Phishing Scheme Targets World of Warcraft Players

Watch out, someone is leeching your mana!

Phishing is here to stay. No matter what, there’s always a way to trick people into thinking that in fact they are talking to a different person than a bunch of attackers on the lookout for illegitimate gains. This week saw an interesting phishing wave aiming at players of World Of Warcraft™, world’s most famous MMORPG.

Blizzard Entertainmnen

Fig. 1. Phishing message – Note the misspelled sender’s name and fake domain name you should log into.

The scheme unfolds like this: you receive in your inbox an apparently well-intended and above all a professional e-mail announcing you that you have been the victim of an abuse: “An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded” and “If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated”.

And this is the bait, and the probability that you are soo likely to get your account terminated might make you miss all the signs spelling PHISHING SCHEME: misspelled company name (Blizzard Entertainmen instead of Blizzard Entertainment®) or the forged domain name hosting the so-called login page.


Fig. 2. Fake login page hosted on a Chinese web server. It is the exact copy of the genuine one.

All you are asked to do is visit a given webpage that looks and feels like the one you’re using regularly, and then log in so as to save your account from banishment. Once you’ve successfully complied with the attacker’s request, your account and password will be added to a database and your character will most probably be sold to another eager player, or will be stripped off of its valuables and ditched. Shortly put, your account will be sold and traded…..exactly what you were told it had happened.

BitDefender Antiphishing intelligence reveals that, since the beginning of the year, phishing attacks targeting World of Warcraft customers rank third, immediately after PayPal™ and eBay®.

In order to keep your account information safe and shielded from any kind of web-based attacks, we have developed TrafficLight, a free, lightweight, stand-alone & cross-browser security application based on the BitDefender® scanning technology.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.