A lot of people are getting phishing attempts through an email that pretends to come from us. For detailed information about this, please read this thread.
I will merge threads about this topic into this thread.
An email is being sent out to player that does NOT come from us. It states that “we” have discovered that the recipient has been trying to sell his/her Guild Wars account, and threatens immediate closure without contact from the player.
I have merged a bunch of threads about the subject here. If you have received an email that you’re concerned about, please read this thread.
Just thought I’d inform of a New Phishing scam email that’s about That I got this morning. It had the GW2 Logo Looked rather legit however It tried to state due to a payment not going thru that my account was getting Shut down. It also states in this email that you get a 72 hour ban. didn’t make sense but like most of these emails ( I’ve seem plenty from WoW gaming) I didn’t click no links but the link they had when hoovered had .tk at the end.
This email is plenty to put fear not just in your account closing, banned for nothing but Credit card users may wanna be aware also.
I know from reading over forums you guys don’t have a hacks or abuse section to report headers of these such emails but its prolly an Idea to consider it will end up a monster later on.
I will add this one to my sticky thread on the subject, but can you send me the exact email content via PM? Thanks.
I keep getting email that says guildwars2 thinks my account was stolen
How do I know if these are legit
This is a phishing attempt I will merge into the main thread about this subject. For more information, please see this informative thread: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2074388
yes, yes, I’ve read all the instructions, it’s really quite sad how many hoops must be jumped through to get something done around here.
My personal email isn’t even this ridiculous, and I have millions of dollars in paper assets in my email.
WHO?? actually knows what their serial key is. screw that. kitten was deleted a long time ago LOL.
Anyhow, I want my email address changed. I sent in a ticket about an hour ago and no one responded. This will need to be done today since I’m closing my other email account tonight.
Quick and easy fix, just update the email address on my account or give me the big boy button to do it myself as I see fit and I’ll be on my way.
this isn’t a request that can linger for 2 days. Ok? Treat me well, and I’ll do the same for you. that’s how a business relationship works.
I just want to point out that this question was asked via ticket and answered within one hour. Forums members should not post to rant, nor post instant follow-ups on tickets. Please allow our Support Team time to receive and review your ticket. They will do their very best to help you as quickly as possible.
Matter resolved – closing ticket as per member request.
I got the “mystery gift” one today as well.
Gaile, I’d offer to PM it to you in its entirety, but it’s already posted multiple times in this thread. Of course, if it will help, just say the word.
I’m tempted to simply reply to the email informing them that I’m investigating them “for further investigation be” and demanding that they send my Balthazar-blasted mystery gift at once.
Thanks — I have that one.
Personally, I would not respond to that thing. I’d delete it, using rubber gloves and tongs.
Here’s the situation: I’ve been getting weird messages supposedly from ArenaNet with the content in [LINK REDACTED] I thought it could be some kind of phishing attempt, since after the first time I followed the mail’s link and input my information, I couldn’t log into the game with it.
But the thing is, I’ve been getting them from time to time and today, I decided to use an online link scanner and it gave me [LINK REDACTED] these results. I’m now in a situation in which I don’t understand what I should do in fear it’s a really elaborate phishing scheme, because the message doesn’t quite elaborate on the problem.
What you received is a phishing emails. Searching this forum for “email” or looking for “phishing” would have answered your question.
With all due respect, putting up images about phishing emails on an external site is a very bad thing to do. I have redacted those links, and ask others who want to post images to do so on this forum, because I’m not at all comfortable having people blindly follow a link to an external site. That is just a very bad thing indeed.
Thanks for understanding.
i have got thist mail on my none gw account mail
so please be carefull ( evertyhing looks ok only the url beneath the links is weird )
i changed the links so no one can click them( if arenanet wants the links i will give them in pm )Greetings!
It will be ongoing for further investigation by ArenaNet’s employees.
We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, click the link below.
hxxps://account.guildwars2.com/account/login-support.htmlOnce your account authentication has been completed, we will check your account and let you know what we can do for you.
Need help or have questions about your account? Visit our support site: hxxp://support.guildwars2.com/.
The Guild Wars 2 Team
Covered here: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2074388
Please note that there’s a very informative post – with samples — on this link. It would be great if you would read that thread and make yourself aware of the emails that are known phishing emails and only post if there’s something new.
Having said that, I’ll try to continue to update this thread and post these information from time to time — or forum members can use the “quote function” to repeat this post — so as to keep everyone informed.
Even team members here at ArenaNet are receiving this phishing attempts.
Please read this thread on a regular basis to keep yourself informed of the latest attempts to steal your game account.
If you have received an email that is not on the samples — and I have a lot so please check carefully — then feel free to post that new phishing email here. Please remove all links before posting.
