Thursday, November 04, 2010

Runes of Magic Impersonates Scammer

I thought one of the cardinal rules of internet security is that legitimate companies never ever send out emails to their customers asking them for their passwords. Knowing this rule makes it easy to resist the daily flood of scam emails purportedly from financial institutions, gaming companies and other online services informing me that my account has been compromised and that I really really really need to "click this link" and enter my password to get it all sorted out.

So when I got not one but two separate emails purporting to come from Runes of Magic asking me to "click this link" and enter my password and warning of dire consequences if I didn't, my first reaction was "Scam, bin it".


It reads like a scam. It even has one of those uniquely identifiable html links that scammers are so fond of for tagging their victims. It looks a bit more professionally done than the usual scam email but html is cheap and all of those logos are easily grabbed from the respective websites. The only reason I gave this a second thought was because the link address "frogster-online.com" sounds vaguely legitimate.

I decided to investigate. Not by clicking the link but by using a web browser to go straight to Runes of Magic's home page http://www.runesofmagic.com/en/index.html . I was quite surprised to discover a news article about the password reset confirming that the email was genuine.

I understand that RoM have to use email to contact their customers. Email is the only way for them to contact inactive players. Nevertheless I believe the email they sent out was just wrong. Savvy internet users are likely to dismiss it as a scam while  gullible internet users are more likely to fall for the next scam because the RoM email turned out to be genuine. In fact they have just created the perfect opportunity for a scammer to copy the email in every detail but modify the link to point to an infected web page.


RoM should have sent out an email telling customers of the changes and asking them to visit the official RoM website for more details. If they must include a link include a plain un-adorned link to runesofmagic.com.

1 comment:

Tesh said...

Agreed. This really was a dumb move, though I like to think it's just ignorant. It's like the people in charge of this notification don't know anything about scammers.

I got one of these in my email box and deleted it reflexively. I didn't mark it as a phishing scam because I suspected it might be real, but neither did I trust enough to follow the link or really dig into it.