Beware of Blood Elves selling mounts
by Robin Torres 
Jun 4th 2009 at 7:00PM
A friend of mine recently got hit by a pretty devious phishing scam targeting wealthy (in-game) players looking to make legitimate purchases. My friend, we'll call him Cobra, was in a major city when an offer in the Trade Channel caught his eye. A player, we'll call him Bubbles, was offering a Spectral Tiger Mount for 5000 gold. Since this mount is only available as a code on a rare loot card, Cobra contacted Bubbles to inquire. Purchasing codes for in-game items with in-game cash is perfectly legitimate, according to Blizzard, so Cobra did not worry about going against the TOS with this transaction.
Bubbles, a level 78 Blood Elf Mage, seemed legitimate. For one thing, he was not a throwaway low level character. Also, he didn't want to take the cash then, but just see it in a trade window to make sure Cobra was in possession of it. So Cobra gave Bubbles his email address only and waited for the email that included the code and a link to where to input the information.
Bubbles, a level 78 Blood Elf Mage, seemed legitimate. For one thing, he was not a throwaway low level character. Also, he didn't want to take the cash then, but just see it in a trade window to make sure Cobra was in possession of it. So Cobra gave Bubbles his email address only and waited for the email that included the code and a link to where to input the information.
Cobra was in-game on one computer and clicked on the link on a separate computer. The link went to a page that looked exactly like the non-Battle.Net account page. He logged in and it took him to a page that looked exactly like the official Blizzard code entry page that he had used when he entered his Polar Bear mount code from last year's BlizzCon. After three tries of trying to register the code he had received, he noticed that his other computer had disconnected from WoW.
When he tried to login again, he was told that his account was now associated with a Battle.Net account and that his username and password were no longer valid. It just so happens that all of this was done during a break at work, and Cobra works with his guild leader, who we will call TSU. Cobra walked over to TSU's desk and asked him to logon and see if he was logged in. Sure enough, he was. So TSU immediately demoted Cobra's character.
Unfortunately, TSU did not get a screenshot, but here is what happened next.
Hacker: What did you do that for?!?
TSU: You're a hacker.
Hacker: How do you know?
TSU: Because the real player is looking over my shoulder.
Hacker: O HAI!
Cobra was able to get in touch with Blizzard support and get his account back within 20 to 30 minutes after it was compromised. About 10K gold from various characters and all of his gems were gone. Also, some of his other items were on the Auction House. His gear was still intact and he was able to raid that same evening, so the damage was far less than others who have been hacked.
But wait! There's more! As I write this, Cobra's account got hacked again. Not only did the phishing site take his old account info, it downloaded a keylogger to steal the new account info. They logged into his character and started the scam all over again by spamming Trade Channel with the same Spectral Tiger Mount offer.
Using a server-known, high-level character (hacked from a previous transaction) for the initial communication and asking to only see the cash is an excellent way to both look legitimate and only get targets who have enough money to be worth further effort. Trusting a link in an email rather than going to the site directly was Cobra's biggest mistake and ultimately how his account was compromised. Having an Authenticator would have helped in this situation, but this kind of scam circumvents most other basic account security measures.
In general, if you want to conduct account related business (for any account, not just WoW), get to the website yourself and use trusted links only. And, please, don't buy gold. If these hackers didn't have a market to sell their ill-gotten goods, then they wouldn't waste their time devising these scams in the first place.
Be careful out there!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Mounts, Account Security
Reader Comments (Page 1 of 7)
Infneon Jun 4th 2009 7:14PM
This happened with a guild member recently too, first we knew about it was him spamming trade trying to sell the tiger mount and requesting a large sum of money out of the guild bank. We contacted the real owner immediatly and he can't put his finger on how his account was jacked.
To make matters worse, when he tried to log back into his account, they had attached an authenticator to the account, royally screwing him over
RogueJedi86 Jun 4th 2009 7:28PM
Attaching an authenticator? That's just low.
Of course you know what the real lesson in this is? Blizzard needs to stop offering out of game methods to get in-game items. If all the TCG items were available from rep factions or whatever in-game, you'd never see Spectral Tiger scams or whatever.
Verit Jun 4th 2009 8:21PM
#rogue
Or you could make them purchasable via blizzard's store.
RogueJedi86 Jun 4th 2009 8:55PM
But if you did that Verit, you'd see scams where people would be selling them for cheaper than Blizz store, luring people in yet again.
