Today SophosLabs received a phishing scam targeting the popular online game "World of Warcraft" (WoW). This scam message disguises itself as an official Blizzard Entertainment (makers of WoW) email and states that the company is about to launch a new trial mounts test. The message includes a fraudulent link which tries to lure unsuspecting victims to it. To make it appear even more legitimate, the link also contains the word "worldofwarcraft".
The link opens up a webpage which looks exactly like the main login page for WorldofWarcraft.com and requests your account name and password. After entering these details, it subsequently prompts for the player's current e-mail, security question and answer in order to gain entry to the supposedly new mounts. Naturally, your WoW game account will be stolen once this confidential information has been submitted.
Such social engineering tricks are not uncommon, I have detailed several samples in the previous blog.
Given that online gaming is a billion dollar industry, it is not surprising that scammers are targeting this particular community. In the last few months, SophosLabs have witnessed simliar attempts such as this phishing scam for "World of Warcraft" gamer.
As the online gaming community grows, we anticipate such phishing scams targeting the MMORPG (Massively multiplayer online role-playing game) to continue to proliferate.
To avoid becoming a victim, never click a url in an email to visit websites. Also in this case, it should become alerted when the subsequent page directly requests users' email, secret question and answer but without popping up any login failure page.