glricker408b14_ESO wrote: »I received a phishing email today. It's clearly not from Zenimax. The text encourages one to reply to the email to receive a deal of buy 30 days of plus and get 30 days free.
ZephyrWestwind wrote: »glricker408b14_ESO wrote: »I received a phishing email today. It's clearly not from Zenimax. The text encourages one to reply to the email to receive a deal of buy 30 days of plus and get 30 days free.
Does not look like a phish at first glance, but would need to see the actual headers to confirm that it came from the address listed. The address on the from line is a legit address.
It has been noted before by someone who ceased their ESO+ that they had received such an email. That email was legit
However, as others have stated you need to make sure it is really from the address stated and any links are what they say they are vs spoofed info.
lordrichter wrote: »That could be a legitimate email. It is hard to tell from a screen cap.
It all depends on whether it actually comes from "custhelp.com" or if that is spoofed. It also depends on what they are asking for in the reply email.
RefLiberty wrote: »It has been noted before by someone who ceased their ESO+ that they had received such an email. That email was legit
However, as others have stated you need to make sure it is really from the address stated and any links are what they say they are vs spoofed info.
Oh boy, if they do that, they really need to make that less shady, I guess it is outsourced marketing company, I mean, the the records are nasty:
Registrant: REDACTED FOR PRIVACY
On a shared hosting:
IP Address 74.117.206.70 - 18 other sites hosted on this server
Not transparent, not at all. They need to look into this then, cos marketing will fail if people delete the email thinking it is just a spam It seems that it is outsourced service then.
validifyedneb18_ESO wrote: »RefLiberty wrote: »It has been noted before by someone who ceased their ESO+ that they had received such an email. That email was legit
However, as others have stated you need to make sure it is really from the address stated and any links are what they say they are vs spoofed info.
Oh boy, if they do that, they really need to make that less shady, I guess it is outsourced marketing company, I mean, the the records are nasty:
Registrant: REDACTED FOR PRIVACY
On a shared hosting:
IP Address 74.117.206.70 - 18 other sites hosted on this server
Not transparent, not at all. They need to look into this then, cos marketing will fail if people delete the email thinking it is just a spam It seems that it is outsourced service then.
this ^ the fact that the who-is listing has no clear path back to Bethesda or Zenimax, the registrar is an unknown and the vast majority of the information is optionally redacted... I am confused to see so many people say this is a legit domain. Looks shady as all hell.
validifyedneb18_ESO wrote: »lordrichter wrote: »That could be a legitimate email. It is hard to tell from a screen cap.
It all depends on whether it actually comes from "custhelp.com" or if that is spoofed. It also depends on what they are asking for in the reply email.
"teso_help@mailmw.custhelp.com" - totally non dodgy sounding, and totally ZOS related URI.
ZephyrWestwind wrote: »validifyedneb18_ESO wrote: »lordrichter wrote: »That could be a legitimate email. It is hard to tell from a screen cap.
It all depends on whether it actually comes from "custhelp.com" or if that is spoofed. It also depends on what they are asking for in the reply email.
"teso_help@mailmw.custhelp.com" - totally non dodgy sounding, and totally ZOS related URI.
Why, yes, it is. That's exactly why it is on the list of verified email addresses to send players mail.
RefLiberty wrote: »ZephyrWestwind wrote: »validifyedneb18_ESO wrote: »lordrichter wrote: »That could be a legitimate email. It is hard to tell from a screen cap.
It all depends on whether it actually comes from "custhelp.com" or if that is spoofed. It also depends on what they are asking for in the reply email.
"teso_help@mailmw.custhelp.com" - totally non dodgy sounding, and totally ZOS related URI.
Why, yes, it is. That's exactly why it is on the list of verified email addresses to send players mail.
Ummm... He was sarcastic.
ZephyrWestwind wrote: »RefLiberty wrote: »ZephyrWestwind wrote: »validifyedneb18_ESO wrote: »lordrichter wrote: »That could be a legitimate email. It is hard to tell from a screen cap.
It all depends on whether it actually comes from "custhelp.com" or if that is spoofed. It also depends on what they are asking for in the reply email.
"teso_help@mailmw.custhelp.com" - totally non dodgy sounding, and totally ZOS related URI.
Why, yes, it is. That's exactly why it is on the list of verified email addresses to send players mail.
Ummm... He was sarcastic.
and the "Why, yes, it is." wasn't? Darn, need more practice.
The email address and source are legitimate.
You can alternatively reply to just ESO_Help@helpmail.elderscrollsonline.com which will open up a support ticket with Bethesda Customer Support.
]
lordrichter wrote: »That could be a legitimate email. It is hard to tell from a screen cap.
It all depends on whether it actually comes from "custhelp.com" or if that is spoofed. It also depends on what they are asking for in the reply email.
RefLiberty wrote: »- mailmw.custhelp.com comes from "custhelp.com", You look at that and think, ha??
ZOS uses a lot of third parties for communication.
.....custhelp.com is one such third-party that is used by a lot of companies. Including ZOS. ..... if a mail is spoofed or not unless you examine the full e-mail headers (depending on your e-mail client, it could be view headers, view source, view raw message, etc.) and verify that it has a valid cryptographic signature
ZOS uses a lot of third parties for communication.
.....custhelp.com is one such third-party that is used by a lot of companies. Including ZOS. ..... if a mail is spoofed or not unless you examine the full e-mail headers (depending on your e-mail client, it could be view headers, view source, view raw message, etc.) and verify that it has a valid cryptographic signature
This thread illustrates that ZOS should send it's marketing emails from it's domain and not some third party where someone has to Vet the email headers to verify it. I mean, really, just a subset of the population knows what an email header is, less how to do it or even what a whois search is.
@ZOS_JessicaFolsom
glricker408b14_ESO wrote: »I received a phishing email today. It's clearly not from Zenimax. The text encourages one to reply to the email to receive a deal of buy 30 days of plus and get 30 days free.