Tag Archives: Phishing

Friday Bullet Points – Numbers, Pokemon, and Phishing

Another Friday morning when I have a half a dozen almost done posts in my drafts folder, but no real drive to finish any of them.  So time for some bullet points.

Such Super Data

I do enjoy when SuperData Research puts out another blog post with titles ranked by revenue.  They just posted one for June.

SuperData Sez - July 2016

SuperData Sez – June 2016

Of course, I enjoy their charts for odd reasons.  They are, in their own way, very effective trolling devices.  I can already predict a SynCaine response to this.

And then there are the questions raised.  What defines an MMO?  What defines a P2P MMO? (SWTOR claims to be F2P, right?) And, finally, how the hell is FarmVille 2 even a thing?  Is Zynga still a thing?

NCsoft Numbers

NCsoft put out their Q2 2016 earlier this week.  You can find them at their investor relations site.  The PDF summary is the usual 10 pages, with everybody’s favorite chart on page 4.

NCsoft revenue by title - Q2 2016

NCsoft revenue by title – Q2 2016

The surprise of the quarter is WildStar, which revived with a more than 40% boost in revenues over Q1’s all time lows.  Of course, WildStar’s revenue number is still pretty small.  GuildWars 2 dropped by more that 6.5 times the WildStar total and still pulled in 7 times as much revenue.

The numbers are in millions of South Korean Won (KRW), which makes the WildStar total about 2 million USD for the quarter.

Meanwhile, it looks like GuildWars 2 is going to be feeling some pressure to release another box and, as always, the 1998 title Lineage rules the revenue roost for NCsoft

(Hat tip to MMO Fallout)

Pokemon Nation Championship Restrictions

The 2016 Pokemon National Championships are being held not too far from where I live… just up in San Francisco… and Nintendo has asked me not to show up.

Pokemon come to Baghdad by the Bay

Pokemon come to Baghdad by the Bay – By Invite Only

Due to the limits of the venue and the popularity of the event, no outsiders or random visitors will be allowed in to view the competition.  So that is that.  Nothing can keep you from going up to SF to hang out, but if you think you’ll be seeing some sort of Pokemon competition, you had best plan on running it yourself.

Also on this front, the whole Championship series is undergoing changes for 2017 as well.

New Eden Phishing and Seabeasts

CCP has an alert out on a phishing scheme going about, with emails pretending to be from support asking players to log into their account via a dubious link.

Know your login pages

Know your login pages

So, you know, don’t do the dumb.

On the upside, CCP also announced that the Matigu Seabeast SKIN is now available in the New Eden store for a variety of Caldari hulls.

And that is about it for Friday.  The weekend approaches.

Blizzard Isn’t Giving You a Free Copy of Warlords of Draenor

[Edit added Apr 28, 2016: Unless of course they are, as noted here.]

More on the phishing front.  This arrived in my spam folder with the incongruous subject line:

Gift-Boost a character to Level 90 when you pre-purchase Warlords of Draenor!

That sounds like an announcement asking you to buy the expansion, but the graphic inside purports to have a code for a free copy of the expansion.



This looks to be built on the same template as the Reaper of Souls phishing attempt I mentioned back in January.  The game key is likely just as valid, which is to say not valid at all.

Of course, the most egregious part of the whole thing is the statement that the expansion will go live at noon on December 20, 2014.  I am not sure some of us can wait that long.

Blizzard Isn’t Giving You a Free Copy of Reaper of Souls

We have a new Blizzard release coming up.  In this case it is the Diablo III expansion, Reaper of Souls, which is due out on March 25 of this year.

And, as seems to happen with all such Blizzard releases, email scams are beginning to show up.  I have seen one in particular show up a couple times now, so I thought I would pass it along as both warning and humor.

I think the first hint that this was a scam was the message title.

Diablo III: Reaper of Souls now Invite you to join!

Say what you will about Blizzard, broken English just isn’t one of their faults.

Then there was the come-on part of the pitch, the bait to get you to fall for it.  In this case, I must admit they might be on to something, as they gave you a big string of characters and claimed that this code would enable Reaper of Souls on your account.

