Skip to Content
6-10-2009 @ 4:11PM
The scammer doesn't need to know if you have an authenticator before he sends the phishing link. He can have box under the username/password boxes and say to only enter the authenticator code if you have one.If people are falling for the phish, chances are they won't think twice about the authenticator code box being there even though they dont have an authenticator attached to their account.
6-10-2009 @ 4:58PM
The person who has an authenticator and falls for this is a moron - you can't "have box under the username/password boxes and say to only enter the authenticator code if you have one" because the screen where you enter your authenticator code only comes up after your username and password have been entered. You put in the username, password, hit 'log on' and then a new window pops up for the authenticator code. Anyone who uses the authenticator would have to be superbly foolish to fall for the scam of having them on the same login screen.
6-10-2009 @ 5:42PM
a more authentic way would be for the site victim enters their details send those same details to an actual blizzard account management site, and if it is prompted for the auth code, then ask for it.This would be done by code, so the victim wouldn't know it was done.It wouldn't be too hard to do, just need some http parsing by the server code to know what to look for in each case.This way, it would also be possible to prompt a victim for the correct log in details [uname/pwd] if they entered them incorrectly.
6-10-2009 @ 8:25PM
"Anyone who uses the authenticator would have to be superbly foolish to fall for the scam of having them on the same login screen."If they have come as far as even seeing this phishing screen, don't you think a small detail like this will just be ignored? I mean, to get this far, you have to be seriously mentally challenged.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.