• Menard Osena (Solutions Product Manager)

    @Summer B
    Thanks for liking this post :)

  • Menard Osena (Solutions Product Manager)

    @Moriella

    Thanks for sharing your experience on this topic!

    I understand that this might be “old news” for some (especially for hard-core WoW gamers) but as an awareness campaign and as it may be of benefit to other Malware blog readers we continued with the posting.

    For:
    </blockquote>
    Furthermore, some unknown WoW-related forum website has been compromised, and the email addresses registered to that site have been spearphished with "your account is being investigated" messages. The sites are hosted in China with names like wow-support.something-not-wow-related.com or blizzard-armory.something-else-not-wow.us.
    </blockquote>

    I suggest that users DO NOT use the same email address that they use for Blizzard’s Battle.net registration, in registering to 3rd party gaming forums. This safety precaution will help avoid security risks (example: spear-phishing) and is a good security practice.

    For the phishing websites, I agree, we are seeing similar strings, "wow-support.something-not-wow-related.com" which are too numerous to list as these websites are sprouting like mushrooms (faster than infused mushroom spawns in the Dalaran Sewers :) ) in in-game whisper/chat.

    It is interesting to note that majority (if not all) of the URL’s are registered in China, but reading the accompanying research paper on CWM/Rattle Trojan will give a bigger picture of the underground online gaming economy. We will try to put more examples of websites in future blog articles related to this topic.

    Again thanks for the comment!
    Enjoy the game!

  • Menard Osena (Solutions Product Manager)

    @ross purdie

    <blockquote>
    I ASSUME WOW, HAVE A STANDING LAW. STATING MOST ADAMANTLY THAT UNDER NO CIRCUMSTANCE WILL THEY EVER ASK A PLAYER FOR THER PASSWORD. THIS IS A RECURING PROBLEM & MOST PLAYERS SHOULD BE AWARE OF IT.
    </blockquote>

    Thanks for the comment! Yes Blizzard will NEVER ask for Battle.net account and password (I believe this applies to all of Battle.net games not just WoW and Starcraft 2) so any attempt to get this info from user should be viewed with suspicion.

    Have fun and enjoy the game!

    p.s. I like the way you named the Blizzard/Admin as “Game powers that be” :)

  • Menard Osena (Solutions Product Manager)

    @Andy Brown

    Thanks for appreciating the blog article! :)

    I totally agree that education (via information sharing in Malware Blog) will to raise the awareness level with regards to WoW phishing scams. This effort will also be good starting point to combat these online game threats.

  • http://vanguardguild.net Moriella

    It's good that you're posting this, but it's rather old news. These scams, both in-game and out, have been going on for quite a while. One trick we saw almost a year ago was to use the guild member lists to determine guild leaders, then send in-game mail using a lookalike name, such as replacing lowercase i with í, which are very similar in the in-game font.

    Furthermore, some unknown WoW-related forum website has been compromised, and the email addresses registered to that site have been spearphished with "your account is being investigated" messages. The sites are hosted in China with names like wow-support.something-not-wow-related.com or blizzard-armory.something-else-not-wow.us. Some of the links in the email are valid Blizzard links, but the one they want you to click on are not.

  • http://www.issviews.com Andy Brown

    An excellent post and many thanks for blogging this.

    Having played the game myself for the last 5 years, I have noticed a sharp decline in Blizzard taking action on gold sellers and sites that exploit gamers. Frequently many are spamming or phishing for months on end.

    It appears that the only way to really combat this threat is to educate those less knowledgable, as you have done so here :D

  • ross purdie.

    I AM A STARCRAFT PLAYER, JUST THE OTHER DAY I WAS READING SOME OF THE FORUM CONVERSATIONS. I WAS HAVING PROBLEMS GETTING BACK INTO THE GAME AFTER I DID A TOTAL SCAN OF MY L/TOP. I COULD GET TO A PARTICULAR POINT,WHICH WOULD THEN BAR ME. tELLING ME THAT I NEEDED TO ENTER CORRECT CODES,RAH,RAH.tHIS WAS CRAP SO I TRIED TO GET SOME INFO FROM THE FORUM.THERE WERE A FEW COMPLAINTS,OTHER THAN MY OWN.THESE CONSISTED OF PLAYERS RECEIVING NOTES SAYING THAT THEY WERE BANNED FROM PLAYING.THEY COULD RECTIFY THE PROBLEM BY ENTERING THERE PASSWORD ETC….STARCRAFT,& I ASSUME WOW, HAVE A STANDING LAW. STATING MOST ADAMANTLY THAT UNDER NO CIRCUMSTANCE WILL THEY EVER ASK A PLAYER FOR THER PASSWORD. THIS IS A RECURING PROBLEM & MOST PLAYERS SHOULD BE AWARE OF IT. IF A P/WORD IS REQUIRED,,,IGNORE IT & REPORT IT TO THE GAMES POWERS THAT BE……dont let these scams ruin our fun.

  • http://summerburgen.typepad.com/blog/ Summer B

    Summer B likes this post :)xx

  • Pingback: Darren Foster Computer Services » Play World of Warcraft? – beware the Phishing scam….

  • Pingback: Malware Blog – WoW Scams: Free Gifts and Fake Account Suspension Threats | menardconnect.com

Mobile Theme