Security researchers from Finnish antivirus vendor F-Secure warn that a new phishing campaign is targeting World of Warcraft players. The fake emails direct gamers to a rogue website and claim they need to verify their Battle.net accounts by providing their password.
Online gaming credentials are valuable items for cyber criminals, who sell them in bulk on the black market. World of Warcraft accounts in particular are in high-demand. According to research from Symantec released earlier this year, WoW credentials can rack up from $35 to $28,000, depending on how well the associated characters are developed.
“
A World of Warcraft account could be a gold pot for phishers, depending on the player’s achievement. In-game items are in demand and could be sold for real cash value, making WoW accounts a favorite phishing target,” the F-Secure researchers, who intercepted the latest phishing campaign, explain.
The fake emails have their “From” field spoofed to appear as if they originate from a generic address on the blizzard.com domain. The messages masquerade as automatic notifications regarding suspicious account changes, however, the poor spelling is strongly indicative of their rogue nature.
“
[...] blizzard to investigate the recent theft of a large number of players missing account, we may be on your World of Warcraft account. Your password has been modified recently to restore the password We recommend that you log on to restore the password verification: http://[censored]-surveyus.com,” part of the ambiguous phishing message reads.
A more close investigation of the headers reveals that the emails are sent through a @hotmail.com address, which was probably hacked. The researchers point out that a real Battle.net account changes verification process requires more than simply supplying the password. A valid ID such as driver's license, birth certificate, state ID, passport and in the case of minors, parental consent, is necessary.
You can follow the editor on Twitter @lconstantin
Find us on Google+
