Why it matters to you
World of Warcraft players who are targeted by this scam could lose access to their Blizzard account, or worse.
World of Warcraft may not be able to boast the player count that it amassed during the peak of its popularity, but it’s still one of the most well-populated MMOs around. Now, there’s evidence that phishers are specifically attacking fans of the game with a new email scam.
This phishing attack centers around emails that are purportedly sent by World of Warcraft developer Blizzard Entertainment — although of course this is not actually the case. The correspondence claims that the recipient has been gifted an in-game pet by another player, and offers them a link that they can follow to claim the gift.
The link leads to a login screen where users are encouraged to enter their Blizzard account credentials, according to a report from Graham Cluley. However, a close check of the URL would reveal that it’s a veiled attempt to capture personal information, rather than an official site.
More: This is what the Warcraft sequel will be about … if they decide to make it
There are currently two distinct versions of this phishing scam doing the rounds. One offers players the chance to grab an in-game pet known as Brightpaw, while the other yields a flying mount called Mystic Runesaber. Both of these creatures are real in-game items that can be purchased through legitimate means.
World of Warcraft players should remain vigilant about any emails they receive that claim to be from Blizzard. The examples that have been spotted in the wild contain telltale clues, like random question marks placed into text, and the fact that the URL recipients are sent to isn’t on the company’s official website.
Phishing attacks ultimately rely on the user’s poor judgement, so it’s crucial to know who’s receiving your credentials when you enter them into a web form. These scams don’t work if the target doesn’t take the bait, so it’s best to maintain a healthy sense of skepticism when it comes to unexpected gifts landing in your inbox.