We've got a problem at our browser based game with a person who continuously signs up (different IP address, e-mail address etc) and spams players of the game asking them to login at an alternative URL. We censor the URL and he uses an alternative, we educate players but some still fall for the trap. At the end of the day this person is getting hold of user's passwords by tricking them into logging in at an alternative URL, which is a pain in the back for their gameplay but even worse when these people probably use the same password for e-mail accounts and so on.
Where can we go from here to stop this? We're not a big website, it isn't online banking - so I guess we're not important?!
The phishing sites are being hosted for free at www.limewebs.com - the people there seem to be idiots ( I didn't think they would be interested though ). I spoke on their live chat, was told to put in a support ticket by e-mailing [email protected] - I send an e-mail to the address and get an automated reply saying I must register to the support desk first... which I couldn't do without registered for free hosting. So eventually I track down an e-mail address for them but they just claim that they check for this sort of thing every now and again so will not take any immediate action... then have the nerve to say "in future please use the support desk".
It doesn't bother me blocking this idiot from accessing the website every time he finds a new way to gain access, we get alot of that - what bothers me is that users are at risk no matter how much we educate them.
So my question is - can anything be done about this? Fake login websites being setup for users so that someone can steal their username/password.
Thank you for any replies. Apologies if this is posted in the wrong area, I wasn't really sure where to post it and haven't been around for a short while.
Unfortunatley you seem to be doing all you can. Seems like the best way to prevent this would from the script side. Make a better warning of sort. Like before a user starts a game have him confirm he will not accept any links to login pages and so fourth in big red text, lol. Get the users attention better. It seems like you should harden the website.