Phishing in a World of Warcraft

Filed Under: Phishing, Spam

BlizzardI suspect by now that most people are familiar with the concept of cybercriminals phishing for banking details, hoping to break into your online account in order to steal money.

Those who have kept up-to-speed on the security side of things are also very aware that social networking accounts are also attractive to hackers. Our latest study finds that 43% of social networkers report having been on the receiving end of a phish sent via the sites.

Hackers can use compromised social networking accounts to steal identities and to masquerade as other people when sending out spam, phishing and malware campaigns.

What is often overlooked, however, is the phishing that can take place against online videogame players.

We've seen a wave of game-related phishing attacks recently. Here's just a couple of examples of phishing emails we have seen in our spam traps this week:

World of Warcraft phishing email

World of Warcraft phishing email

The emails claim to come from Blizzard, the developers of the popular World of Warcraft games. Players of these videogames manage their account details through Blizzard's Battle.net service, and these emails link to a site that poses as Battle.net and attempts to steal your login credentials.

Phishing website

I spoke to a regular World of Warcraft player I know, and she told me that the phishing website was extremely convincing. In fact, she had to do a WHOIS lookup to confirm that the site wasn't affiliated with the World of Warcraft empire.

And you can see what she means when you check out what the genuine Battle.net website looks like:

Genuine website

(These two screenshots were taken on computers running different browsers and different operating systems, which probably explains the minor font differences)

The reason why phishers are interested in your online gaming accounts? Well, some players of games like World of Warcraft are prepared to buy virtual "gold" and other services to improve their position in the game. It is, in effect, a way to improve your status in the game without putting in umpteen hours of hard graft.

Phishers and spyware authors are aware that there is a market for virtual "gold" and other items used in the game-playing universe, and are interested in breaking into innocent users' accounts to ransack them.

To its credit, Blizzard attempts to educate its customers about phishing scams by providing advice on its website and on the real Battle.net website.

But you can also help yourself by keeping your wits about you, choosing sensible, hard-to-crack passwords for your gaming accounts, and ensuring that your computer is defended with up-to-date anti-spam and anti-virus software.

Funnily enough, although this crime is centred around the gaming universe there are also issues here for system administrators attempting to protect corporate networks. That's because so many users will use the same password everywhere they go on the net.

In other words, if your users have their World of Warcraft account phished - who's to say that they aren't also giving away a password that they use in your corporation?

So you can see it's in everyone's interest that players of online videogames stay secure online.

, , , ,

You might like

11 Responses to Phishing in a World of Warcraft

  1. I have been getting fake emails like this for a while. Funny thing is, I would always seem to get one after reporting a WoW account for sale on Craigslist in my area. Maybe Blizzard has malware lurking that generates lists of emails that are submitted to Blizzard?

  2. I have been getting these for over a year...sometimes to the tune of four a week. I never believed them, as a) Blizzard just don't send emails like this for obvious reasons b) I could always get into the game just fine and c) the mails all come to the email account that I have which ISN'T the one associated with my battle net address.

    If I ever found myself locked out of the game for any reason and I happened to have one of these emails, I still wouldn't click on anything in it, but would open battle net the usual way or phone customer service.

    Sadly there are a lot of gullible people out there.

  3. Chris W · 1374 days ago

    As far as i know Blizzard has a tool that detects most keylogers or such software build in Luncher (this cute loading window, where updates are beeng downloaded and aplyed and you may start main game). Also they take every such report (at least every i heard of) very seriously and update this luncher tool with new list from time to time. They call it "downloading updated tools", i belive its about every 2 monts at most. First thing : always check adress where maile came from, second: *ALWAYS* check site *FULL* address and if its SSL connection. Third: they will *NEVER* ask You for *ANY* personal data. Ecept time when you must input credit card number to prolong plaing (but you choose this option by yourself).

  4. Jim Raynor · 1374 days ago

    I like how i get emails about my WoW account being hacked. I don't own Wow, just starcraft, so when i see something with "your gold," I just chuckle.

  5. Elfy · 1373 days ago

    These are getting better & better - decent grammar, and reasonable urls. Easy to see how they catch people as they better evolve their techniques. Blizzard will never send out emails with links now though, a new thing, so if you see any mail with any form of 'click here to whatever' in it you can be sure it's not genuine.

  6. guesticle · 1373 days ago

    Whilst I have no photographic evidence (Sorry), I saw a scam earlier today. A private whisper was sent saying "Could I please get a guild invite? I'm a friend of Alexander" (Punctuation and spelling fixed). Of course, it was only a level one Spambot.

    The interesting parts were the fact that they contacted the character that happened to be the guild leader (easily found on the Armory), but also the attempt to use a real name. Too bad there was nobody called Alexander...

  7. Evil Bob · 1373 days ago

    Considering that virtual currency is openly bought and sold for real cash, its very easy to understand why criminals would attempt to gain access to the 13 million subscribers that World of Warcraft has.

    I started receiving the WoW phising emails a couple months ago when the Elitest Jerks web site was compromised and their registered user list (which included email info) was stollen, since then its been a daily gig with horrible punctuation and grammar for the most part, but there have been some rather rare gems in there that looked very legit.

  8. Furtled · 1362 days ago

    I never realised how big a market in game currency was until I started playing WoW so it's not really surprising that it's being targeted. The simplest way to protect a WoW account for players who aren't the most tech savvy (or easily tricked) is the authenticator, nothing's 100% but it's as close as you can get. Also having an email address that's only for logging into WoW/B.net and nothing else cuts down on the emails.

    Gold spam and dodgy whispers in-game from people pretending to be Blizz employees are the two that annoy me, email spam goes into the spam folder never to be seen again.

  9. Kent Goertzen · 1362 days ago

    "We've seen a wave of game-related phishing attacks recently."

    Recently? This has been going on for years. I have gotten 2-4 of these a day for the last 3 years.

    Fortunately they haven't figured out that particular email address isn't associated with any games.

  10. Simon · 1273 days ago

    I just started getting these since PSN was hacked! I don't even have a battle.net account which makes the phishing attempt fall a little flat

  11. Arbuda · 1271 days ago

    Also helps if you forward the message to hacks@blizzard.com with the full message headers. Hopefully they can track down and prosecute these hackers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.