Phishers target World of Warcraft users with fake in-game pet offer

No faithful companions here! Just loads of frustration…

David bisson
David Bisson
@

Phishers targeting World of Warcraft users with fake in-game pet offer

Phishers are targeting World of Warcraft users with a scam that promises free in-game pets.

Malwarebytes has detected two email-based versions of the scam so far.

The first variant claims a friend has purchased a flying mount named “Mystic Runesaber” for the email recipient in World of Warcraft (WoW), a mass multiplayer online role-playing game which has seen its share of phishing schemes in the past.

Sign up to our free newsletter.
Security news, advice, and tips.

The second variant uses the same ploy for another in-game pet called “Battlepaw.”

World of warcraft scam

“You are receiving this e-mail because Your friend has purchased World of Warcraft In-Game Pet: Brightpaw for you as a gift!

Claim Your Gift

To claim your gift, enter your Gift Key on the Battle.net? Account Management. You’ll be sent to the download page afterwards, if needed.

Enjoy!

Blizzard Entertainment?”

The scam would be more convincing if question marks didn’t follow “Battle[dot]net” and “Blizzard Entertainment,” two identities with which WoW players are intimately familiar.

Blizzard Entertainment, the maker of World of Warcraft, long used Battle.net as an identity for its networking technology.

But in September 2016, the gaming company announced its decision to transition away from the name to fully embrace “Blizzard” as its new identity. This change appears to affect the company’s name only; Blizzard says that “Battle.net technology will continue to serve as the central nervous system for Blizzard games – nothing is changing in that regard.”

Not surprisingly, the “Claim Your Gift” button doesn’t lead to Battle.net or another site associated with Blizzard. Instead it leads to this mouthful-of-a-location that prompts users to enter their gaming credentials:

us(dot)battle(dot)net(dot)login(dot)login(dot)xml(dot)account(dot)support(dot)password-verify(dot)html(dot)legion-game(dot)xyz/login/en/login(dot)html

Gamers can protect against phishing emails the same way as ordinary users.

First, they should review unexpected emails containing offers for suspicious indicators (e.g. those telling question marks).

Second, they should inspect the sender email and links contained in the email for suspicious locations.

Doing so will help reveal whether a friendly companion or tech support frustration await on the other end of a URL.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “Phishers target World of Warcraft users with fake in-game pet offer”

  1. Bill Bolton

    If you hover the cursor over the address the phishing email comes from it will reveal "battle.com". The real email address Blizzard uses is "battle.net".

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.