Alchemistmerlin Jun 5th 2009 1:46AM
Oh please, this had nothing to do with Blizzard offering in-game items out of game and everything to do with someone being too dim to have proper safety precautions in place. All he would have had to do was look at his damned address bar before entering his info, AND furthermore he should have had some sort of Malware protection in place against that keylogger.
mitch Jun 5th 2009 4:02AM
@ rogue's second comment. If you bought via the online store they would be linked directly to your account (ie. soulbound to your account from the moment your money clears) so the fear of re-selling (and thus scamming) is eliminated.
Xavs Jun 4th 2009 7:15PM
Wow.
Somebody thought that one out pretty well.
I mean, it's horrible that someone got their account taken, but still whoever came up with that was pretty clever.
VSUReaper Jun 4th 2009 7:15PM
Basically, if ANYONE is trying to sell a mount card in game, and they dont direct you to an ebay page with a paypal set up, then its a fraud. I almost got hacked myself a few weeks ago, but something seemed fishy when I was inquiring about it.
In short, buy from legit sites, not in game.
Tural Jun 4th 2009 7:15PM
The 'selling Spectral Tiger' is an absurdly old scam, and I'm not sure why anyone would trust someone, regardless of their level, guild, anything, to sell it for a price like 5k, when the card goes for hundreds of dollars on eBay.
Tethra Jun 5th 2009 12:52AM
This. I didn't know people still fell for that. On my server, whenever someone spams trade chat trying to sell the tiger, a bunch of people reply with "Scam!" It's a pretty well-known scam, so I'm surprised people still take the chance.
QQinsider Jun 5th 2009 12:41PM
Yeah, I don't have a lot of pity for anyone that falls for this olde scam tbh. Even less for those that don't use basic malware protection that can be had for free.
jp Jun 4th 2009 7:15PM
Genious!
Frapter Jun 4th 2009 7:18PM
"And, please, don't buy gold. If these hackers didn't have a market to sell their ill-gotten goods, then they wouldn't waste their time devising these scams in the first place."
^ This. When people justify buying gold by saying that it hurts no one, that it just makes the game more fun and actually encourages gold flow on a server, that it's all just Chinese guys in a warehouse overseas farming elementals and doing dailies I get so mad because its just NOT TRUE.
Think about it. If you were trying to make money by selling gold would you spend hours farming or would you try to scam other people of the money they already worked for?
Buying gold encourages the stealing of another person's time and effort. Sometimes it's hard to empathize with another person's loss when they are anonymous internet-goers, but try to remember that on the other end of the network are real people who love their characters and love the game as much as you do. Would you steal their gold personally? Even if it was their fault for being careless? (If your answer is "yes" because "they deserve it" perhaps you deserve your gold being taken away because you are a jerk :( )
sterny Jun 4th 2009 8:19PM
Hey Frapter, just so you know this is all wrong what you have just said. I happen to have bought gold and during the process asked for screenshots, and guess what? Oh I just happen to see that it is a Chinese copy of windows!!!! Yes that's right, there are some legitimate gold buying sources (yes I see the eula irony of that)!!!
Woif Jun 4th 2009 8:44PM
@sterny ya know... they could have oh I don't know. Took them in advance? Changed the settings to Chinese?
Torrix Jun 4th 2009 10:53PM
I honestly think that what Frapter said should be more widely spread to give people an understanding on what farmers are really doing and how they really attain their gold.
Shrike Jun 5th 2009 1:27AM
Sterny... "legitimate gold buying services"? Gold buying is illegitimate by nature (as well as by the EULA). Sure, there is a slim possibility that some Chinese player actually ground for that gold and is now selling it, but it is just as possible that you purchased from a Chinese hacker. Either way, what you did was stupid. It hurts other players and encourages a disruptive and game-degrading business enterprise.
damon.kf90 Jun 5th 2009 9:17AM
This is not true. My cousin was hacked due to a keylogger and they would trash and milk every character he had except for one, who had mining. He would use this character to farm. If they farm the money or not, they've taken from other people. It's not like they have their own account to send the gold because they would be banned. They use hacked accounts. And they WAS a Chinese farmer because we got the account back and locked down with parental controls after the third time of being hacked and the idiot sent an email saying, "Tell me you parental control password please. I give it back in 5 hours." And there was some Chinese writing on the bottom of the email.
By the way, anyone know what is a good way to get rid of a keylogger?
Dere Jun 5th 2009 10:06AM
@damon.kf90
Spybot Search and Destroy should help you with that.
jjcoola998 Jun 5th 2009 12:01PM
loloolololololololollol