What is phishing?
Phishing is a technique used by thieves to uncover your log in details (your account name and password) and use them without your knowledge.
The dishonest person looking to trick you will contact you (via chat or email, for example) to get you to visit a phishing website they have previously created. This website will look just like Ankama's websites, but it doesn't belong to us! The thief will prompt you to log in to this page so they can get your log in details.
Once the thief has this information, they will be able to log in to your Ankama account and plunder it! At least, that's what may happen if you don't follow the advice below...
How Not to Be a Victim of Phishing in 7 Easy Steps
For those of you who can't be bothered to read the whole thing, here's the basic advice. Of course we do recommend that you read the whole article! The more you know, the better chance you have of defending yourself against this threat.
- Use Ankama protection (Shield or Authenticator)
This will make the thieves job a lot more difficult, even if they manage to get hold of your log in details.
- Check the website address (URL)
If something seems off about the website address or you don't recognize it, get out of there immediately
- Be wary of promises and threats
Thieves promise you gifts or benefits, or will threaten you to get you to visit their fake website.
- Don't download any unknown elements
A keylogger might be lurking inside that fairly normal looking file you've downloaded. This is spyware that will record everything you type on your keyboard.
- Check official communications
Before rushing headfirst after a supposed competition, gift, vote or beta test, take a moment to check the official DOFUS website (via Google) to see if this event is mentioned anywhere by us.
- In case of emergency, change your password
If you think you've unwillingly disclosed any information, change your Ankama account and email address password right away.
- Remain vigilant and careful
Don't play with fire! Be aware of the risks and act accordingly!
What are the most frequently used traps?
You're minding your own business, playing your favorite MMORPG, when an individual speaks to you and invites you to visit a website... Obviously, he needs to draw you in. Here are the TOP 10 baits used by thieves (which players still fall for far too often!):
- a competition: "Your character's got style! Take part in MISTER AMAKNA! Just click here"
- a lottery: "I've just won a dragoturkey in the lottery. Hurry up, there aren't many left"
- registration for an event: "I've registered for Goultarminator. Have you? Click here"
- video/streaming: "Humility has just released a video. Go to fakesite.com now"
- new moderator recruitment: "Ankama's hiring. Appply here: Click"
- a vote: "Can you vote for me on the dofus site? I'll give you 10M Kamas if you do"
- an update: "The new sacri's out!! It's so awesome!"
- an urgent intervention by Support: "Following a suspicious connection, we need to check your account information. Please contact us via the following link."
- a risk of being banned: "Your account has been reported by a number of players. If you don't log in to your account management page within 24 hours, you will be permanently banned."
- Beta Test: "Come and discover the new class on beta >>> DOWNLOAD BETA"
This isn't an exhaustive list, but it gives you a good idea of how inventive the thieves are. It should also be noted that the thieves know how to adapt to what's currently happening in your games.
Be very careful not to be taken in! Not only can these dishonest people not offer you what they're promising, they will also steal your accounts and delete your characters! Once logged in to your account, they can even pretend to be you to trick your friends.
What are the most frequently used forms of phishing?
Thieves are very creative when it comes to depriving you of your most prized possessions. We're going to tell you about the best known methods below, but bear in mind that they are innovative and can always find new ways of getting their hands on your account.
> Phishing in the in-game chat
More often than not, thieves try to steal your account through the in-game chat, where they publish links to phishing websites. Regardless of whether or not you know the player, do not accept offers that promise the world. The person behind them often doesn't have your best interests at heart.
As we block unsafe links, the thieves publish them in the chat, then ask you to copy the address into your browser.
Some dishonest people may pretend to be your friends or your leader, by using a nickname very similar to that of the player you know. For example, it's sometimes difficult to tell the difference between a capital i to a lowercase l.
Even if you're sure that it's definitely your friend or acquaintance's account, you should still be wary if this person asks you for any unusual information or sends you links to strange websites. It is likely their account has been hijacked and the thief is talking to you so they can now trick you, too.
> Phishing via e-mail or Ankabox
Thieves can also try to trick you using a fake email (or Ankabox).
The message contents have the same tone and appearance as those used by Ankama. Usually, you're invited to log in by clicking on a link and entering your log in details on a false website.
Once again, don't forget that a message from a friend is not necessarily safe. Thieves don't just steal your account, they may also use it to broadcast banned contact and try to steal from the victim's friends.
> Phishing that combines in-game chat and Ankabox
There is a type of phishing that takes place via in-game chat and relies on Ankabox. The thief sends you an Ankabox message, then, through another account, he contacts you to talk to you about this message. The conversation goes a little like this: "Have you seen Ankama's cool new promo? I tried it and it actually works!", says the thief, hoping to get you to visit their phishing page.
Once again, the best thing to do is to politely decline the offer and report any malicious websites or behavior to our moderator team.
How can I foil phishing traps?
> Check the links
Don't think twice about checking any links from a message. You can see the destination address of the website by moving your cursor over the link (or button). Without even clicking on it, you will be able to see the URL in the bottom left corner of your browser. A destination address that has nothing to do with the subject of the email is probably a trap.
> Check the appearance of a website or message
The main thing is to be able to tell the difference between real Ankama content and phishing messages and websites. Some might be poor, easily detectible attempts at copying us, but others are much more sophisticated and you'll need to pay close attention to them.
Obsolete design, low image resolution, design elements that are different to those normally seen (fonts, illustrations, layout of the visuals) are all signs that should draw your attention. Another good sign is the limited or incorrect use of grammar and spelling.
As phishing websites are becoming increasingly more successful from a visual point of view, it's important to carry out some more in-depth checks.
> Check the website's URL
It is very important that you check the URL (the website address) of the website you're browsing.
If the address begins "https" and you can see a little padlock, this means your connection is secure and certified by supervisory bodies. This is the best type of security there is!
Remember that when we ask you to log in to your account, you're normally sent to a secure page, such as, for example:
Below, you can find the list of official Ankama websites:
Watch out for pages that try to look like one of our website addresses. This is a very common technique used to confuse the player. Here are a few examples:
A URL with a mistake: http://www.account.anka-ma.com
An extended URL: http://www.account.ankama.moderator.com
A shortened URL: http://www.account.anka.com
An odd-looking URL: http://www.dofuusjeukne.com or http://www.125.485.653.com
Once the damage is done...
If, despite all our advice, you think you might have disclosed your information on a fake website, all might not be lost yet!
You'll need to act quickly and change your Ankama account and email address password as soon as possible. To learn how to create a secure password, click here: See knowledge base.
If you find out (too late) that you have been a victim of account theft, contact Ankama support right away. Our team will be able to give you back access to your account and help you to secure it.
N.B.: More often than not, stolen items have had time to travel across several accounts, which makes them very difficult to trace. In the event of theft, only very rarely will Support be able to return your items to you.
Phishing in short...
It can't be said enough, the best defense against suspicious messages and websites is care and common sense.
If an offer looks too good to be true, it's most likely a trap. You should also be wary of threats or urgent requests that prompt you to act immediately. There's often a scam lurking below the surface.
Ask yourself if this email is relevant to you. Lots of phishing emails are sent as a shot in the dark. If you know the sender, ask yourself if the subject is consistent with what you've come to expect from the person. If it doubt, don't take any risks and delete the email.
Remember that phishing is considered fraud and comes with a risk of up to 5 years' imprisonment and a 375,000 euro fine...