Typically, one associates phishing schemes with online banking passwords and related issues. Commtouch Labs recently reported on a brand new scheme involving the popular online role playing game, World of Warcraft (WoW). Apparently once an account is hacked, there is money to be made by selling a user’s “gold,” equipment, and even the account itself. There are several different sites set up for WoW players to buy and sell their wares; level 80, for example, can go for more than $170 US.
The attack includes an email with subjects like: World Of Warcraft-Account Instructions, World of Warcraft Account Management, World of Warcraft Account Trade Dispute Notice and of course, World of Warcraft – Account Password Change Notification.
The links within the emails all lead to mock log-in screens at various URLs that are similar to “wolrdofwarcraft,” but not quite. An example landing page is pictured below; entering ANY email and password in the fields redirects to the real WoW community site.
Read more about this new phishing scheme on the ComputerWorld blog of Amir Lev, Commtouch president and CTO.