Criminals seeking valid players logins for MMORPGs have turned their phishing attention to the best-known presence in online gaming.
|Phishers Griefing World Of Warcraft Players|
“We are writing to inform you that, unfortunately, we have had to temporarily suspend your World of Warcraft account and place a final warning on it,” one sample email published by Trend Micro reads. A link in the phish leads to a fake login page.
“The trend that pushed the proliferation of numerous Trojan spyware attempting to steal online game accounts and passwords is catching on in the phishing arena,” wrote Trend Micro’s Bernadette Irinco. “The real profit generated by (these) virtual worlds are just too powerful lures.”
Another phishing scheme that circulated in 2007 invited the recipient to participate in a beta test for the forthcoming Wrath of the Lich King expansion. A legitimate invite to such a test would be immensely seductive to a dedicated player.
However, its masked link led to a typical fake login page, where the criminals would gather a player’s credentials for nefarious purposes. They will steal a player’s goods and sell them for gold in-game.
WoW’s single-factor authentication may be in need of an update to a two-factor scheme. We imagine companies that offer two-factor solutions would love to be the ones to sell security fobs branded with a World of Warcraft logo.