We have a lot of reports of scams coming in to our tip line and many of us are receiving the same phishing emails you are. Even Scott Kurtz from PvPOnline was tweeting about getting one the other day. These scams can be initiated via email to any one of your email addresses. Or they may start in game. Regardless of where they attack you, most of the scams require some form of social engineering to get your info and therefore access to your in-game valuables.

What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.

His con works for 3 reasons:

1. He seems respectable. He is a well-dressed, articulate, minor celebrity. With this veneer of respectability, he is able to get the initial information and subsequently convince the victim, Nancy, that the forgotten nerd sitting next to her at school has sprouted into a catch.
2. The victim sees value in what the con artist is offering. Nancy wants to date a celebrity or at least a successful man and is therefore both available as a victim and incautious with her information and actions.
3. The victim is unaware that the information has been stolen. In the case of this movie, she cannot remember any previous iterations of the day.

The WoW related scams work for the same reasons. Here are the most popular ones right now:

Your WoW account is under investigation
An email gets sent to one of your email addresses (not necessarily the one you have attached to your WoW account) that says something like: "An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded." The email either asks you to email them your account information or it includes a link to an official looking phishing site designed to steal your info. This is essentially the same scam that has been going on for a while. It comes from what looks like a respectable source, though the only valid email would be wowaccountadmin@blizzard.com without any double "v"s or misspellings. You value protecting your account, so you give your info to this supposedly trusted source. They then use your info to steal your account.
Avoid by: Calling Blizzard directly. If your account is really under investigation, Blizzard will tell you on the phone. For more details, please see this post from Blizzard about fake emails.

In-game mail from a misspelled guildie
You receive mail from a player whose name is spelled very similarly to a guildie or friend -- perhaps with a special character or off by one letter. The mail includes a website to go to for a special deal or to look at a picture or something similar. The site either contains a keylogger or it is a phishing site. Again, when this con works, it is because it is from a source you trust (a guildie), it contains value for you (guildies often send you to interesting websites) and, if you are incautious, you are unaware that your information has been stolen until after it is. This one grabs a lot of active guildmembers because guildies often have hard to spell character names or even alts that are just misspelled versions of their mains.
Avoid by: Verify any in-game mail you get that contain external links by checking your guild roster. Also, you should have an in-guild policy that limits external links to the member restricted area of your guild forums only. In all cases, don't enter your account information unless you go to the Blizzard website directly and scan your computer daily/nightly using any of the freely available virus/malware scans.

Invite/promote request from a misspelled guildie
This one targets your guildbank and not your account. You receive a whisper, from someone who is again spelled very similar to a guildie, to have his alt invited and promoted. The imposter then cleans out your guildbank. You are basically being punished for being a considerate guildie in this situation.
Avoid by: Make sure that all invite requests come from someone in your guild roster. A quick look at your online list will show you if that person is online and will allow you to compare the names. Also, keep a category in your guild hierarchy specifically for alts that does not have access to the valuable tabs in your guildbank. It is only a mild inconvenience for main members to mail their alts anything they need.

Spectral Tiger Mount for sale in tradechat
A high level, server-known player offers up a Spectral Tiger Mount (or any other highly valuable, tradeable in-game loot) for sale at a price that is high enough to be believable, but low enough to be tempting. When contacted, the seller only asks to verify you have the gold before agreeing to send you the code via out of game email. The email contains a code and a link to a phishing site. Your account is then hacked, cleaned out and used to scam the next person. This scam gains a lot of credibility by using hacked accounts that are high level to conduct the transaction. A lot of otherwise careful players are taken in because the excitement of a great deal causes them to be incautious. For further information on this scam, read an interview with one of the actual scammers.
Avoid by: Always be extra careful when a deal seems too good. While there are legitimate sellers of these valuable items at good deals, they will usually conduct the transaction in-game. Again, only go to the Blizzard account sites directly -- never click a link in an email.

Helpful links in the comments and forums
Some of the links in the official forums and the comments here at WoW.com have been put there specifically by shady social engineers to lure unsuspecting readers into a trap. The links go to sites that contain keyloggers that download while you are loading the site. Or they are phishing sites designed to steal your information. We delete the comments that contain them when we catch them, but we don't always catch them.
Avoid by: It is safest to never click on a link in the comments or forums. But if you think it is to a trusted site, then type in the address manually, just to be safe.

Goldsellers and leveling services
Captain Obvious laughs at players who are surprised to learn that the underhanded companies offering services that are against the ToS are the same ones who are hacking accounts. Where else do you think the gold is coming from? The easiest marks for these companies are the people who use their own services, since they are voluntarily giving their information and Blizzard won't protect them.
Avoid by: Don't buy gold! Seriously. Earning gold and leveling your characters get easier with each patch. And if you think that goldbuying is a victimless activity, just scroll up and re-read. These scams wouldn't exist if there weren't a market for their stolen goods.

WoW scammers (and the most common real world criminals) need your cooperation to get your account info, so the biggest hole in your account security is you. Protect your personal data at all times. And use safety nets for when you make mistakes, like regular virus scanning and the Authenticator.

Play Safe!

---

Tags: featured, griftah, hacker, phishing, scam, scams, security, social-engineering

Filed under: Analysis / Opinion, Account Security