Page 1 of 2 1 2 LastLast
Results 1 to 20 of 24

Thread: Salem beta invite email... SCAM links inside?

  1. #1

    Salem beta invite email... SCAM links inside?

    i've recieved a beta invitation with a key and lot of links... even thunderbird thinks those links are A SCAM.

    http://tr.anpdm.com/track?t=c&mid=...http%3A%2F%2Fforum.paradoxplaza.com%2Fforum%2Fforu m.php

    wtf is that and what makes you think this is ok?

  2. #2
    Dude. Check your PC.

  3. #3
    you mean my linux installation?

  4. #4
    The problem is, those links directly hook up to an executable file download. As far as scams go, that is a popular method of doing it.

    Basically, as far as any anti virus programs can tell, it is a scam.

  5. #5
    I don't see how its a "scam", it's not scamming you of anything.
    Hermits with benefits.

    Enter all ye who seek knowledge : Salem Wiki

  6. #6
    if u dont want it forward it to me lol

  7. #7
    General Demi Moderator
    Sword of the Stars

    Join Date
    Sep 2011
    Posts
    2,032
    Might be phishing... might not. The beta registration link is on the seatribe servers, I believe, and should be something like plymouth.seatribe.se/beta or something like that.

    No, there should be no executable file. You'll have an email with the beta key and a link to where you register it at along with a link to the download for the Java Web Start .jnlp file.

    Second thought: how someone got your information along with the fact people may or may not be waiting for beta registration keys is fishy. Sounds like a security leak somewhere.

  8. #8
    Captain Tonkyhonk's Avatar

    Join Date
    Feb 2012
    Location
    Planet Japan
    Posts
    329
    Blog Entries
    1
    i checked the email i received for beta invitation, and there is no such links as you posted , at least not in mine.
    links they give you are;
    • beta game registration link, starts with "plymouth"
    • paradox forum link
    • java homepage
    • salem forum link
    • mygame link (to register for salem beta forum)
    • youtube link to tutorials
    • salem facebook
    • salem twitter
    • salem forum
    • salem homepage
    • unscribe (starts with www.ampdm.com)

  9. #9
    what is even weirder, is the fact that the key provided seems to work. so i'm not sure what this is about? could someone enlighten me maybe? are those "trackers" to get money through clicks, or was their email server compromised somehow?

  10. #10
    Quote Originally Posted by eNTi View Post
    what is even weirder, is the fact that the key provided seems to work. so i'm not sure what this is about? could someone enlighten me maybe? are those "trackers" to get money through clicks, or was their email server compromised somehow?
    Take a screen of the email please and post it here so we know what you're talking about.
    Hermits with benefits.

    Enter all ye who seek knowledge : Salem Wiki

  11. #11

  12. #12
    Quote Originally Posted by eNTi View Post
    what is even weirder, is the fact that the key provided seems to work. so i'm not sure what this is about? could someone enlighten me maybe? are those "trackers" to get money through clicks, or was their email server compromised somehow?
    I already explained this. The link within the email is setting off an alarm because of what it is. Anything that direct links to an executable file download is flagged as a "scam"/virus because many email scams/viruses work exactly like that. My email flagged it as suspicious as well.

    It's not a known scam, it just looks a hell of a lot like one. And that's a problem, because you could easily make one that looks fairly similar to that seatribe email and probably get people gullible enough to click it if you had the right email list.

  13. #13
    Quote Originally Posted by Sevenless View Post
    I already explained this. The link within the email is setting off an alarm because of what it is. Anything that direct links to an executable file download is flagged as a "scam"/virus because many email scams/viruses work exactly like that. My email flagged it as suspicious as well.

    It's not a known scam, it just looks a hell of a lot like one. And that's a problem, because you could easily make one that looks fairly similar to that seatribe email and probably get people gullible enough to click it if you had the right email list.
    What he said.
    Hermits with benefits.

    Enter all ye who seek knowledge : Salem Wiki

  14. #14
    General Demi Moderator
    Sword of the Stars

    Join Date
    Sep 2011
    Posts
    2,032
    My AV doesn't flag those as a virus. I've used hotmail, gmail, and yahoo, and none of those flag .exe links as a potential virus. Also, it doesn't matter what the link shows in the mail, if you point at it, the actual website will show.

    Look for the domain and host name ( xxxxx.com; it will be the last group before the directory structure). It's common for scammers to do something like pandera-beta.worldofwarcraft.com.buy-gold-from.us/signup. The site registration is buy-gold-from.us, not worldofwarcraft.com.

