A lot of people are getting phishing attempts through an email that pretends to come from us. For detailed information about this, please read this thread.
I will merge threads about this topic into this thread.
An email is being sent out to player that does NOT come from us. It states that “we” have discovered that the recipient has been trying to sell his/her Guild Wars account, and threatens immediate closure without contact from the player.
I have merged a bunch of threads about the subject here. If you have received an email that you’re concerned about, please read this thread.
Had the same email (with the exact same link). Mousing over the text (not clicking) shows that the link redirects to a site with a “xe-ousa.asia” suffix.
Mousing over is always a good idea and it’s interesting to see where that innocent-looking link really leads!
Thanks for continuing to make us aware of the phishing attempts, but do note that there are a number of samples in the A Note About Phishing Emails thread. If you see the email you received in that thread, you don’t need to post in this thread, as well. Inclusion in the official “Note about Phishing” thread means that other players can see the samples, and it means we’re aware of it, as well.
Also, if you do include an email that you have received, please take care to NOT post the link in the email. You could post a portion of the link, remove a piece, and put [REDACTED] in the link, if you wish. We want to be very cautious about including links so that someone doesn’t inadvertently have difficulties with having the full thing posted.
Thanks.
Please do read through the “A Note about Phishing” thread before posting, as you’ll find 99% of the emails asked about are on that thread. Set you mind at ease with a quick review of our “sample” phishing emails.
Thanks.
It’s a good suggestion, but it’s no do-able. Anyone can fake any sender name, so no matter what we said was “A-OK” it could then be spoofed and used in a phishing attempt.
The only thing we can suggest is diligence in looking at ALL mails, taking care to really analyze what’s being said and not clicking links unless you’re certain the email is legitimate, and giving a careful review of the mails in all folders when you’re expecting a mail from us, such as a password reset or an authentication email.
Feel free to check out our A Note about Phishing thread above, for more information.
Bump to keep this visible for everyone.
Sorry for the scam emails, guys. There’s really nothing we can do, when they spoof “us” as sender. But it’s good to keep an eye on this thread, so I’m hoping we can keep it on the front page.
Please remember that THIS thread is the best source of info, including tasty… well, not so tasty… samples!
Please note this thread for information about “Phishing” Attempts: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2074388. In short, the “Will be Shut Down Inform” is not from us, and it not in any way legitimate. Please delete immediately.
Hey Account Support Forum Friends!
If just one of you could kindly bump this thread daily, we can keep it on the front page and keep a lot more people informed about those nasty phishing emails.
I’m bumping now, and if one of you guys can keep an eye on this and once in a while bump — if needed — to get it on the front page, that would be good.
NOTE: This is a singular exception to the “no bumping thread” rule and is a super special offer for this thread only at this point. We’ll give it a go and see if this helps people better understand those @#*(%& phishing tries. 
Rule #1 for using the internet:
NEVER CLICK LINKS IN EMAILS
(That’s in all caps because I am shouting it for emphasis.)The only valid exception would be verification emails used during account creation that you are expecting to receive because the website you are creating the account on told you it would send you such an email.
All other links should always be treated as fake/phishing.
Excellent point. I might also make an exception for emails received within a minute or two of requesting authentication of a new computer or location, because you requested it and should know it’s legitimate. However, I’m a big fan of “scraping” the email and pasting it into an empty browser window, rather than clicking a link that may have a bunch of misdirects behind the innocent-seeming URL.
Another ArenaNet employee got a phishing mail today. (I had three last week. ~rolls eyes~)
Please be keenly aware of in-bound, unsolicited e-mail and read the A Note about Phishing E-mails thread for details and tasty samples.
after surfing the forums found out its a fake the scammer put a bit of work into it to make it appear legit.
Yes, it’s probably the most common phishing attempt.
Please review this post for information about phishing attempts: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2556003
These phishing e-mails are continuing, so I want to get this thread up front again.
Please note: If you see a link in an e-mail, we encourage you to copy and paste the link into your browser, instead of clicking the link. This is good practice for any unsolicited e-mail that you receive.
Bumping for visibility.
I just posted a particularly ugly phishing attempt in the A Note About Phishing thread. I wanted to point to it because I want everyone to have eyes on it, and be aware of the easy steps you can take to not be taken in by phishers.
Here’s the post: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post3392805
As Kirk explained, please do not click the link. The e-mail is confusing, but it’s forewarned in the preceding e-mail from the Edge of the Mists team, so look for that first e-mail and then don’t click the link and you’re good.
Please let your support personnel know as when I asked them about the emails, I was told the following:
The e-mail you have received is not an official e-mail from the Guild Wars 2 Support Team or from ArenaNet. It is most likely a phishing attempt. Please DO NOT click on any links within that e-mail. We will not send e-mails that state that your account will be terminated if you do not respond. We will not send e-mails that state that an account has been compromised (unless we are responding to a player). Any e-mails of this type are most likely malicious in intent.