The last thing we want is to have anonymous links appear on the forums, particularly since they seem to pertain to potential phishing.
Please see our post about phishing above.
Hi Gaile,
Isn’t there a way to block these fishing emails?
I have pondered on this one, hoping there was a “If the sender reasonably doesn’t match the sending address, block it” filter. (Like “GuildWars2.com – ok! Gulidwaes2.com – NOT ok.” No such filter exists. I hoped for a “If there are ridiculous grammatical errors, block this email” filter. However, that would block a couple of my friends, so… 
The best thing to do is to simply delete it and to be careful with any email that contains links. When I reset my password, I still check the clickable link to make sure it’s not just some coincidental phishing email that showed up right when I expected a legitimate one.
I have received an email from “ArenaNet” and it is asking me to follow this link: https://account.guildwars2.com/account/login-support.html i need to know if this is from a phishing email
any help would be appreciated
Need a little more information. Do you have email authentication? Did you ask for a password reset? If the link truly DOES take you to that address, you’re simply heading to your account page. However, a lot of times it’ll look like that on the page, but really contain a different link underneath, that is, it says one address but goes elsewhere.
I really think you should read the sticky post about phishing emails to better understand what you’re seeing, and then react accordingly.
We really encourage folks to use this thread and not make new posts about phishing emails. If you cannot see it, look on page 2, or do a search for Phishing.
Thank you for your cooperation.
Remember folks — Please read this post before adding to the thread:
For a while now I’ve been getting emails that say my account has been stolen/hacked. The emails come from this email address, [email protected]. It says
snip
Those emails are fake, there are multiple threads about them as well as a sticky at the top.
https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1Please remove those links from your post above as they pose a danger to other players. If you have clicked on any of the links, you should change your password at once to avoid having your account stolen.
This is correct, and an important reminder for anyone: If you get a questionable email, please remove all links before posting.
I will merge this into the existing thread. Please review the thread into which this is merged and the following thread for more information and samples of actual phishing emails received by Guild Wars 2 players and non-players alike: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1
I just fell for one because it came in my actual inbox.
I’m screwed because I gave them all my information
I feel so stupid and bad right now.
I don’t know what to do.
Immediately contact Support by filing a ticket through the “Ask a Question” tab on that linked page. They probably will be able to assist you. For tips on what information to provide in a ticket — mostly intended for security reasons to establish that you own the account — please read this post and provide as many suggested details as possible to expedite the ticket.
Fake.
If Anet needs to close an account, they just go ahead and do so, giving you the option to simply open a ticket with customer support to resolve the issue.
AND… we don’t write using such awful grammar making a bunch of spelling errors. 
Guys — just read these:
Actually it’s good they’re so badly written; it helps make their phoniness clear to the casual viewer.
If you’re not sure, click nothing, take no action, reveiw the sticky thread for samples, and and ask!
i changed psw and added the phone thing on every login. i’ll try to run antivirus. Should i also contact gw2 support?
If you were able to change your password, you should be ok. It’s great that you added mobile authentication — that will help greatly.
i changed psw and added the phone thing on every login. i’ll try to run antivirus. Should i also contact gw2 support?
If you were able to change your password, you should be ok. It’s great that you added mobile authentication — that will help greatly.
thank you for the reassuring answer, so i’m ok now? i have to change my email or do something else?
P.S. sorry for my english
Personally — and this is just me being extra careful — I might be tempted to contact Support and get assistance in changing the e-mail account used to log in to the account. So if you’re using [email protected], maybe changing to [email protected] would be a good idea. Support can help you with that, once they have established for certain that you are the owner of the account. (This is for security, as I’m sure you understand.)
If you were able to access the account and change the password, you’re probably just fine. But if you feel that someone may have access to credentials that would allow him or her to try to get access – for instance, try to submit a support ticket to claim the account – then perhaps a more careful choice is in order.
Hey Kirkman, I got that one too. Aren’t we special? ~rolls eyes~
I added it to my collection of phishing samples in the “A Note About Phishing” thread above.
https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/2074388
As Jeffrey points out, that thread contains a lot of info about phishing, including tasty samples.
Just a note that a whole bunch of people got this one today:
“Guild Wars Account Will Be Shut Down Inform
We are sorry to inform you that your login account will be shut down or partially limited within 72 hours due to currency transactions or abnormal login. If you want to remove restrictions, please click the following link to validate::
[[[link redacted]]]
Guild Wars 2 Team"
That is NOT from us! We will never send that sort of email and we encourage you to immediately delete such mails and never follow any such links. If you’re in doubt, by all means post here and we’ll answer you, or submit a support ticket. Don’t take any risks with your account security.
For info about phishing — and this thread is updated nearly daily — please see the following thread — A Note about Phishing Emails — and be sure to review the samples.
