As If Stealing Your Money Wasn't Enough...

Filed Under: SophosLabs, Spam

There's a game out there a few of you may have heard of called World of Warcraft that's been in the news a lot over the years. I admit, I was once one of "them", playing long hours everyday to get the latest in "phat lootz" (Translation: Items that are highly sought after).

I'd kicked the gaming habit years ago, but recently I made the mistake of letting a friend talk me into playing it again.

One of the things that used to really bug me were the spammers in the game (people who register for the game with the sole intent of automatically sending bulk messages) that would repeatedly send you private messages trying to sell you virtual gold for real world currency.

They would send you a message with a price (say 5000 virtual gold coins for 50 real dollars) along with a URL where you can make the payment at. Once you've purchase their gold with your Visa they arrange a virtual meeting place in game to make the exchange.

The good news is that during the past two weeks that I've been playing, I have yet to receive a single one of these messages. The bad news is, it seems they've moved on to a new business.

Last night, while playing the game, I received the following message.

Being the curious fellow that I am, I decided to look into it by doing a WHOIS on the domain which revealed that the domain was registered just last week. Sure enough, it was a phishing scam.

Searching for similarly named domains I actually found a few other examples, some of which seem to be down and no longer resolving to an IP as of this morning. When I loaded up the page with a browser, sure enough I was greeted with a World of Warcraft account management login screen.

Knowing full well what was going on here, I entered a bogus login and password to see what else there was. Of course, any login and password was accepted followed by another screen asking me if I wanted to change my password. It requested my current email address, a secret question and the answer.

Not only are these people looking to steal your game login credentials, but they also want your email address and the answer to your secret question.

Why you ask? Well, if you're like a lot of people you probably sign up at multiple websites with your same email, same password, same secret question and the same secret answer.

Unfortunately, that means that all someone needs is to find your login information for one site, and they'll have it for all of them.

It's important to always pay attention to detail and go with your gut.

First of all, if a company needed to contact you with some sort of special announcement they would send you an email, not a message with poor grammar and a suspicious looking link.

Second, if you read the text near the bottom of the account login page you'll see a message saying the following.

For security reasons, close your web browser when you are done accessing services that require authentication. Secure Blizzard Entertainment web pages that request your account name and password will contain URLs such as worldofwarcraft.com, blizzard.com, and battle.net.

For anyone who does happen to fall victim to this phish site, it's likely that the phisher's will attempt to log into their accounts and steal any virtual gold or items of value that they could profit.

If you do fall victim to a phish, there is a support page with steps for you to follow.

For the paranoid people out there there's also an added layer of security you can add to your account by purchasing an authenticator, that way even if they do get your login and password they still can't login to your account.

Just remember, phishing won't always come in the form of an email, and isn't limited to targeting just your bank accounts. When in doubt, always start online transactions from the original domain, be it World of Warcraft, Google or online banking.

You might like