WoW Phishing Scams Play On The Insecurities They Caused

Battle.net

Battle.net, the phisher's paradise.

Argh! For some ungodly reason I’m seeing quite an increase in the amount of WoW phishing scams in my inbox these days. I’ve had two in less than 12 hours and, the most annoying thing of all, is that they are becoming harder and harder to spot.

I consider myself no fool when it comes to surfing the web (safety first and all that) and am extremely paranoid about Internet security. Not only am I very careful about what I download but I also never ever follow any links directly out of an email especially when they relate to banking or World of Warcraft. This as-standard-precaution actually saved my virtual bacon last night.

Yesterday I received a very legitimate (i.e. no spelling mistakes, well formatted, real addresses and phone numbers) email from “donotreply@blizzard.com” (yep, the real Blizzard.com domain) to my personal email account which I use for Battle.net (I’m bamboozled as to how the phishers got it) informing me that my personal information details had been updated on Battle.net recently.

Although skeptical at first, I started to wonder if my account had finally been hacked because it’s been a while since I last logged into the site. So I logged into Battle.net via a bookmark and checked my account, it was fine, and then scrutinised the email again. Yep, turns out buried deeply away in HTML behind one link was a URL to a bogus Battle.net website. Very cunning (and very frustrating) indeed.

Funnily enough, I then received another (slightly less convincing) phishing email today claiming that my account had been accessing by an IP address other than the one I usually use and urging me to log into Battle.net (via their convenient link, of course) and check my account hadn’t been hacked. Which it would’ve been had I logged in via the link. Oh the irony of it all.

So, to summarise, phishing emails are getting harder to spot, hackers are getting smarter and starting to turn our own insecurities of being hacked against us, and Blizzard really needs to take some action to stop people spoofing their domain name. I don’t think I’d believe a legitimate WoW email now even if I did get one.

My final words of wisdom: never click on any freaking links in emails. Ever.

-Gordon

If you liked this post, why not subscribe to the RSS feed.


Related Posts

  1. MMO Account Security
  2. Guild Wars 2 vs Patch 5.0.4 – Which To Play?
  3. What’s So Great About Free-2-Play?
  4. EVE Fighting Back In The Face Of Cataclysm
  5. Play World of Warcraft, Become A Mass Murderer

12 Comments

  1. and Blizzard really needs to take some action to stop people spoofing their domain name

    Good luck with that – that’s just how mail works.

    What you want to do is analyze the headers of these mails. Gmail has a “Show Details” link that you can click – the field you’re most interested in is “mailed-by:”. A legit email will be listed as being mailed by blizzard.com or battle.net – a shady one is probably like the random one I picked from my gmail’s spam box, which is from a Hotmail account. :P

    • Gordon says:

      Aren’t SPF records designed to help fight against spoofing? I know it’s not a perfect system because it relies in ISPs enforcing it. What I’d love to see is a proper global system that all professional ISPs need to adhere too which can be used to help combat spam.

  2. Klepsacovic says:

    “My final words of wisdom: never click on any freaking links in emails. Ever.”
    Excellent final words. If you can’t get to where you’re ’supposed’ to go from navigating to the secure and trusted main page, you probably shouldn’t go there.

  3. Russ says:

    The number of fake Blizzard emails that I get each seems to double each month.

    One thing I’ve noticed, in addition to the spelling/punctuation/grammar cleanup, is that they are cleaning up the info that shows up in “Show Details,” which Rilgon mentioned above.

    It used to be that, in Hotmail, looking at this page would show something like

    “X-originating address: johndoe62xxx (at) hotmail (dot) com”

    and that no longer shows up on almost any of the spam that I get anymore.

    Ultimately, the best thing to do is, as you said, refrain from clicking any email links. I just delete them all and log into battle.net occasionally to make sure everything is alright.

    Usually, though, looking at the email is enough – I get enough spam purporting to be related to my European WoW account, which I do not have, that I can be certain that it’s not legitimate without having to investigate.

  4. Stropp says:

    Good advice about account security. Don’t click on links in eMail. It’s such a pity so useful a device has been nobbled because of the scammers.

    Interestingly I received a similar message the other night telling me someone logged in to WoW from a different address and the account was Frozen. It looked like a scam to me too, but when I checked (manually logging in) it turned out my account had been frozen. Fortunately, it’s been lapsed for some time now.

    Still, not sure what happened there.

    • Gordon says:

      Sounds like it was just a coincidence as, if you’re account had lapsed, it would’ve been frozen. A lot of spammers play on our insecurities now. Like yesterday I got a fake email telling me that I had been suspected of selling my WoW account and should log into Battle.net to deny the charges.

  5. Stabs says:

    Funnily enough despite being paranoid I clicked on one this week. Like yours it looked just about perfect.

  6. Tesh says:

    I still get phishing scam emails for an email I’ve only ever used for trial accounts. The email I’ve used for a real account doesn’t get spam. Odd, that.

    …but yeah, I’ll second the “don’t click on email links” rule. It’s just good practice.

Leave a Reply