Phish: Lord of the Rings (Turbine)

Here’s the e-mail:

Return-Path: hkh27@hotmail.com
Received: from pzw ([81.29.128.41]) by BLU0-SMTP5.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 7 Jun 2010 23:04:44 -0700
From: “cogaccounts@codemasters.com” <cogaccounts@codemasters.com>
To: <***@gmail.com>
Subject: Turbine Account Status Warning

Greetings!

This is an automated notification regarding the recent change(s) made to your the Lord of the Rings Online. Your password has recently been modified through the Password Recovery website.

*** If you made this password change, please disregard this notification.
However, if you did NOT make changes to your password, we recommend you Login to verify your password:

[Link to NOT Turbine]

If you are unable to successfully verify your password, using the automated system, please contact Billing & Account Services at 1-960-67-TURBINE (1-960-595-4588) Mon-Fri, 8am-8pm Pacific Time or at billing@turbine.com.Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account,

Turbine representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The Lord of the Rings Online Support Team Turbine Entertainment

Links to: cogeccounts.cabemasters.com

Let’s see here:

  • Header shows it’s from Hotmail.
  • The “reply to” is Codemasters.  I’m not really all that familiar with Lord of the Rings or Turbine, but as far as I can tell, Codemasters is actually Turbine’s competition.

Well, here is a twist.

Now, I admit, I have never played Lord of the Rings online, and I never have signed up on Turbine.

The link says “cabemasters”…the “reply to” says Codemasters.

Looking at Codemaster’s site there is no reference to Turbine or to Lord of the Rings Online.

So, I’m guessing the hacker, in this case, has really f’ed up this entire phish.

Not to mention the e-mail is the same e-mail you get when you change your Battle.net password.  Wording is fairly “blah” so I can see Turbine (or Codemasters) having almost the same working.

But right down to the “*** If you made this password change” is the same…

So, in this case, I’d say the hacker is clueless and doesn’t know what he’s doing and is attempting to broaden his Net out bast Blizzard accounts and royally screwed up.

I don’t anticipate I’ll be seeing this one again.  Although I can bet I’ll see the same e-mail again for a different game (as this moron tries again.)

Oh…and Not Blizzard…or not Turbine…or not Codemasters…

Oh hell, Not anyone Legitimate.

  • Received again:

Return-Path: d_macc@hotmail.com
Received: from ilfwrag ([61.180.157.78]) by BLU0-SMTP36.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 2 Aug 2010 18:53:47 -0700
From: “cogaccounts@codemasters.com” <cogaccounts@codemasters.com>
To: <jayras@gmail.com>
Subject: Turbine Account Status Warning

Links to: cogeccounts.cabemasters.com

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/