WoW Phishing Scams Play On The Insecurities They Caused
Argh! For some ungodly reason I’m seeing quite an increase in the amount of WoW phishing scams in my inbox these days. I’ve had two in less than 12 hours and, the most annoying thing of all, is that they are becoming harder and harder to spot.
I consider myself no fool when it comes to surfing the web (safety first and all that) and am extremely paranoid about Internet security. Not only am I very careful about what I download but I also never ever follow any links directly out of an email especially when they relate to banking or World of Warcraft. This as-standard-precaution actually saved my virtual bacon last night.
Yesterday I received a very legitimate (i.e. no spelling mistakes, well formatted, real addresses and phone numbers) email from “email@example.com” (yep, the real Blizzard.com domain) to my personal email account which I use for Battle.net (I’m bamboozled as to how the phishers got it) informing me that my personal information details had been updated on Battle.net recently.
Although skeptical at first, I started to wonder if my account had finally been hacked because it’s been a while since I last logged into the site. So I logged into Battle.net via a bookmark and checked my account, it was fine, and then scrutinised the email again. Yep, turns out buried deeply away in HTML behind one link was a URL to a bogus Battle.net website. Very cunning (and very frustrating) indeed.
Funnily enough, I then received another (slightly less convincing) phishing email today claiming that my account had been accessing by an IP address other than the one I usually use and urging me to log into Battle.net (via their convenient link, of course) and check my account hadn’t been hacked. Which it would’ve been had I logged in via the link. Oh the irony of it all.
So, to summarise, phishing emails are getting harder to spot, hackers are getting smarter and starting to turn our own insecurities of being hacked against us, and Blizzard really needs to take some action to stop people spoofing their domain name. I don’t think I’d believe a legitimate WoW email now even if I did get one.
My final words of wisdom: never click on any freaking links in emails. Ever.