14 DAY TRIAL // Security researchers from McAfee warn that gamers are targeted in new Battle.net and World of Warcraft phishing campaigns, which produce very convincing emails purporting to come from Blizzard.
Battle.net is the largest online gaming service. It was created back in 1997 by Blizzard Entertainment, now a subsidiary of Activision, to support online multiplayer gameplay of its popular Diablo, Starcraft and Warcraft series.
Since 2009, accounts for World of Warcraft (WoW), the world's most popular MMORPG game, have also been merged with Battle.net accounts and are now part of the same platform.
World of Warcraft players are constantly the target of many phishing attacks, both in-game and outside of it, since WoW accounts can rack up between $35 and $28,000 on the blackmarket, depending on how well the associated characters are developed.
The latest attack reported by McAfee comes in the form fake e-mail address change notifications, which attempt to scare users into logging in on a fake Battle.net site.
The messages come with a subject of "New Request Notification - Change the Login Address" and they read:
"Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username [old_email].
"The e-mail address [new_email] has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the chance.
"Once the new address has been verified, the e-mail address [old_email] can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account.
"If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately."
Clicking on the link takes users to a fake Battle.net login page, hosted on a domain that is not associated with Blizzard Entertainment.
Users are advised to exercise extra caution when clicking on links in emails purporting to come from known or popular services. Also, the real Battle.net login page is be protected with HTTPS by default.