sorry to inform you that your login account will be shut down or partially limited within 72 hours due to currency transactions or abnormal login. If you want to remove restrictions, please click the following link to validate:
[REDACTED LINK]
Recently, account abuse is obviously rising up. Please pay attention to the safety your account. Don’t share account with any other people. We will not ask for your email password in any forms on our end. With the password, hackers will be able to log in the account through our security verification. If you have any account problem, please click on the link below:
[REDACTED LINK]
We will come up with certain security protection measure to protect this account.If your account is limited due to our negligence, we will remove the restriction on our end and offer you a mysterious gift in game as compensation for the inconvenience.
Need help or have questions about your account? Please visit our:
[REDACTED LINK]
The Guild Wars 2 Team
|
WARNING SIGNS:
- There are several grammatical errors.
- Promises you a "mysterious gift" as an incentive to recover your account.
- The email threatens account suspension if you fail to provide personal information. We will NEVER ask for personal information or threaten account suspension.
- Hovering over the website links reveal that they point to malicious websites.
|
Additional Resources
