OFFICIAL SECURITY BLOG
April 16, 2014 | BY Jovi Umawing
World of Warcraft, or WoW, is one of the most recognized MMORPG games in its industry, and it has been going strong for almost 10 solid years now.
Blizzard Entertainment, the developers behind WoW, recently announced the beginning of their Alpha testing phase for Warlords of Draenor, the fifth expansion set they’ll be releasing at the end of this year.
I can only imagine the huge wave of excited anticipation sweeping across the Net upon the expansion’s revelation at the near end of 2013. This kind of reception, however, also gave phishers the opportunity to once again throw a line into this massive pool of bright-eyed WoW players and enthusiasts, who may become their biggest cash cow yet.
Thus, this bait:
Above is the full message body of the email phishing campaign that is currently in the wild. Here are also some details we know about it:
Once WoW players receive this believable, irresistible mail and clicks the link, they see this next:
Once users supply their credentials, it’s almost game over at that point. I say “almost” because there’s still one more piece of information these phishers would like to get from them before “the big reveal”.
Security questions are considered by many as an essential extra layer of security. It may be the only thing left standing between your online data and information and the phishers. Once they have the data they need from you about you, they could either sell them in the black market or use them to access your other online accounts.
As if things couldn’t be bad enough already, users get this error message after entering the “redemption code” they got from the email:
How one acts towards a scam mail, regardless of how legitimate they look, has now become the real deciding factor in measuring the success of today’s phishing campaign.
We’ve seen time and time again that there are phishers who are willing to put time, effort, and a bit of cash into making their scam appear as close to the real thing as possible. This is where research on the side of users should come in. Look it up, talk about it with your online friends, ask around. In this case, user may be better off asking Blizzard. I
t’s always better to be safe and informed than sorry and regretful.
Jovi Umawing (Hat tip to our friends at Bitdefender for finding and writing about this campaign first.)