Sunday, September 4, 2011

Diablo 3 Beta Phishing Season Begins

The scammers are out in force with the recent Diablo 3 beta opt-in announcement.  

Phishing scams are very common around any Blizzard beta release announcement so it is time to be especially on your guard.

I received the following in my in-box today:

Greetings from Blizzard Entertainment!
We’re gearing up for the forthcoming launch of Diablo III and would like to extend you an invitation toparticipate in the beta test. If you are interested in participating, you need to have a account, which you can create on our website.
We will flag you for access to the Diablo III beta test when we begin admitting press. You do not need to go through the opt-in process.
To secure your place among the first of Sanctuary’s heroes,Please use the following template below to verify your account and information via email.
* Name:
* Battle.account name:
* Password:
* Country:
* E-mail Address:
Thanks and see you all in the Burning Hells!

The email claims to give you an express beta invite without having to go through the formal opt-in process. Naturally, this is a phishing attempt aimed at getting hold your valuable account details. The reply email address resolves into a domain which, not-so-surprisingly, is registered in China:

Domain Name: D3-BLIZZARD.COM
   Whois Server:
   Referral URL:
   Name Server: DNS27.HICHINA.COM
   Name Server: DNS28.HICHINA.COM
   Status: ok
   Updated Date: 29-aug-2011
   Creation Date: 29-aug-2011
   Expiration Date: 29-aug-2012

Remember, Blizzard will never ask your for your password - be wary of any communications that requests this.

Tuesday, April 5, 2011

Top WoW Phishing Scams for March 2011

I have established a WoW phishing honeypot and I see a lot of active phishing scams.  I thought I would take the time to cover off the top two WoW phishing scams for March :

#1 Titled "Too Many Attempts Warning No.x" - 37% of WoW scams

The most common phishing scam for March comes in the form of a straight text email that warns you that your account has been locked due to too many login attempts. It provides a link to restore your account, but naturally points to a fake site, where your account details are captured.

Dear customer, 
Due to suspicious activity, your account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your ComputerIn the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail AccountAfter you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

Step 3: Restore access to Your accountWe now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: xxxxxxxxxxxxxxxxxxxxxxxxxxxx

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at xxxxxxxxxxxxxxxxxxx.

The Account Team 
Online Privacy Policy

#2 Titled "Account Change" - 26% of WoW scams

This scam attempts to scare you into thinking that your contact information has been illegally modified and entices you to log in to a fake site to verify your account information.

This is an automated notification regarding your account. Some or all of your contact information was recently modified through the Account Management website.

*** If you made recent account changes, please disregard this automatic notification.
*** If you did NOT make any changes to your account, we recommend you log in to xxxxxxxxxxxxxxxxxxxx review your account settings.

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8AM-8PM Pacific Time) or at

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

The Support Team 
Blizzard Entertainment
Online Privacy Policy

Other active scams including a "7 days free access offer", "investigations on the sale/trade of your game account" and various "compensation" emails.  I have also started to see scams for LOTRO and RIFT.  You know that you have made it as an MMO when you see active phishing scams - sad, but true.

Learn more about the mechanics of these scams.

Sunday, March 27, 2011

Trust Me, I am a Security Pro

Everyone you talk to seems to have their own special advice on how to avoid having your game account hacked. Unfortunately, there is both good and bad advice given. While I normally blog about the good advice, I decided to take some time and dispel some of the common IT security myths out there.

Myth: You can't get hacked by simply visiting a web site

People often claim that you can't be hacked by just visiting a web site and that you need to download and install something by clicking on it.

This is false. You can indeed pick up a trojan/keylogger simply by browsing to a web site that has malicious content which takes advantage of a vulnerability and, depending on the vulnerability, you may not even know that you have been infected.

Vulnerabilities can be found in the operating system, your browser, your flash player, your media player and in any piece of software that runs on your machine. Many of these vulnerabilities, if exploited, allow remote code execution which can be used to automatically download malicious software without your interaction or knowledge.

Myth: Running Firefox/Mozilla means I am safe

Internet Explorer has traditionally been one of the most exploited browsers, mainly because of its historical prevalence. These days, Firefox is the most popular browser amongst WoW users (44%), with IE (22%) and Chrome (21%) coming next... and the hackers have followed. Many vulnerabilities and exploits have been discovered with Firefox.

Other browsers are not perfect either. For example, a competition at a security conference found that most browsers could be easily compromised with Google's Chrome being the last one standing.

Myth: Run 'noscript' and you will be fine

Noscript is an addon for firefox that allows you to block flash and javascript on web pages. It helps alleviate issues such as flash vulnerabilities that are often announced. 

Noscript is a very good idea in concept but it breaks most web sites, especially modern web sites that require flash and javascript (which is nearly all of them).  This is the traditional trade-off you get with security.  Noscript provides some excellent protection but you will not get the full functionality from web sites without extensive whitelisting.

Myth: I run a Mac and Macs don't get malware

Yes they do - just not as much malware as what Windows users can expect.

However, you can still get phished.  Given that many of the account hacks are a result of phishing attacks, Mac users need to remember that they are just as vulnerable to these as any other user.

Myth: Pick up free anti-virus software and you will be right

Honestly, you get what you pay for.  As someone that comes from the anti-virus industry, I know the investment required to produce a top-quality anti-virus solution.  Free AV is good, but paid-for AV is better. It ultimately comes down to your tolerance of risk and whether you are prepared to pay for better protection. You can see a list of AV products and their ratings at

Myth: I have an Authenticator therefore I am protected 100%

No security will provide 100% protection. Whenever you hear someone say that something is 100% secure then don't believe a word of it.

The authenticator recently fell victim to some malware that intercepted the authenticator's code and sent it off to the hacker. But don't despair - the authenticator is still one of the best prevention mechanisms you can buy.

I don't have an authenticator, I don't run AV, I don't have a firewall and I have never been hacked.

You should go and buy yourself a lottery ticket. Seriously, you are very lucky.

As discussed earlier, you can get infected simply by surfing a page that features some malformed objects designed to exploit a vulnerability in some piece of software on your PC.

But you avoid bad sites such as hack sites or porn sites, right? 

Well, even the good sites get hacked to become a source of malware. This is becoming a much more common method of malware propagation.

Visit our 10 Easy WoW Security Steps post to learn more about securing your WoW account.