Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBeware of WoW Armory phishing scams [Updated]
by Robin Torres 
Jan 15th 2010 at 1:00PM
Update 1:10pm: Google seems to have removed the site from their sponsored listing in the short time since I wrote this post. Kudos! Nonetheless, there are and will be more sites using the same technique, so the warning remains valid.
Do not go to the following site: armory-worldofwarcnaft.com/wowarmory/, it is evil. Notice the n in warcnaft? You may not when you are clicking on it in your search page or when it shows up in your address bar. And that's what they are counting on. Because the rest of the site looks authentic. When you type in what you want to search for, you get asked for your Battle.net info. Then, no matter what you type in, it gives you a password error. (I typed in profanity. It was fun.) They have stolen all of the elements of the actual Blizzard pages, so that if you want your login page in other languages, just a click of the button will get you there. But don't. It's evil.
So let's say you do fall for this (many people are) and you don't have an authenticator... The next time you log into WoW, there will be an authenticator on your account. You'll have to call up Blizzard Support, convince them you are you, and work with them to get your account back. And the whole time you're doing it, someone is fondling your characters, hocking your bank contents and disenchanting your gear. They may even use your good name to scam someone else.
Please double check where you are anytime a site asks you for your account information. These social engineers are clever, so your safest best is not to search at all for official WoW pages. Just go to WorldofWarcraft.com and navigate to where you need to go.
And please, please, please get an authenticator, either in keyfob form or via your mobile. The pet is adorable and the added layer of security is relaxing. Don't wait for the possibility of them shipping with Cataclysm. Get one now and play in safety.
[Thanks to all those who sent this in.]
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Account Security
Reader Comments (Page 3 of 5)
Strahl Jan 15th 2010 1:27PM
+1 internets and vote up for making me chuckle.
Tamednan Jan 15th 2010 1:26PM
LOL, took me a second, had to go up an nenead the post.
Tanzier Jan 15th 2010 1:27PM
Straw, meet camel's back. Just installed the mobile authenticator app on my iPhone and added it to my account. Having to get up and get my phone everytime I want to play WoW FTL .. not having my account hacked (Despite the fact that I'm not a moron and don't fall for stuff like this) FTW.
Sothe Jan 15th 2010 1:28PM
I ordered my Authenticator last week. (hopeing it is waiting for me at school)
But it says it can take up to 15 days!!!
Right now I am all panicked I will get hacked the day before I get it......
But at least I am getting one...Will not lose my stuff!
Barinthos Jan 15th 2010 1:47PM
After reading this article I ordered 2 right away. My wife and I play quite often and I couldn't begin to imagine how much i'd hulk out if I or she got hacked.
Of course I wanted to get them for a while now but this article really just reminded me and today was pay day too lol.
Slog Jan 15th 2010 1:47PM
Ordered mine right before xmas, it said 15 days, came in 3 days.
Muse Jan 15th 2010 1:34PM
Bah. I've made it a point to always look up URLs on google just because scammers so often have the typo-names of the sites listed, and I'm paranoid about writing the address wrong.
RogueJedi86 Jan 15th 2010 1:36PM
I'm not trying to imply anything, but the fake armory scam link mentioned in the article? It was registered in China, just like all the goldspam I get. I won't say all Goldfarmers are Chinese or anything, but a lot of the phishing sites are registered there.
Pat Jan 15th 2010 4:35PM
And?
zweitblom Jan 16th 2010 5:05AM
Well, it's obvious, the Chinese want to play WoW, duh...
Sinfulle Jan 15th 2010 1:39PM
Agree with suggestion about possibly removing the offending URLs from article. No telling if some of them contain keyloggers. The advice of not searching Google(or other search engines) for account log in pages should suffice. I'm glad this scam was brought out into the open.
Namy Jan 15th 2010 1:46PM
I wish you hadn't said 'fondling your characters...' lol.
I've just realised that the thought of my gold and gear disappearing isn't as bad as the thought of my poor priest being run around by some random gold seller, noooo! I'm glad I've got an authenticator, fondle that you swines! ; )
Sehvekah Jan 15th 2010 11:48PM
Is it bad that the first thing I thought of when reading 'fondling your characters...' was a female Draenei Priest? I don't even have one, let alone know why I would think that...
OK, that's a bit of a lie. I'm a guy and I know *exactly* why I would think that, but you'd think that part of my mind could, you know, take a five-minute break or something.
Halgrimur Jan 15th 2010 1:49PM
Is the "Authenticator", in its digital version, available only as an iPod/iPhone exclusive? I live in Russia, but because I've been playing since May '05 I play on EU servers. Getting the game cards has been enough of a problem, and I don't have an iPod/iPhone that I could download the app to. Just checked out my battle.net account and can't seem to find the "Buy Authenticator" section. It would be grand to see a version of the authenticator for Symbian S60v5 (the OS my Nokia N97 runs), but I guess the probability of that are predictably low.
Minehowe Jan 15th 2010 2:45PM
If you're who I think you are, look me up in game. If there's a problem shipping an EU authenticator (keyfob type) to where you are, I'm willing to order one and send you it.
Mine
Halgrimur Jan 15th 2010 2:54PM
yes Mine, I am who you think you are.... Unfortunately, right now I cant afford to keep up with my subscription charges , but will get in touch as soon as I can... Strange to see you here, didn't think anyone from Lagbringer read WoW.com :D
Minehowe Jan 15th 2010 3:45PM
I've been seeing you on the comments, wondering if it was you ;) I have a new main, I suppose you'd call her, now, but ask in guild and someone will know where I am.
And hope to see you back soon :)
Neirin Jan 15th 2010 1:55PM
Reason #972 to get an authenticator: someone can't hijack your account by adding one.
Krick Jan 15th 2010 1:59PM
I got two fake Blizzard emails in the past week. The first was an "Account Change Notice" and the link inside looked correct but when you mouse over it, it was actually pointing at www.worldofwarcraft-secure.com. The second email was titled "Worldofwarcraft Account Issue" and the link again looked correct, but when moused over actually points to www.worldofwarcraft-admin.com. I meet people all the time who don't understand the concept of "HTML" email and have no idea that a clickable link can display as one thing on the screen yet actually point at a totally different site. I think *THIS* is how the majority of people get hacked.
In addition to mousing over links before blindly clicking on them, here are two more things that can help keep you more safe...
1) Set up your router to use OpenDNS as your dns provider ( http://www.opendns.com/ ). OpenDNS actively blocks known phishing sites.
2) Use Firefox 3.x + AdblockPlus plug-in instead of Internet Explorer.
RogueJedi86 Jan 15th 2010 3:19PM
I got a phishing mail yesterday that went to worldofwarcioft.com, funny. They're making dozens of sites to try to trick people. It seems like the goldsites get fiercer every day, with all these sites. You'd wonder what's going on to make them try so hard. Is their supply low, the demand high, what?
Oh and of course I didn't fall for the phishing mail. It doesn't hurt that EVERY time I get a phishing e-mail, it goes to my hotmail, which IS NOT the e-mail account tied to my WoW. I don't think I'd be getting WoW account admin e-mails to an e-mail address not tied to my account. :P Never gotten one for my WoW account, though I have gotten quite a few attempts to reset my wow password. They don't have access to my wow account e-mail though, so I don't know wtf they're trying to do there.