Please tell me the ticket number in which that response was sent. I need to follow up on this so we all are on the same page. Thanks!
Please let your support personnel know as when I asked them about the emails, I was told the following:
The e-mail you have received is not an official e-mail from the Guild Wars 2 Support Team or from ArenaNet. It is most likely a phishing attempt. Please DO NOT click on any links within that e-mail. We will not send e-mails that state that your account will be terminated if you do not respond. We will not send e-mails that state that an account has been compromised (unless we are responding to a player). Any e-mails of this type are most likely malicious in intent.
Please tell me the ticket number in which that response was sent. I need to follow up on this so we all are on the same page. Thanks!
Phishing Attempt (request #180448)
Thanks, Enko. I’m afraid that was an agent mistake. As I mentioned previously, the Edge of the Mist invitation is legitimate, and it is preceded by an e-mail telling folks that they’ll get an e-mail saying changes were made but they should ignore that.
Would-be phishers undoubtedly will try to use this system, so we’re taking every care we can to make it clear what invitees should expect and how they should react. In this case, you were wise not to click anything, particularly since nothing needed to be clicked in the process that was used. 
Sorry for the alarm, and I hope you enjoy testing!
Phishing doesn’t stop during the holidays. In fact, it may increase.
So be careful out there!
Bumping for visibility.
Thanks for keeping this on the front page.
You have “Dispensation of the Anti-Bumping Rule” for this and the thread dealing with E-mail difficulties, although the latter situation seems to be abating somewhat.
Thanks again.
Bump. Bumpity bump bump.
Moving to front page.
I just received an email from [email protected] for requesting a forgotten password. The only problem is, I know my password and didnt send the ticket. I immediately got an email from [email protected] asking to verfiy that the person who sent the ticket was me by giving info on my character’s race/prof/etc. I dont know what to do, is this legit? Did somebody use my email address to try and change my password?
I am very concerned that your e-mail account may have been compromised. Answer questions VERY carefully at this point, since someone may be reading your mails and gaining all the information that you share. I suggest that you create your own ticket with a different e-mail account and contact Support so that they can investigate.
I could be overly concerned and this may all be just fine. But you’re worried, and I share your concern about this. When someone tells me that a password reset request was submitted but not by them that’s one area of concern. When you get “prove you own the account” requests, that’s an even higher level of concern.
Please let me know how this sorts out.
You make good points. I’d like to add that even the most trustworthy e-mails can be phishing attempts, if your friend or family member has his/her e-mail account compromised. I have gotten e-mails allegedly from very close, very well-trusted people, but I take one look at think “Nah, I’ll pass” because it’s something very sketchy, like “You have to see this! with a link.” I think we all should be very aware that most compromises involve e-mail accounts, so it’s good to be very, very skeptical about anything that comes into one’s e-mail inbox!
Hey, everybody. Please note this (added, as well, to the post: A Note About Phishing):
Important Update as of January 2014
In the past we have said we would not send warnings or notifications about support actions. However, as of January 2014, we are sending some e-mails that warn a player of a chat violation or that notify a player and his/her account has been suspended for a chat violation. (Note GW2 Rules of Conduct) This system will help players avoid a suspension by making better in-game choices. It also will help suspended players learn what they did to earn that suspension so that they can avoid further impact on their account.
Please note:
If you are not sure about the legitimacy of an e-mail, please never hesitate to ask through a ticket or on this forum. However, the easiest way for you to check on this is to look for a link. If you see a live link in an Customer Support-oriented e-mail that you did not request, it’s not from us and you should delete that e-mail as probable phishing.
And remember, the warnings and notifications are sent only as a courtesy. You’re safe to delete all such mails, and may do so if you’re more comfortable taking that step.
Moving to front page.
And please note our “A Note About Phishing” thread for lots of information and samples on these cases.
Greetings,
I have also received a phising email, it was signed by GM Cuache stating that I have been trying to do illegal transactions, when I clicked the link google advised me that it was a phising site and I did not go any further, I though it was weird since last I played in GW 2 was like 1 week ago and I only have one friend there.
That’s a fake and links should not be clicked. I’m glad you got a warning and that your account is ok!
Just a reminder there that this thread has a ton of good info and samples of phishing e-mails!
I haven’t logged into GW2 for a while, and was clearing thru my spam folder and found this message
ArenaNet [email protected]
Jan 16to me
Guild Wars 2 Account Will Be Shut Down Inform
We are sorry to inform you that your login account {redacted}will be shut down or partially limited within 72 hours due to currency transactions or abnormal login. If you want to remove restrictions, please click the following link to validate:
https://account.guildwars2.com/login?
Please keep in mind that Guild Wars 2 is a global game with hundreds of thousands of players. This means that standards of behavior must be upheld. For your convenience, you can obtain more information about our rules at the address listed below.https://www.guildwars2.com/en/legal/
Guild Wars 2 Account Support Team
Should I be concerned or is this just a poor attempt at phishing?
