Tuesday, April 5, 2011

Top WoW Phishing Scams for March 2011

I have established a WoW phishing honeypot and I see a lot of active phishing scams.  I thought I would take the time to cover off the top two WoW phishing scams for March :

#1 Titled "Too Many Attempts Warning No.x" - 37% of WoW scams

The most common phishing scam for March comes in the form of a straight text email that warns you that your account has been locked due to too many login attempts. It provides a link to restore your account, but naturally points to a fake battle.net site, where your account details are captured.

Dear customer, 
Due to suspicious activity, your Battle.net account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your ComputerIn the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail AccountAfter you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

Step 3: Restore access to Your accountWe now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: xxxxxxxxxxxxxxxxxxxxxxxxxxxx

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at xxxxxxxxxxxxxxxxxxx.

The Battle.net Account Team 
Online Privacy Policy

#2 Titled "Account Change" - 26% of WoW scams

This scam attempts to scare you into thinking that your contact information has been illegally modified and entices you to log in to a fake site to verify your account information.

This is an automated notification regarding your Battle.net account. Some or all of your contact information was recently modified through the Account Management website.

*** If you made recent account changes, please disregard this automatic notification.
*** If you did NOT make any changes to your account, we recommend you log in to xxxxxxxxxxxxxxxxxxxx review your account settings.

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8AM-8PM Pacific Time) or at billing@blizzard.com.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

The Battle.net Support Team 
Blizzard Entertainment
Online Privacy Policy

Other active scams including a "7 days free access offer", "investigations on the sale/trade of your game account" and various "compensation" emails.  I have also started to see scams for LOTRO and RIFT.  You know that you have made it as an MMO when you see active phishing scams - sad, but true.

Learn more about the mechanics of these scams.