The Emergence of Phishing = "Report Post" Feature Must Be Implemented

First Riot Post
123
Comment below rating threshold, click here to show it.

Incineration

This user has referred a friend to League of Legends, click for more information

Senior Member

10-20-2010

If you didn't put your user name and password into that guys' fake login info you're probs fine.

Best practices is still to stop using Internet Explorer and run something like Firefox or Opera with a plugin like Noscript.


Comment below rating threshold, click here to show it.

AstorSapolsky

Senior Member

10-20-2010

Quote:
Originally Posted by Tamat View Post
Greetings Summoners!

We've been tracking this issue today and are tackling these posts as quickly as we can find them. We have a short term and a long term plan to prevent activity like this, but in the meantime, please be mindful that this activity is taking place.
I don't know if we should trust this guy, who's to say Tamat didn't fall for it himself?!??


Comment below rating threshold, click here to show it.

Polaritie

This user has referred a friend to League of Legends, click for more information

Senior Member

10-20-2010

Quote:
Originally Posted by AstorSapolsky View Post
I don't know if we should trust this guy, who's to say Tamat didn't fall for it himself?!??
Probably the fact that Tamat can just get an admin to fix that in person. Physical access to a system always trumps any form of remote access, and Riot employees have physical access (Or at least can call someone with it)


Comment below rating threshold, click here to show it.

kNocturn

This user has referred a friend to League of Legends, click for more information

Senior Member

10-20-2010

Quote:
Originally Posted by AstorSapolsky View Post
I don't know if we should trust this guy, who's to say Tamat didn't fall for it himself?!??
Because people who work for a company should know that their site is:

http://www.leagueoflegends.com

Not

http://www.leagueoflegends.xen

or

http://www.texthere.leagueoflegends.com


Comment below rating threshold, click here to show it.

carbonClockwork

Senior Member

10-20-2010

Quote:
Originally Posted by knocturn View Post
because people who work for a company should know that their site is:

http://www.leagueoflegends.com

not

http://www.leagueoflegends.xen

or

http://www.texthere.leagueoflegends.com
omg he is the phisher get him. i mean he has to be he is posting links that pretend to be league of legends. dont fall for it people!!!1


Comment below rating threshold, click here to show it.

Polaritie

This user has referred a friend to League of Legends, click for more information

Senior Member

10-20-2010

Actually, www.something.leagueoflegends.com would resolve to Riot's domain. Or should try to.

Urls are generally interpreted read right-to-left, starting with the top-level domain. "www." itself has no meaning, as opposed to something like "mail."


Comment below rating threshold, click here to show it.

Skorp

This user has referred a friend to League of Legends, click for more information

Recruiter

10-20-2010

Quote:
Originally Posted by Imumybuddy View Post
Is it this d2k5 guy? I accidently clicked on his link and I immediately clicked exit tab. It didn't load the page but will I have a keylogger/ virus already?
I don't think it's a key-logger, just a page phishing for your login. Looking at the page code, it's just a copy of the riot page with the form redirecting to his own page to save the login. There's nothing to stop him putting malicious code on it though, and you should keep your anti-virus softward up to date.

I think the best way to deal with it is to put a warning on outbound links in the forum (and of course ban the offenders (of course, once he's got someone's account he can post the messages from that). They might need to put Capcha on forum posts if people start using scripts to spam posts.


123