Phishing for Gamers

While in the lab today checking out threat and scam activity, I came across this phish targeting “World of Warcraft” gamers:

So what is so obviously phishy about this email apart from asking you to click on a link to verify your account ownership!? Firstly, the link of course does not direct to where stated in the email message but instead points to:

Many of you will have already noticed that the link shown above is not over a secure channel, so don’t expect to see the usual signs of secured sites such as the “lock” icon allowing access to the sites certificate. If you actually clicked on the link (now you know you shouldn’t do that right?), you would be presented with the following page:

Of course the two links to supposedly verify your account do not point to legitimate sites but instead point to a free hosting site summing this up as an all too familiar scam:

The gaming industry is a big market, so it is not surprising to see criminals trying to extend their reach past the usual banking scams into new areas. Of course a good mail filter will keep this annoyance out of your inbox and a good web filter will block access to the phish sites.