Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









World of Warcraft Phishing Scam

Outline
Email claiming to be from Blizzard Entertainment accuses the recipients of trying to sell their World of Warcraft accounts and claims that they must follow a link and verify their account ownership or risk having the account disabled.



Brief Analysis
The message is not from Blizzard Entertainment and the claims in the email are untrue. The message is a phishing scam designed to trick gamers into divulging their World of Warcraft login details.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 19th December 2011
First published: 19th December 2011
Article written by Brett M. Christensen
Research by Matthew Christensen, Brett Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: World of Warcraft - Account Management

Dear customer,

It has come to our attention that you are trying to sell your personal World of Warcraft account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with:
[Link removed]

Login to your account, In accordance following template to verify your account.
* Account name
* Account password
* First and Surname
* Secret Question and Answer
Show * Please enter the correct information

If you ignore this mail your account can and will be closed permanently.
Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Blizzard Entertainment SAS
TSA 60 001
Service Administration des Comptes
78143 Velizy Villacoublay Cedex

If you wish to review our current Rules and Policies for World of Warcraft and Battle.net, they can be found at:
[Links Removed] Regards,

Account Administration Team
World of Warcraft , Blizzard Entertainment 2011




Detailed Analysis
Popular online role playing game World of Warcraft (WoW) has been a regular target of phishing attacks in recent years. In this incarnation, the user is accused of trying to sell his or her WoW account, which would be a breach of the company's terms of service. The user is told to click a link in the message and follow the instructions to verify ownership of the account. The user is warned that failing to verify the account immediately will result in the suspension of the account. And, claims the message, ignoring the email may result in the account being closed permanently.

However, the email is certainly not from anyone at Blizzard Entertainment or WoW. In fact, the message is a phishing scam designed to trick users into giving their WoW login details to account hijackers. Those who fall for the ruse and click the link will be taken to a bogus website that closely mirrors the appearance of the genuine WoW login page. The fake page uses a web address that - at least at first glance - looks like a genuine WoW URL. Once the user logs in on the fake site, he or she is then taken to a "Password Retrieval" page and asked to provide name and email address details. Next, the user is asked to provide the answer to their secret account security question. The user is then taken to a final page that proclaims that the "verification"was successful. The user is prompted to click a button to go "Back to Account Management". The login details and other requested information is sent to the scammers, who are then able to hijack the user's real account at will.

To further the illusion, secondary links in the email and on the fake website lead to the genuine battle.net website. Ironically, the "Account Management" button on the last of the fake pages opens a page that informs user about security issues including phishing.

Once they have gained access to the a phished account, the scammers can lock out the real user, steal any personal information stored there and illegally sell accounts and valuable WoW assets such as gold or characters. Such items can sell for surprisingly large amounts of money.

There are a number of variations in the cover stories used by WoW phishing scammers. Players should be wary of any email that asks them to click a link and supply account information. Battle.net has published information about phishing scams and other types of account theft on its website.

Bookmark and Share References
Phishing in a World of Warcraft
Types of Account Thefts



Last updated: 19th December 2011
First published: 19th December 2011
Article written by Brett M. Christensen
Research by Matthew Christensen, Brett Christensen
About Brett Christensen and Hoax-Slayer