Phishing is when someone tricks you into giving up sensitive information such as usernames or passwords usually by creating a website to impersonate a trusted website.
Phishing is pronounced the same as fishing.
A typical example of Phishing would be… you receive an email that appears to be from your bank, asking you to sign into your online banking. The links in the email all go to a website masquerading as your bank’s website. You follow the link, and enter your banking details… and you’ve now given your online banking login details to the thieves. The thieves then sign into your real online bank, and transfer out your money.
Wikipedia link: http://en.wikipedia.org/wiki/Phishing
Here is an example of a phishing webpage made by James Ratcliff (aka falazar)…
I’ve blacked out the the URL for this page, because people will still be silly enough to use it.
The text specifically ask for your Ironfell details: “You must signup with your Ironfell name / details”. If he wanted to identify people he could have asked for their Ironfell name, but there is no valid reason to ask for your Ironfell password. The only thing falazar would need your password for is to sign into Ironfell using your account.
This is an extremely obvious example of someone Phishing for account details.
Several Ironfell players have fallen for this trap and he has used their account details to sign into Ironfell.
Here is a excerpt from the Ironfell chat log files where he tries to convince someone to use that page.
02:05:22 falazar: :(
02:05:38 falazar: http://###############################
02:05:40 falazar: our map
02:05:42 falazar: is better :P
02:05:55 falazar: will get pics in later
02:06:02 falazar: But it shows a lot of info and is editable
02:06:13 falazar: this is what I could use help with
02:06:20 falazar: and what we will use to attack all others.
02:06:43 falazar: the links are editable, change name, desc, color, and the kill isnt active yet
02:06:49 falazar: color codes are listed
A bit of common sense will keep you safe from phishing. Be aware of where links are actually taking you. Use a different password for everything. And think carefully before you enter a password into a new site.
And don’t trust anything James “falazar” Ratcliff tells you :)
UPDATE: James Ratcliff (aka falazar) response:
And here is James’s reply to the above posting, which he posted on his tlk.io chatroom.