WoW phishing email threatens with account termination

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.

World of Warcraft players are often targeted by phishers whose goal is to get the login credentials to as many accounts possible and bleed them dry.

A recently detected one starts in the usual way – with an email purportedly coming from Blizzard Entertainment, which says that the user’s account is being sold or traded. Then the phishers add a veiled threat in order to increase the sense of urgency: “If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.”

It is all designed in a way that will make some users miss the fact that there are many spelling errors in the email – including the very name of the company that supposedly sends it – and ignore the fact that the given URL doesn’t look like a legitimate URL belonging a Blizzard domain.

Instead of the legitimate login page, the victim is taken to a spoofed one that looks exactly the same:

According to BitDefender, the spoofed page is hosted on a Chinese web server. Once the victim enters its login credentials, he is redirected to the legitimate page. The information he entered is recorded and misused to strip his accounts of valuables or sold to another player.

Users are urged to remember that emails that try to create a sense of urgency by threatening the user with sanctions are often the work of scammers.