OFFICIAL SECURITY BLOG

Phishers Lure WoW Players with an Irresistible Offer

April 16, 2014 | BY

World of Warcraft, or WoW, is one of the most recognized MMORPG games in its industry, and it has been going strong for almost 10 solid years now.

Blizzard Entertainment, the developers behind WoW, recently announced the beginning of their Alpha testing phase for Warlords of Draenor, the fifth expansion set they’ll be releasing at the end of this year.

I can only imagine the huge wave of excited anticipation sweeping across the Net upon the expansion’s revelation at the near end of 2013. This kind of reception, however, also gave phishers the opportunity to once again throw a line into this massive pool of bright-eyed WoW players and enthusiasts, who may become their biggest cash cow yet.

Thus, this bait:

The message body of the phishing scam
click to enlarge

Above is the full message body of the email phishing campaign that is currently in the wild. Here are also some details we know about it:

  • This scam mail originated from a purported Gmail account with the following format: {random string}@gmail.com
  • The subject of the email is “Gift-Boost a character to Level 90 when you pre-purchase Warlords of Draenor!”
  • The link in number 1 actually leads to “battle-us-wow-cu[dot]net”, which originates from 183[dot]90[dot]185[dot]79, an already known bad IP.

Once WoW players receive this believable, irresistible mail and clicks the link, they see this next:

The sleek and sophisticated-looking phish pageThe sleek and sophisticated-looking phish page

Once users supply their credentials, it’s almost game over at that point. I say “almost” because there’s still one more piece of information these phishers would like to get from them before “the big reveal”.

What's your security question?All your security question are belong to us

Security questions are considered by many as an essential extra layer of security. It may be the only thing left standing between your online data and information and the phishers. Once they have the data they need from you about you, they could either sell them in the black market or use them to access your other online accounts.

As if things couldn’t be bad enough already, users get this error message after entering the “redemption code” they got from the email:

"The big reveal"“The big reveal”

How one acts towards a scam mail, regardless of how legitimate they look, has now become the real deciding factor in measuring the success of today’s phishing campaign.

We’ve seen time and time again that there are phishers who are willing to put time, effort, and a bit of cash into making their scam appear as close to the real thing as possible. This is where research on the side of users should come in. Look it up, talk about it with your online friends, ask around. In this case, user may be better off asking Blizzard. I

t’s always better to be safe and informed than sorry and regretful.

Jovi Umawing (Hat tip to our friends at Bitdefender for finding and writing about this campaign first.)