Jul 28, 2010

Oh those tricksy phishers...

A cautionary tale, for you denizens of the cyberworld.

I used to be a WoW player. I suspended my account last month because I realized I hadn't logged in for more than 20 or 30 minutes total in the preceding two months, and not much more prior to that. (All my characters and items remain, waiting for me to pick them up again - probably around the next expansion.)

Today, I got an email, ostensibly from Blizzard Support (@blizzard.sales.com - red flag), regarding a faction change for one of my characters. Oh really, says I? Perhaps my account got hacked after I suspended it - it's possible, if not necessarily likely.

I read further.

There's a link to a "transaction status" page... that goes to a domain outside blizzard.com (red flag). (I saw that before clicking, thanks.) One of the items they list is, "If you did not make this transaction, you should immediately check your account to prevent character lost." Character lost (red flag)?? There's another link, supposedly to worldofwarcraft.com, but hovering on it reveals it pointing to that same outside domain (red flag).

I pulled headers... "Mailed-by: hotmail.com" (red flag). Last I checked, Blizzard had their own mail servers. ;-)

Out of curiousity, I ran a WHOIS on the outside domain. Sure enough, comes back to "shun li, zhengzhou, CHINA" (red flag).

The first thing that really made me wonder, though: this was sent to an email address that was never associated with my WoW account (red flag).

Spammers, scammers, and phishers are getting MUCH more sophisticated, folks. This email had ONE error in grammar or spelling - one that could be easily chalked up to someone typing quickly without proofing. The links were masked, there is also a link to a legitimate Blizzard site, and someone who was not paying VERY close attention could easily have clicked through and given their password to ... someone in China.

No comments: