World of Warcraft is among the most popular games around and it seems that of late, it has been attracting plenty of malware and phishing attacks.
Phishing scams and attempts to lure users with fraudulent promises are not uncommon. Blizzard's popular game seems to be the latest victim.
World of Warcraft Phishing Scam: Promises In-Game Pets
The phishing scam impacting World of Warcraft was first spotted by researchers at Malwarebytes Labs. The researchers have noticed two variations of the scam and believe that there could be more, which remain undetected.
"A phishing campaign currently in circulation is attempting to bait World of Warcraft with the promise of free in-game pets," note researchers at Malwarebytes Labs.
This finding could act as a wake-up call for gamers and a reminder to not fall for such tricks. The lure of getting freebies in a game may be strong, but gamers should not put their accounts at risk.
This scam basically steals a player's gaming rewards and credentials, by promising them free in-game pets as gifts, which are allegedly bought for the player by their friends. If a player falls prey, they stand to lose items, gear, and gold. It will be too late by the time one realized this is a scam, as the damage is already done.
How Does The Phishing Campaign Work?
The scam's first step is to send an email to gain access to the user's credentials. A typical email sent in this scam reads — "You are receiving this e-mail because Your friend has purchased World of Warcraft In-Game Pet: Brightpaw for you as a gift!"
One is required to enter their email ID and password to gain access to the free gift.
"Claim Your Gift. To claim your gift, enter your Gift Key on the Battle.net? Account Management. You'll be sent to the download page afterwards, if needed," coaxes the email from the scammers.
Another malicious email from the scammer reportedly reads "WoW mount mystic rune sabre" is available.
Once the scammers have the user's credentials on them, they can easily access the account and steal available data.
How Long Has The Scam Been Going On For?
The emails have been sent with the old Battle.net logo, which leads to a probability that this phishing scam has been continuing for quite some time, even before Blizzard changed its services.
It is interesting to note that the phishing emails have been marked with the Battle.net domain, which was Blizzard's online game portal. Now that Blizzard has switched Battle.net to its gaming platform, it is impossible that the gaming service would continue sending emails.
What Should One Do?
The malicious email should be deleted or moved to the spam box immediately. Players need to stay mindful of the fact that they should never open such suspicious links, or enter their user credentials.