Fake Diablo III invitation sends your gaming account straight to hell

Hack-and-Slash Diablo III adventure ends up just with... hack

The long awaited Diablo III has just hit Beta stage and an envied few registered gamers are being blessed with an official invitation from Blizzard to test play it.

However, a lot more players are being cursed – with fake Diablo III beta testing invitations designed to try and trick overly enthusiastic gamers. If you receive invitations that “congratulate” you for being among the few to test the game, but ask you to reply with the log-in details of your Battle.Net account, you’d better don your AV armor.

Fig.1 Fake Diablo III beta test invitation

Diablo III has been expected since its announcement in mid-2008. With such anticipation, it’s easy to understand why the victims – too happy and hasty in front of such opportunity of being amongst the first to play the game – may end up sending the e-mailers account credentials. Armed with the credentials, most likely, the attackers will change the password and e-mail address to lock the authorized user out of their account, and sell it on underground Asian market places.

Other spam e-mails feature links to a spoofed page that perfectly imitates the genuine Diablo 3 page, where they are required to fill in a simple form with account login credentials. The result: their accounts will be stolen.

Spam e-mails are not the only lures Diablo III enthusiasts should avoid these days. Another mid-sized spam wave intercepted by Bitdefender revealed a newsletter-like scam that directs the user to web shops offering a wide palette of games, and even the possibility of pre-orders for some soon-to-be-launched games. These newsletters contain links that will lead the victim to a simplistic landing page with half-priced offers for games that will never be sent to the enthusiastic buyer.

Fig. 2 Newsletter advertising games at half-price

If you manage to keep your calm when you read such e-mails, analyze them attentively for typos and hover over the URLs to check the domain addresses in the lower left corner of the webpage, you should be set.
For your safety, you are advised to follow these simple practices:

-    When shopping for games, manually type in the complete URL on your PC. It is preferable to use your own computer or one that is not publicly shared and to use a secure Internet connection (home Internet or 3G modem will do just fine)

-    avoid clicking on links and never send your account password via e-mail or attached forms. No service provider should ask for this information, as they already have it

-    check the invitations with officials from Blizzard; keep in mind that the genuine invitation asks you to log-in to your Battle.Net account and you are not supposed to click on any links
-    use an antivirus solution with anti-spam and anti-phishing modules.

This article is based on the technical information provided courtesy of Adrian MIRON, Bitdefender  Spam Analyst and Catalin LITA, Bitdefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.