Blizzard’s MMORPG World of Warcraft is one of the most popular games out there, and its players are among the most targeted by online scammers.
It is common knowledge that login credentials for WoW accounts are very much sought after by phishers, so TrendLabs warns about a couple of scams currently going around.
The in-game chat/whisper system is often used to lure players to phishing sites. The phishers usually pose as Blizzard employees or unknown players and “whisper” to the victim that they have been selected for receiving a free gift or that their account has been flagged as hazardous:
In both cases, the victims are urged to follow the offered link that will take them to a phishing page where they are supposed to register with their account credentials in order to receive the gift/prevent the suspension of their account.
Recently, WoW’s in-game mail system has also been employed to deliver similar malicious messages to players:
To add to the credibility of the message, the text and the offered phishing URL make many references to WoW and other Blizzard games. Just as a side note – the phishing website domain is registered and hosted in China. The website in itself resembles very closely the official Battle.net site, making it easy for some people to fall for the scam.
Blizzard is aware of these phishing attempts, and has made it their business to intensify its efforts when it comes to informing the players about them on Battle.net‘s security page. They have also made it possible to report scammers from within the game (see, for example, the “Report Spam” button in the in-game mail system).