The Winning Poker Network (WPN), home to ACR Poker and several other online-poker sites, has issued a warning to its players regarding a coordinated e-mail “phishing” episode employing an internet domain designed as though it is associated with WPN.
The phishing emails, which WPN describes as having been received by “a small number of customers,” came from the email address “firstname.lastname@example.org”. The “wpnpoker.com” domain is not affiliated with Winning Poker Network or any of its member skins. WPN’s official network home is at winningpokernetwork.com, and WPN stressed that integrity- and security-related emails would only come from the address “email@example.com”.
According to WPN’s own emailed warning, “These emails posed questions about poker game play, requested personal verification documents, and asked players to record videos of their gameplay. These emails also contained unsecure links leading to malware downloads.” The requested information could be used to hijack a player’s account and reset a password, thus allowing a player’s online balance to be drained or transferred.
Domain used in phishing attacks may be Netherlands-based
The emails employed the correct “gamesecuriry” internal portion of the address, combined with a domain name that could easily be mistaken as a genuine WPN-controlled domain. That speaks to the degree of knowledge the perpetrator or perpetrators have about WPN’s online-poker services and methods of communication with players.
As is typically the case with such domains, the ownership of the phishing domain is buried in layers of anonymity. A WHOIS inquiry shows that the domain name was registered through Eranet, a Hong Kong-based registrar. Connectivity to the phishing domain runs elsewhere, however, first to a server company in the former Soviet republic of Moldova, and then on to an IP address assigned to a server in the Netherlands.
WPN has asked players who believe they have received a phishing email to forward the email to firstname.lastname@example.org for further investigation. WPN’s warning also included a list of some of the more obvious ways in which a suspect email can be identified as a likely phishing attempt:
• Style: Authentic emails from us will maintain a consistent and professional style. Be wary of spelling errors, especially in the sender name field.
• Sender Address: Authentic Winning Poker Network emails will only ever come from an address ending in @winningpokernetwork.com.
• Urgency: Phishing emails often create a sense of urgency to trick you into acting before you think.
• Personalized Information: Authentic emails from us often include your name or specific account details.
• Links: Ensure that any links included in the email start with https://. Also, the address should reflect our official website when you hover your cursor over it.
• Videos/Attachments: We will never send video links or unsolicited attachments.
(Source: Winning Poker Network)