Beware of WoW Armory phishing scams [Updated]
by Robin Torres 
Jan 15th 2010 at 1:00PM
Update 1:10pm: Google seems to have removed the site from their sponsored listing in the short time since I wrote this post. Kudos! Nonetheless, there are and will be more sites using the same technique, so the warning remains valid.
Do not go to the following site: armory-worldofwarcnaft.com/wowarmory/, it is evil. Notice the n in warcnaft? You may not when you are clicking on it in your search page or when it shows up in your address bar. And that's what they are counting on. Because the rest of the site looks authentic. When you type in what you want to search for, you get asked for your Battle.net info. Then, no matter what you type in, it gives you a password error. (I typed in profanity. It was fun.) They have stolen all of the elements of the actual Blizzard pages, so that if you want your login page in other languages, just a click of the button will get you there. But don't. It's evil.
So let's say you do fall for this (many people are) and you don't have an authenticator... The next time you log into WoW, there will be an authenticator on your account. You'll have to call up Blizzard Support, convince them you are you, and work with them to get your account back. And the whole time you're doing it, someone is fondling your characters, hocking your bank contents and disenchanting your gear. They may even use your good name to scam someone else.
Please double check where you are anytime a site asks you for your account information. These social engineers are clever, so your safest best is not to search at all for official WoW pages. Just go to WorldofWarcraft.com and navigate to where you need to go.
And please, please, please get an authenticator, either in keyfob form or via your mobile. The pet is adorable and the added layer of security is relaxing. Don't wait for the possibility of them shipping with Cataclysm. Get one now and play in safety.
[Thanks to all those who sent this in.]
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Account Security
Reader Comments (Page 1 of 5)
Caliea Jan 15th 2010 1:07PM
Maybe Google has already wised up to this? I searched WoW Armory (as if I could resist) and it came up with the legit site.
Great info though - thanks for reminding us of how easy it would be to get scammed.
percinho Jan 15th 2010 1:29PM
Sorry to hijack the first comment but there's an EU version of this and it'd be good if you could add it to the post.
The correct EU address is eu.wowarmory.com but the first sponsored link starts eur.wow... and is a similar scam, if not the same one. One of our guildies fell for this at the turn of the year.
For us Brits, it's also worth bearing in mind that there's no 'u' in an American armoury, so beware if you search that way.
Cheers.
Hone Melgren Jan 24th 2010 1:58AM
@percinho
It's actually safer to use the Armory link on the front page of the world of warcraft site.
http://www.wow-europe.com top right hand side of the front page .
Also up the top on every official forums page as well.
Tidycat Jan 15th 2010 1:10PM
This is not true, I just did a Google search and the real wow armory comes up first as well as the next 3 organically and I received no paid adwords site.
Hone Melgren Jan 17th 2010 12:18AM
Point is Tidycat you should not be googling for the Armory at all. You can get to it at the top right of any official Blizzard page (eg the front page or the forums page). There's an armory link at the top right there.
Crystal Jan 15th 2010 1:08PM
Awwww, I must have not been the only one to send this in... no credits for the tip!
Nicknin10do Jan 15th 2010 1:08PM
I lold at everything goin to the login page
But I use opera and opera had my name and password saved so I just have to hit one button.
It doesn't show that I have a name and password for that site so I know im pretty much safe if I go to a wrong site or not.
LandMineHare Jan 15th 2010 1:35PM
I sure hope you're talking about hitting one button to type your info into the page, and not one button to enter the page.
Even if you don't TYPE your information in, it still submits whatever is in the field to the scammers.
Slog Jan 15th 2010 1:44PM
He is saying that his info wasn't in the fields whatsoever, and thats how he knew it was fake, because the actual login page has his info save for that site only, not for some site resembling it.
Tamednan Jan 15th 2010 1:08PM
It might be best to not even put the url to the evil armory site.
pinkysan Jan 15th 2010 1:28PM
i agree, don't list the actual URL, or at least obfuscate it a little, maybe like how people do "email [at] example [dot] com"
and seriously, please do NOT even visit, let alone try to login with a profanity as a password. There are many exploits that can infect you by you just seeing an image or run some javascript. And even if you do it on a computer that you don't play wow on, as long as you are in the same network, whatever they infect you with could reach into your other computers.
It's best to just stay away.
Boz Jan 15th 2010 1:53PM
Oh, I disagree: I think every WoW.com reader should visit the site and overload the damn thing. Die, Phishing site, DIE!
ecwfrk Jan 15th 2010 4:12PM
If they hadn't, then there wouldn't currently be at least one program spamming that site with 100s of fake passwords per minute via 1000s of unique IPs from all over the world via proxy servers making it a lot harder for them to discern the legit passwords of tragic fools from the fake passwords of a bot. :)
Eudeyrn Jan 16th 2010 2:45PM
HAHA, I'm behind 7 proxies!
jfofla Jan 15th 2010 1:09PM
The General Forums are filled with "I got hacked posts". Since the Hilt was added to the game the need for in game gold has skyrocketed. Gold sellers have stepped up account stealing at an alarming rate.
I don't care who you are. I don't care how careful you are. I don't care how smug you are.
You need an Authenticator.
ZMES_Matt Jan 15th 2010 1:17PM
^^^This!^^^
I can't tell you how many smart, computer literate people I know that are 100% aware of every phishing scam out there and still got a trojan on their computer that stole their account. I know someone that could practically write an operating system if they wanted to and still got their account hacked; the very next day I put an authenticator on my account.
Zhiva Jan 15th 2010 1:25PM
6 words: "We cannot ship to this address".
wdm+hall Jan 15th 2010 1:26PM
You do need an authenticator however this may not have saved you if you logged into the fake armory using it (depending on how fast these jerks are). Does anyone know if they were asking for authenticator numbers or not in this scam?
Tinwhisker Jan 15th 2010 1:30PM
@Zhiva
I had a guildy in the same situation. I bought his Authenticator for him and he sent me some money.
Muse Jan 15th 2010 1:32PM
Authenticator will not prevent you from falling for a phishing site. It will prevent the scammer from using your account, but it will not automagically give you +100 int or make your firewall telekinetic. It's a good last line of defence for the "oh, crap" accidents, but it is NOT A SUBSTITUTE for caution.