Go ahead, try the code

Go ahead, try the code

Usually they just tell you to click the link to get the game.  Here they have a code for you that they say you have to redeem on your account.  And, of course, a handy bogus link to a Battle.net look-alike site where they will steal your account information and use it to strip your account bare.

As is often the case, all of the other help and support links point to legitimate Blizzard sites, but the key one is a trap.

So be wary.

Much Panda Phishing of Late

The WoW related phishing scam of the moment… because there always seems to be one going at any given time… is related to the Mists of Pandaria beta.  I have been seeing a lot of these in my inbox over the last few weeks.  They seem to be coming in at the rate of at least one a day here.

It is safe to click on this one…

And, as with higher quality phishing attempts, it looks good, isn’t full of typos or malformed English, and all of the visible links are legitimate.  But if you click on that PLAY FREE NOW button, you get sent off to worldofwarcraftqrt.tk or some other similarly bogus URL.

Of course, since I already have access to the Mists of Panda beta via the one year commitment deal, there wasn’t a chance that I would fall for this.  Plus they keep coming in on an email address not associated with my Blizzard account, always a warning sign.

Oddly, all of the bogus URLs I have seen are for the .tk top level domain, which apparently has a reputation for being scam and spam central.  I wonder how the ~1,500 people in Tokelau feel about that?

The Most Wiley WoW Phishing Attempt Yet…

Talking with my daughter about BlizzCon and Pandas and Pokemon companion pet battles naturally raised the level of interest in World of Warcraft around the house.

And, hey presto, what should show up in my mail box but an offer for seven free days of World of Warcraft!

Come play for free!

I mean, I get offers like this from games now and again.  I have even gotten such offers from Blizzard.  So no alarms went off in my head… not right away.

And then, as I clicked on the button, I realized that I was not looking at the email inbox associated with my Blizzard Battle.net account.  This was the email account where I only every get PHISHING ATTEMPTS.

Fortunately, the site had already been flagged as a forgery.

Web Forgery Alert!

Sure enough, I went back to mouse over the “PLAY FREE NOW” button and the URL is directed me to was obviously bogus, something I would have normally noticed if I had not been in something of a BlizzCon state of mind.  They hit me at just the right moment.  The phishing attempt literally came in about 30 minutes before I opened up my email.  But I was saved from any potential trouble by the good people at Mozilla.

This is why I tell my wife and mother-in-law not to use Internet Explorer

Though it does make me wonder how much those good people at Mozilla know about my browsing habits, and that if they are watching, that site I was at the other night after my wife went to bed was a total accident.  I was looking up one of the works of W. Somerset Maugham and how I ended up on that other site is a complete mystery to me.

Anyway, be wary and look at those URLs before you click!

The Drop in WoW Subscribers Means Changes All Over…

Rather than the usual round of WoW phishing attempts, I have seen a batch of these lately…


It has come to our attention that you are trying to sell your personal RuneScape account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled…

All with the same message, the same badly disguised bogus URL, and all delivered to the same email address that gets all my WoW phishing attempts.  (Which, of course, is NOT the email address I use for WoW or Battle.net.)

No doubt handiwork of the same trolls.

Of course, I’ve never played RuneScape, so this is even less worrying that WoW phishing.  Oh no, an account I never had in the first place is in danger of being banned!

RuneQuest, Yes, RuneScape, No

Meanwhile, in the same batch of email, I received a note from Perfect World Entertainment, makers of… nothing I can recall ever playing.  I guess they are publishing Torchlight now, which I have played.  But I did not buy it from them.  Still, at some point I created an account there, I just cannot remember why.  It certainly wasn’t for Rusty Hearts and a discount gamepad.

That email said:

You are receiving this email because your account may have been accessed without your authorization. We have changed your account’s password and are requiring you to change your password before you can log back into our games. Please go here to reset your password:

And there was a URL below on which you were invited to click.  Only this one looked legitimate.  I still didn’t click on it, going rather directly to the Perfect World site and resetting my password via the interface they provide there.

I wonder if Perfect World has some sort of incident or if this was just another, slightly more clever phishing attempt.

How about for you?  Any rise in non-WoW related phishing attempts at your end?

Were you getting that many WoW related ones in the first place?  At one point I was getting one or two a day.

A Message for You from Biizzard

No, that title is not a typo.

When we were on Saturday night, mid-instance, we all got this tell.

