Guest Blog // Selected Security Content Provided By Sophos
What's This?
10:19 AM
Graham Cluley
Graham Cluley
Security Insights

Phishing In A World Of Warcraft

Hackers are once again targeting players of the fantasy game "World of Warcraft" in an attempt to steal passwords and other game credentials.

Hackers are once again targeting players of the fantasy game "World of Warcraft" in an attempt to steal passwords and other game credentials.Emails intercepted by researchers at SophosLabs, pose as official communications from World of Warcraft developer Blizzard Entertainment but are really intended to lead players to a phishing website.

Phishing email claiming to come from the makers of World of Warcraft

Players of what is claimed to be the world's most popular MMORPG (Massively Multiplayer Online Role-Playing Game) may be tempted into clicking on a link to receive a sneaky preview of new game functionality.

By the way I was a little perplexed as to what the "mounts" referred to in this attack might mean. It turns out that in the fantasy online universe of World of Warcraft, you're not just limited to riding on horseback. If it takes your fancy (and if your online character has the right attributes) you might choose to ride a wolf, a ram, a gryphon or some other fantastical creature.

Of course, clicking on the link is not a sensible move as game players will be taken to a bogus website asking for their World of Warcraft login details.

Fake World of Warcraft website

Keyloggers and password-stealers targeting on players of World of Warcraft are definitely not a new phenomenon. The techniques may change, but the effect is still the same.

Last year, in a trick pinched from an increasing number of online banks, Blizzard introduced an authentication fob that produces a one-time six-digit number that can be entered at login alongside the user's regular username and password. But until use of such devices is mandatory there will still be many online accounts putting themselves at risk of compromise.

Game players would be wise to remember that if something sounds too good to be true (free gold, free weapons, free expansions), it invariably is too good to be true.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.