Another &^%#&#% phishing attempt. ~grumble~ You can keep abreast of the latest in this thread, with phish-y samples: A Note about Phishing Emails. (And yes, this sample is in there, as is the one above your post.)
Important info here. Moving to front page.
Bumping for visibility!
Hey,
Pretty alarming email saying my account might be shut down or limited unless I click this link in my email.
Any idea how I can go about this? Maybe speak to support, I don’t really want to click the link, with phishing and all.
You’re right. Do not click those links. Just ignore, and check our “A Note about Phishing E-mails” thread for samples of various phishing e-mails. I just know you’ll find yours there.
Moving to front page, since there’s a year-around “phishing season.” :-/
How do they get the sent from email “[email protected]” in their phishing emails?
is guildwars2.com not owned by anet?
It’s called “spoofing”. Anyone can make their email address look like anything. Have you ever gotten a spam email that appears to have been sent to you, from you at the same address?
They’re not actually sending from guildwars2.com, they’re just making it look that way. Think of it as a mask worn over the real address.
Very good analogy, and correct information. An unscrupulous person can send an e-mail that appears to come from anyone. If you’re in doubt, one way to check on it is to look at the e-mail’s “properties” to see the actual sending string. Instead of coming from Arena.Net or GuildWars2.com, in fake e-mails you might see our address as “sender” but a string for the actual property that points somewhere very different, even from a completely different country or continent!
The email did not come from ArenaNet, they did not accuse you of anything. It’s a “phishing” attempt from a hacker in order to gain access to your account. Because you changed your password you should be safe, and Anet has not accused you of doing anything nor will you face any kind of punishment from them.
This is correct. Please see this thread for more information: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2074388
Since you already provided your personal information to the person or company who sent you the phishing e-mail, you may wish to contact Support if you have questions about the security of your account.
Ok. That make much more sense. Thank you for the reassurance. I appreciate it.
You’re very welcome.
Just to also point out if you use that email address along with the password on any other site at all I would change it. Another good rule would be to never use the same email/password on any site, with that of another site. Once one of these agencies know that was a valid combination they could sell or even use it on their own to try to access other sites.
This is very good advice and I hope everyone will follow it!
Yeah thought as much, well Ive sent a ticket off and reset my password, can never be too safe.
You’re right, it’s good to be safe!
The main post about phishing attempts is here: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post3557700
Please review any e-mail you have received related to Guild Wars 2 or ArenaNet against this list, as it will help you identify bogus e-mails designed to gather your account credentials.
I’ve got a letter today from “ArenaNet” with following text
“Guild Wars 2 Account Will Be Shut Down Inform
We are sorry to inform you that your login account [redacted] will be shut down or partially limited within 72 hours due to currency transactions or abnormal login. If you want to remove restrictions, please click the following link to validate:
https://******** ****** */login?##
Please keep in mind that Guild Wars 2 is a global game with hundreds of thousands of players. This means that standards of behavior must be upheld. For your convenience, you can obtain more information about our rules at the address listed below.Guild Wars 2 Account Support Team"
That “validation link” leads to site quite similar in appearance to GW2 site but with strange address on .tk domain. It asks you to enter your serial key, character name and e-mail to complete the “validation”.
Just wanted to warn ya. Cheers.P.S: I strongly suggest you to not follow the link above!
I get this one all the time. On my work account. I makes me laugh out loud, oh yes it does.
But please, folks, delete this and keep up on the “A Note About Phishing” thread for samples of these things.
Thanks!
One of our moderators removed the link immediately above, which is great.
Just a reminder to everyone: Please do not include links if you post an e-mail you received. Deleting the links keeps players safe, so thanks for doing that.
Moving to the front so everyone sees this.
We need to be very careful when posting in this thread. Please do not post links, and do not offer to expose such links via another means, such a private messages.
Please check this thread — A Note about Phishing E-mails for information about the known phishing e-mails. If you are in doubt about an e-mail you’ve received, delete it and never click any links or provide any information!
Ralph and Magi — those aren’t from us. You can tell because they ask you to “validate” your account or “dispute the charges” or some other fake way of getting you to input your credentials. We will never send you something and ask for your credentials — we don’t need them to help players, and asking for a password or serial code when they are generating the message is just a huge red flag to phishing. (If we ask you to provide a serial code, it’s because you are initiating the conversation and we need to establish you own the account. You won’t get something out of the blue from us that asks for personal info like that!)
Please submit a ticket by clicking “Support” at the top of this page and then clicking the “Submit a request” option. (Ralph — you do not need to provide your serial code.) Provide as much information as possible in the web form, because that will create a ticket within the support system. Again, you are not required to provide all the information but may leave fields blank when you cannot accurately complete them. The team should be able to help you.
If you later need to update your ticket, simply reply to the e-mail associated with the ticket (with the 6-digit ticket number in the subject line) and provide any new information you wish to have added to your ticket.
