Play Safe – Check those links!!

I got a very official email yesterday from another gaming company (NOT Wizard 101 or KingsIsle), warning me that my account might have been compromised and giving me a handy link to a very official looking website so I could go and change my password.  The problem was – I don’t play that game, and I’ve never had an account with their system.  It was a scam.

An example of a Phishing Site - Always check the URL

These scams, called ‘phishing‘, are a two part process.  They send people an email that looks like it’s from some ‘official’ source – their bank, or Facebook, or their favorite video game.  This email will contain a ‘call to action’ – it will tell them that they need to log into their account to fix or verify something, and there is usually a serious consequence for not doing it, like your account getting canceled.

I’ve also seen this starting to pop up on social networking sites like Twitter as well, where URL Shorteners like bit.ly can mask a URLs true destination.  If you see some ReTweet about getting prizes or rewards from your favorite game, double check the link and be really careful!

The second part of the scam is a website, usually crafted to look exactly like the ‘real’ website, that will collect the username and password of everyone who tries to log into it.

It’s a fiendish plan, to be sure – send an email telling someone they have to log into their account to fix something, and then give them a link that looks like it’s a real website that will instead steal their password and let the bad guys into their account to steal their stuff.

To combat this and stay safe is easy, as long as you know it’s there.

• First, always remember that no website or game is going to send you an email asking for your password.
• Second, if you get an email telling you to log into a website to correct or change something, look very closely at the sender’s email address and the address it’s trying to send you to.  Instead of wizard101.com it might be wizardlOl.com – it doesn’t look too different, so you have to be careful.
• Finally – instead of clicking a link in an email, go to the main website yourself and log in there, so you know you’re putting your credentials in the right place.

Phishing scams aren’t hard to avoid, you just have to know what you’re looking for and remember, never trust an email that’s asking for your account information or telling you to log in right away – no reputable company would do that.  Always check the URLs and if something looks suspicious, don’t put in your user information, that’s the safest play.

Play Safe!