Phishing in a World of Warcraft

BlizzardI suspect by now that most people are familiar with the concept of cybercriminals phishing for banking details, hoping to break into your online account in order to steal money.

Those who have kept up-to-speed on the security side of things are also very aware that social networking accounts are also attractive to hackers. Our latest study finds that 43% of social networkers report having been on the receiving end of a phish sent via the sites.

Hackers can use compromised social networking accounts to steal identities and to masquerade as other people when sending out spam, phishing and malware campaigns.

What is often overlooked, however, is the phishing that can take place against online videogame players.

We’ve seen a wave of game-related phishing attacks recently. Here’s just a couple of examples of phishing emails we have seen in our spam traps this week:

World of Warcraft phishing email

World of Warcraft phishing email

The emails claim to come from Blizzard, the developers of the popular World of Warcraft games. Players of these videogames manage their account details through Blizzard’s service, and these emails link to a site that poses as and attempts to steal your login credentials.

Phishing website

I spoke to a regular World of Warcraft player I know, and she told me that the phishing website was extremely convincing. In fact, she had to do a WHOIS lookup to confirm that the site wasn’t affiliated with the World of Warcraft empire.

And you can see what she means when you check out what the genuine website looks like:

Genuine website

(These two screenshots were taken on computers running different browsers and different operating systems, which probably explains the minor font differences)

The reason why phishers are interested in your online gaming accounts? Well, some players of games like World of Warcraft are prepared to buy virtual “gold” and other services to improve their position in the game. It is, in effect, a way to improve your status in the game without putting in umpteen hours of hard graft.

Phishers and spyware authors are aware that there is a market for virtual “gold” and other items used in the game-playing universe, and are interested in breaking into innocent users’ accounts to ransack them.

To its credit, Blizzard attempts to educate its customers about phishing scams by providing advice on its website and on the real website.

But you can also help yourself by keeping your wits about you, choosing sensible, hard-to-crack passwords for your gaming accounts, and ensuring that your computer is defended with up-to-date anti-spam and anti-virus software.

Funnily enough, although this crime is centred around the gaming universe there are also issues here for system administrators attempting to protect corporate networks. That’s because so many users will use the same password everywhere they go on the net.

In other words, if your users have their World of Warcraft account phished – who’s to say that they aren’t also giving away a password that they use in your corporation?

So you can see it’s in everyone’s interest that players of online videogames stay secure online.