WoW Phishing via StarCraft II August 2, 2010
Posted by Wilhelm Arcturus in Blizzard, Diablo III, entertainment, World of Warcraft.Tags: Account Security, Battle.net, Blizzard Authenticator, Blizzard Store, Phishing, Something for Nothing, StarCraft II
trackback
I have to give some points for ingenuity on this one.
My inbox this morning had this email in it:
Subject: Blizzard Store Order #87859 – StarCraft II®: Wings of Liberty™
Date: Sunday, August 1, 2010 10:22 PM
From: “Blizzard Entertainment” <WoWAccountAdmin@blizzard.com>
Hello, thank you for shopping at the Blizzard Store!
StarCraft II®: Wings of Liberty™: 9744253649464714451160736
To use this key to activate the game, simply follow these instructions:
- Create a Battle.net account (or if you already have one, log in) at [Bogus URL]
- Verify your e-mail address. (If you have previously verified your address, skip this step.) From the main Account Management page, click the ‘verify this e-mail address’ link. Then, check your e-mail account for a verification e-mail. Click the link in this e-mail to verify your e-mail address.
- Return to the Battle.net account management page, then click on ‘Code Redemption’.
- Enter the above CDKey in the code field.
- Once you have successfully redeemed this code, you will be able to play the game.
NOTE: If you have previously chosen to gift your digital purchase, attaching this key to their Battle.net account will prevent you from being able to redeem this key with your Battle.net account.
===================================
Purchase Receipt
===================================
Customer Account: [Not my Battle.net email address]
Order Date: 2010-8-2
Order #: 1882359(1) StarCraft II®: Wings of Liberty™ – $59.99
Credit Card Number : ****-****-****-8089
Credit Card Type : Visa
Item Subtotal: $59.99
Tax: $0.00
Shipping & Handling: $0.00
Shipping Tax: $0.00
Grand Total: $59.99
===================================If you have any questions or concerns about your order, please contact us at:
Phone: Toll-free at (1-800-592-5499)
Website: http://us.worldofwarcraft.net/accountLive phone support is available seven days a week, 8:00AM – 8:00PM Pacific Time.
Thanks for shopping with us!
Blizzard Customer Service
Now, I knew I had not ordered a copy of StarCraft II, so my first thought was, “Hey, did somebody buy me a copy? Cool!”
Wishful thinking, I know, at $59.99 a pop, but I had just rolled out of bed.
And then my sleep addled brain began to pick out the dubious details of this email.
The “from” address jumped out at me first.
I have seen “WoWAccountAdmin@blizzard.com” at the top of a lot of phishing attempts. Plus Blizzard would never be so sloppy as to send something from a WoW focused account for a Blizzard Store transaction. Those are two different groups in the company. The Blizzard Store uses “sales@blizzard.com” as the from address for all transactions that I have seen.
That lead me to parse the email again, which lead me to the bogus URL for account activation. Standard operating procedure for a phising attempt.
And, to top it off, as usual, the whole thing was directed to a “customer account” email address which is my email address, but not one I use for a Battle.net account.
The email looked pretty good though. I was tempted to try and enter that product key.
I went and compared the email to other receipt emails from the Blizzard Store I have tucked away from items I have purchased, and it was first pass close to the real thing. One other flag: Blizzard always uses my first name in the salutation. Something to remember.
Ah, well… no free copy of StarCraft II for me today.
Here we are starting to see the price of Blizzard rolling up all of their games into Battle.net for administration. The same account I would use for StarCraft II also lets me into World of Warcraft. And the same will no doubt be true when Diablo III rolls around.
Now, having the Blizzard Authenticator, I am covered… or more so than somebody without the authenticator. But still, everything that might send somebody to log into Battle.net is a potential hole that phishing scams will try to exploit.
That is a pretty good phishing attempt, and I don’t doubt they will nab many many WoW accounts using it. Thankfully I already have SC2 and barely read my e-mails so I should be fairly safe from phishing attempts like this, but still.
It is, as you said, a clear indicator of just how much weaker Blizzard has made account security by rolling everything up under a single account. The fact that it’s an e-mail address is just icing on the cake.
On the plus side, I was chatting with a real life friend while he was in SC2 and I was in WoW (and vice versa), so the real ID thing is good for something at least. Have I changed my mind on its implementation? No, it’s assinine. Do I think chatting across games is cool? Yes.
Wow,<–no pun intended, I am impressed at the effort. I feel sad for the those that don't investigate and end up a victim.
"Ah Ha!, very well played minion of the dark. You have cast your spell of deceit and debauchery, but I have thwarted you with my……thwartness…" etc etc…
A for effort but my boot in your butt if I find you…
That is a nice attempt actually. We always think of scam emails being done by lowlife scum, but I bet there is enough money in it to attract some top-tier talent, at least anyone willing to earn it in less-than-honest means.
It’s a great attempt. Good cons (like this one) often appeal to a person’s greed in order to get them to overlook caution.
Rule of thumb: There are no free lunches.
I’m amazed at how many junk mails I get about trying to steal my WoW account info. Even better when it’s email addresses that aren’t even linked to my WoW account. Even more amusing when I see an Aion one and I’ve never even touched the game. Thankfully Google and Microsoft do a good job with spam filtering.
But you should go buy StarCraft II, the campaign is amazingly good. One of the best gaming experiences I’ve ever had.
Finally some spam that got me going for a few minutes…