I’m reporting them here:
You are also welcome to add them to this thread and if the sample is new, I will add it to the sticky post above.
I think I figured out why some player are getting lots of spam (and phishing) from the email address [email protected] (and not from guildwars2.com).
The spf of the domain ‘guildwars.com’ is invalid:
- “v=spf1” “include:mailgun.org” “?all”
should be
- “v=spf1 include:mailgun.org ~all”
(like guildwars2.com)
Cheers
PS: Please notify me upon fixing.
That’s interesting. I’m not sure if we can make the changes suggested, but I’ve passed it along to the team responsible for sending out our emails. Thanks!
I think I figured out why some player are getting lots of spam (and phishing) from the email address [email protected] (and not from guildwars2.com).
The spf of the domain ‘guildwars.com’ is invalid:
- “v=spf1” “include:mailgun.org” “?all”
should be
- “v=spf1 include:mailgun.org ~all”
(like guildwars2.com)
Cheers
PS: Please notify me upon fixing.That’s interesting. I’m not sure if we can make the changes suggested, but I’ve passed it along to the team responsible for sending out our emails. Thanks!
Well someone has fixed it already.
guildwars2.com. 428 IN TXT “v=spf1 include:mailgun.org ~all”
Yep, thanks to Uman’s report, we got on that right away. This is an example of how great it is to have forums and to have such helpful players! ~major props~
Uman — the team to whom I sent the note said they had made changes, so perhaps that’s why you’re seeing it differently now.
Volkon — Thanks.
To whom it may concern,
I just purchased and started playing guild wars 2 2.5 weeks ago. Before that, I never received an email from “ArenaNet”. I haven’t signed up for any sites, haven’t done any web searches for guides with the exception of accessing the wiki (through your link in the loader) and via Youtube. From day 1 of activating my account, I have received the “it has come to our attention that you are trying to sell your account” phishing scam email from the same Chinese IP 62.150.38.163. I believe your website has been compromised, or at the very least your outgoing mail server has an address sniffer on it. Please do something to fix this.
Nothing has been compromised. As you will see if you simply read up on this very thread or if you will read our extensive thread — with samples — that is permanently flagged above: A Note about Phising — https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2074388
This continues to be an issue, so please be very careful when reviewing emails.
Had the same email (with the exact same link). Mousing over the text (not clicking) shows that the link redirects to a site with a “xe-ousa.asia” suffix.
Mousing over is always a good idea and it’s interesting to see where that innocent-looking link really leads!
Thanks for continuing to make us aware of the phishing attempts, but do note that there are a number of samples in the A Note About Phishing Emails thread. If you see the email you received in that thread, you don’t need to post in this thread, as well. Inclusion in the official “Note about Phishing” thread means that other players can see the samples, and it means we’re aware of it, as well.
Also, if you do include an email that you have received, please take care to NOT post the link in the email. You could post a portion of the link, remove a piece, and put [REDACTED] in the link, if you wish. We want to be very cautious about including links so that someone doesn’t inadvertently have difficulties with having the full thing posted.
Thanks.
Please do read through the “A Note about Phishing” thread before posting, as you’ll find 99% of the emails asked about are on that thread. Set you mind at ease with a quick review of our “sample” phishing emails.
Thanks.
It’s a good suggestion, but it’s no do-able. Anyone can fake any sender name, so no matter what we said was “A-OK” it could then be spoofed and used in a phishing attempt.
The only thing we can suggest is diligence in looking at ALL mails, taking care to really analyze what’s being said and not clicking links unless you’re certain the email is legitimate, and giving a careful review of the mails in all folders when you’re expecting a mail from us, such as a password reset or an authentication email.
Feel free to check out our A Note about Phishing thread above, for more information.
Bump to keep this visible for everyone.
Sorry for the scam emails, guys. There’s really nothing we can do, when they spoof “us” as sender. But it’s good to keep an eye on this thread, so I’m hoping we can keep it on the front page.
Please remember that THIS thread is the best source of info, including tasty… well, not so tasty… samples!
Please note this thread for information about “Phishing” Attempts: https://forum-en.guildwars2.com/forum/support/account/A-Note-about-Phishing-Emails-1/first#post2074388. In short, the “Will be Shut Down Inform” is not from us, and it not in any way legitimate. Please delete immediately.
Hey Account Support Forum Friends!
If just one of you could kindly bump this thread daily, we can keep it on the front page and keep a lot more people informed about those nasty phishing emails.
I’m bumping now, and if one of you guys can keep an eye on this and once in a while bump — if needed — to get it on the front page, that would be good.
NOTE: This is a singular exception to the “no bumping thread” rule and is a super special offer for this thread only at this point. We’ll give it a go and see if this helps people better understand those @#*(%& phishing tries.