And for about half a second it looked authentic.  The URL provided was the first red flag.

Seconds later, trying to figure out how this was done, we noticed the spelling of the name from which the tell was sent.

I was impressed and surprised.

Impressed because they managed to string together three sentences in reasonable English, rather than the crude, Google translate supplied sort of message to which I have grown used AND realize that “Biizzard” looks a lot like “Blizzard” at first glance.

And surprised because I would have thought Blizzard might have blocked out all of the corporate sounding names from the name database at character creation.  And I am also a bit surprised that the name Biizzard was even available on our server at this late date.

In case you were wondering what Blizzard in-game messages should look like, we have this tweet from BlizzardCS.

I Can Get You In The Cataclysm Beta, I Swear!

Already amusing today, now that the beta is closed and Cataclysm is just a couple days out, this sort of phishing attempt is going to transition to comedy gold on December 8th.

Subject: world of warcraft: Cataclysm Beta Test Invitation!

Get those opt-ins ready for the World of Warcraft: Cataclysm closed beta! The sundering of Azeroth is nigh, and you don’t want to be left out in  the cold of Northrend when you could be enjoying the sun-drenched beaches on the goblin isle of Kezan. To ensure you’re opted-in and eligible as a  potential candidate, you’ll need a World of Warcraft license attached to your Battle.net account, have your current system specifications uploaded  to the Battle.net Beta Profile Settings page, and have expressed interest through the franchise-specific check boxes.

Get the Installer – Log in to your Battle.net account:[bogus URL]

** IMPORTANT ** To avoid graphical bugs and other technical issues, please ensure your video card drivers are up-to-date.

Enjoy the game!

Blizzard Entertainment, Inc.

Remember to make sure your video card drivers are up to date.

Warcraft World Tour allows you to be more happy, presented prizes!

Or so the subject line of this latest phishing attempt read.

But, in a change up, the pitch was presented much more graphically than usual.

Be more happy!

We Acknowledge A Mistake!

The apparent premise of this phishing attempt is that, somehow, Blizzard has deleted my account and cannot recover it.  Yeah, right.

So Blizzard has created a new account for me with 20,000 gold coins (pshaw! a mere pittance these days!) and the always useful for phishing attempts X-53 Touring Rocket, spelled correctly this time.  Of course, the link to the account heads to a URL with the word “batt1e” in it, Blizzard always going with leet speak for their URLs.

The dead give-away in the attempt?  The line “we acknowledge a mistake.”  When was the last time you heard a customer service rep say that without having to pile on the evidence ad nauseum?  I think it is standard procedure in all call centers to get supervisory approval to use any phrase like that.

Meanwhile, the email service that these phishing attempts have been landing in is reporting to me that there have been a lot of failed logon attempts for my account.

Coincidence?  I think not.

A Clue as to Who is Phishing? Do You Think?

I saw the title of this message in my inbox… the inbox on an account that I seem to get all my WoW related spam, but which is not the email address I use for WoW… and figured it was another phishing attempt.

Still, I am always looking for the most egregious abuse of the English language by spammers, so I took a peek at the prose.

An behold, it was not a phishing attempt!

Subject: World of Warcraft Account Administration

From: Blizzard Entertainment <wowacoountadmin@blizzard.com>

Dear customers and friends

[Gold Selling Site] is the professional power leveling company for games as WOW and other MMO’s. With a long history  and a solid ,strong technical force, we have the most professional power leveling skill, favourable after-sale service, and a very low price,100% safety with pure handmade.

With the coming of  World of Warcraft- Cataclysm, storeingame will have more discounts activities. Far more low price, together with consummate skill, absolutely cost & value to satisfy.

What are you waiting for? Come and join us!

Yours sincerely,

[Gold Selling Site]

It was from a gold and power leveling site instead.

Only it followed the very same pattern as almost every phishing attempt I get, with a bogus Blizzard subject and return address, and it was sent to the same email address as all the others.

Do you think, just maybe, that gold sellers are the ones stealing our accounts?

Okay, I guess we had all figured that out already, but it is nice to see a strong correlation to between the two just to remove any doubt.

You give these people your account information for power leveling and you can expect somebody to try and hack.

Safety with pure handmade indeed!