Friday, January 25, 2008

WoW Phishing


We know to be wary of emails asking for our Banking password, but would we be as wary of an email asking for our WoW Password?

WoW Phishing Noteworthy
Phishing emails aren't new, and neither are WoW phishing emails. But they're now prevalent enough for security software companies to take note. Last week Trend Micro highlighted a recent trend to target WoW players in their blog (via securitypronews).

Blizzard talks account security in this "Support Article" which shares that:

The vast majority of account compromises originate from one of three sources:

1. "Spoof" websites and emails
2. Downloading hacks, cheats, or other executable content
3. Sharing account information and/or using power-leveling services


I guess it's just a matter of time before we see this:



The above fake, pretend, mocked up, imaginary, parody of a WoW mail item (let no one say I wasn't clear) is modeled on an example of one spoofing for ebay account info. It uses a trick or two I learned while researching how to identify fraudulent emails - particularly from this paper Anatomy of a Phishing Email, which included tricks I had never heard of before - highly recommended.


WoW Account Management is Easy
And one last note - To date, World of Warcraft has always done a fine job of making logging into my account an easy task from their home page. Navigation within "Account Management" has also been a cinch, so hopefully I will never feel that it would be easier to just click the link in the email rather than go to worldofwarcraft.com myself.