    Even without all that, many of the mail programs will flag anything with an external link as untrusted and warn you. A bit of common sense will tell you that things are ok and a good AV and firewall will stop any malware from loading if it isn't.

  15. #15
    I came here to check on this as well. I assume it's legit, but basically, what we got was an email full of links that look exactly like phishing scam emails, clicked a link where we had to give our account username and password on a page with no background.

    So if it was entirely legit, it needs to be worked on, as it sets off every "this doesn't look okay" alarm.

  16. #16
    Quote Originally Posted by MagicManICT View Post
    My AV doesn't flag those as a virus. I've used hotmail, gmail, and yahoo, and none of those flag .exe links as a potential virus. Also, it doesn't matter what the link shows in the mail, if you point at it, the actual website will show.

    Look for the domain and host name ( xxxxx.com; it will be the last group before the directory structure). It's common for scammers to do something like pandera-beta.worldofwarcraft.com.buy-gold-from.us/signup. The site registration is buy-gold-from.us, not worldofwarcraft.com.

    Even without all that, many of the mail programs will flag anything with an external link as untrusted and warn you. A bit of common sense will tell you that things are ok and a good AV and firewall will stop any malware from loading if it isn't.
    i really don't want to get into an argument here, but if i were you i'd check my facts. no av will stop any 0-day exploit or any remotely clever programmed virus or mal/scare/spyware and a firewall most likely doesn't work as your think it does. if you click on a link that seems legit but leads you to a compromised website you are out of luck... this email blatantly doesn't conceal the urls in the links so it's either from a very stupid criminal or the salem developer uses this site to get some extra cash through clicks. either way its VERY BAD PRACTICE. no one will know if what you do is evil or not unless you clearly state it in the email. this is just either unacceptable carelessness, behaviour or shows a compromised email account from the sender of the mail with injected malware links.

    as a general tip... any email-service that doesn't at least warn you about .exe files in its attachments is worth less than nothing. you can never trust any attachments in an email without confirming with the sender first. NEVER.

    as it stands now i wouldn't even install the game, since java has known weaknesses that are openly exploited. if the salem server is compromised it might do all kinds of evil things with your pc without your knowledge already. just for example: http://www.f-secure.com/weblog/archives/00002343.html

    i know this is a long shot, but i'm not taking any chances.
    Last edited by eNTi; 17-05-2012 at 10:36.

  17. #17
    General Demi Moderator
    Sword of the Stars

    Join Date
    Sep 2011
    Posts
    2,032
    Dude, I don't know what your experience on the internet is, but why would you even bother signing up for beta software with that attitude?

  18. #18
    Quote Originally Posted by MagicManICT View Post
    Dude, I don't know what your experience on the internet is, but why would you even bother signing up for beta software with that attitude?
    are you serious? this is a potential security breach that could point to infections in the whole beta community and you're questioning my "attitude"? at least refrain from making false statements on public forums that lure people into a false sense of security.

  19. #19
    How could you even think that this is scam email? Please think a bit.. you just got your BETA KEY IN THAT EMAIL. How come someone would want to scam you from beta key he just gave you?
    Quote Originally Posted by eNTi View Post
    this email blatantly doesn't conceal the urls in the links so it's either from a very stupid criminal or the salem developer uses this site to get some extra cash through clicks. either way its VERY BAD PRACTICE.
    Doing some reseach before signing up for alpha/beta might be good next time(if you are so concerned with security). Then you would notice that place you are being linked to is SALEM DEVELOPERS WEBSITE (seatribe.se).

  20. #20
    Quote Originally Posted by Chiprel View Post
    How could you even think that this is scam email? Please think a bit.. you just got your BETA KEY IN THAT EMAIL. How come someone would want to scam you from beta key he just gave you?

    Doing some reseach before signing up for alpha/beta might be good next time(if you are so concerned with security). Then you would notice that place you are being linked to is SALEM DEVELOPERS WEBSITE (seatribe.se).
    1. it shouldn't be MY responsibility to make sure that emails are regarded as safe,
    2. it is possible to hijack a server and inject malicious links into otherwise perfectly normal emails,
    3. again... i'm currently not sure if those links are deliberate or not. they are CERTAINLY NOT NEEDED,
    4. if the developer wants me to point me to his website, then this should be made clear in the email and not hidden within the url. if there was nothing to hide, then the links wouldn't look as if they would send you directly to a website, while in reality you are taking a d-tour through another site i am not aware of.

    i say it again, this is EITHER bad practice OR a sign that there's a security breach somewhere. this is an issue of trust and as it currently stands, i don't trust the developer any more and neither should anyone else.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts