It is surely of no surprise, especially toregular readers of our Weblog, that not only banks are targeted byphishing attacks, but nearly anything that can be scammed. We alreadycommented on the rise in attacks targeting virtual worlds andespecially massively multiplayer online role-playing games (MMORPGs) inearlier posts. The growing market for virtual currency and playeraccounts does attract new scammers. It’s the nature of things that ifsomething becomes popular to use, it will also become popular toattack.
There was no exclamation of surprise then (a.k.a. Wow!) when I sawthe latest phishing email for World of Warcraft. In general, itattempted to get a reaction from me by telling me that my account wastemorarly suspended and that I need to log in to verify my details.Well actually, I would rather not log in to unlock my account but hey,it’s their story, not mine.
If you were to follow the masked link you would end up at a spoofed site:
http://wow-europe.good*******.eu/servicehttps3A2F2Fwwwwoweuropecom2Faccount2F.html
The page asks you for your password. If you actually read the textyou will notice that the scammer even left the phishing warning intact,which tells you that you should make sure that you are on a page thatstarts with „httpS://www.worldofwarcraft.com/“. Clearly this conditionis not met on this fake site. On the other hand, we all know that usersare having problems reading and identifying URLs correctly.
The page is made to appear quite convincing, which is not thatsurprising because they just copied everything and used direct linkingto all the original images. So let's say you just woke up and didn’tnotice the glitch in the URL and therefore logged in. You would betaken to a Web site that asks you for even more personal information.After you give all those away as well, including the answer to yoursecret question, you will be redirected to the offical WoW main page.All the while, your account is sheduled for infiltration so all of yourgold and items can be stolen by the scammer.
If you follow some simple rules then you should not fall victim todumpy phishing attacks such as these. Always make sure you are on theofficial site when you log in. Blizzard's account security informationfound here sums it up as follows:
The vast majority of account compromises originate from one of three sources:
1. "Spoof" Web sites and emails
2. Downloading hacks, cheats, or other executable content
3. Sharing account information and/or using power-leveling services
There are only four places where you should EVER type your password:
- The World of Warcraft game login screen.
- The Account Management page on the official site (http://www.worldofwarcraft.com/account/)
- The World of Warcraft Armory page (https://www.wowarmory.com/login.xml).
- The official World of Warcraft forums (http://forums.worldofwarcraft.com)
So the next time you get an invite to join the special beta testinggroup for the next expansion set, make sure that you know where youare. Of course, other MMORPGs are targeted by phishers as well, sowatch out no matter what sort of games you play.
(A tip of the hat goes to Per for the heads up.)