Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag phishing

Watch out for Warlords of Draenor phishing scams

With another expansion looming on the horizon, there's another round of phishing scams and emails designed to trick you into giving up your account information. With this kind of scam, you get an email or visit a website that's so much like Blizzard's that you wind up typing in your login information, which the scammers then use to pick your account clean. Though you may think this is the sort of thing people only fall pray to when they aren't paying attention, phishing scams get more sophisticated -- and harder to recognize -- every day, so you need to keep your guard up.

Take this Warlords of Draenor phishing scam reported by Malwarebytes as an example. It starts off with an email that's formatted like a message from Blizzard saying you've won a free copy of Warlords -- which is really where you should get suspicious. Once you click on the link in the email, you're sent to a perfect copy of the Battle.net login screen where you're asked to enter your login information as well as your secret question and answer before you can redeem your free copy... but of course the scammers just run off with your info without giving you a thing.

To avoid being had, always check the header to see where an email has come from -- Blizzard emails will only come from an @blizzard.com address -- and if an offer sounds too good to be true, contact Blizzard directly to ask about it. For more tips on avoiding phishing, check out the support page on phishing scams.

Filed under: Account Security, Warlords of Draenor

Reminder: Watch out for Mists of Pandaria beta invite scams

Email notifications for the Mists of Pandaria beta have started arriving in people's inboxes -- and this means that we'll likely see an upswing in beta invite scams, as well. If you have received an email stating that you've been invited to participate in the Mists beta, be aware of the following:
  • Don't click any link in the email. Blizzard will never ask you for your account information via email, nor will it usually provide any kind of link to click on.
  • Do head to Battle.net. Type the URL into your browser (don't follow a search or email link) and use the secure login on that page to log into your account.
If you have been invited for the first round of Mists beta, you will see your normal World of Warcraft: Cataclysm account listed under your game accounts -- and underneath that, you will see a listing for World of Warcraft: Mists of Pandaria Beta. If you do not see a link to the Mists of Pandaria beta under your game accounts, you are not in this round of testing, and the email you were sent was a fake.

The same applies with beta keys as well. If you receive a notification with a beta key, do not click on any links in the email. Go to your Battle.net account as listed above, head to Manage My Games, choose Add or Upgrade a Game, and manually enter the beta key. If the beta key works, you're in; if it doesn't work, you may have been the recipient of a fake key.

Remember, any time there is a beta or a trial period for a new game, there will usually be an upswing in attempts to nab accounts, too. Keep your account safe -- and if you made it in the beta, have fun!

It's open warfare between Alliance and Horde in Mists of Pandaria, World of Warcraft's next expansion. Jump into five new levels with new talents and class mechanics, try the new monk class, and create a pandaren character to ally with either Horde or Alliance. Look for expansion basics in our Mists FAQ, or dig into our spring press event coverage for more details!

Filed under: Account Security, Mists of Pandaria

The Queue: The one with goombas

Welcome back to The Queue, the daily Q&A column in which the WoW Insider team answers your questions about the World of Warcraft. Alex Ziebart will be your host today.

Today is a very special treat. We have your standard-length Queue, plus I answer a very exciting bonus trivia question that has nothing at all to do with World of Warcraft! But you will love it, my gamer pals. You will.

Camero asked:

In the past week, I've recieved four emails from "Blizzard" all asking me to do something in order to get a Winged Guardian License. I just wanted to confirm that's not true.

Read more →

Filed under: The Queue

Blizzard posts new account security guide

Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure.

To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.


Filed under: News items, Account Security

Security Warning: Phishing emails on the rise

Recently, Polar over at Securing WoW wrote about the latest phishing email being sent out by scammers. Account thieves are using the 2010 Arena Tournament as a way to lure you to their site to steal your login info. (Registration for the tournament ended on the 27th continues until June 7.) This is typical behavior by these crooks. Every time a Blizzard event is announced or even rumored, from the Cataclysm alpha to the StarCraft II beta, scammers take advantage it with legitimate looking emails. With the Cataclysm beta almost upon us, the expansion related phishing is going to get even worse.

But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones.

Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.

Read more →

Filed under: Account Security

New scam targets the WoW Launcher

A post in the official forums today, later confirmed by a blue, points to hackers attempting to take advantage of a new avenue to attack the user -- the World of Warcraft Launcher.

As you can see from the screenshot above (large version here) the real launcher apparently is replaced with a fake launcher that sends the user to a web site that pretends to be official, asking for subscription information (including answers to secret questions and the original CD-Key) in what is meant to appear as the means to restore a supposedly suspended account. One of the telltale signs that this isn't legit, besides the very invasive information requested, is the version number in the upper left corner of the screen. We're way past patch 3.1.1 -- however not everyone might know this.

Ancilorn posts confirming that this is not genuine (reiterating that they will never ask for your password in such a manner, and also requesting that such things be sent directly to Blizzard if they happen to you). Goes to show that as security is increased, those looking to breach it become more desperate.

Filed under: News items, Account Security

StarCraft II beta is live. Beware of scams!

People are getting actual StarCraft II beta invites, but that doesn't mean that all beta invites (or any other emails that look like they are from Blizzard) are real. If you got an email saying that you have been invited to StarCraft II: Wings of Liberty, don't click anything in that email. Instead take the following steps:
  • Type battle.net into your browser (no typos) and it will go to the secure battle.net site appropriate to your region.
  • Enter your account info.
  • Under Manage My Games, choose Add or Upgrade a Game.
  • Enter the Beta Key provided in the email where it says Enter Game Key.
  • Press Add Game.
If you are able to successfully add the game to your library, then you received a real beta invite. If the email tells you to go someplace else for the beta key or the key provided did not work, then you received a phishing email.

Read more →

Filed under: Blizzard, Account Security

How to tell if a GM is whispering you

A guildie got the above whisper Tuesday night. (I have blocked out the website so as not to promote this phishing attempt.) We have reports of this happening to a lot of people in-game right now as yet another attempt to get you to go to a site, so they can steal your login info and defile your characters.

Let's dissect the above whisper:
  • It's one whisper made to look like two. This will work if your chat settings match the scammer's chat settings, but if you've fiddled with your font or chat window, then the formatting will be off and the scam will be more obvious.
  • The whisper is from a garbage name. All "players" I've seen with random characters have been scammers or gold selling barkers. So anything after such a name should be considered highly suspect.
  • It says [Game Master]GM. The scammers aren't even trying here. Blizzard GMs have names and have <GM> before their names.
  • It sends you to a non-Blizzard site. Don't go to any website you get in tells or in-game mail as a general rule. If you have received a ban of any kind, you will receive an email to the account you have on file with your subscription info.

Read more →

Filed under: Analysis / Opinion, Account Security

Help! My account has been hacked!

There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen.

Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.

Read more →

Filed under: Blizzard, Account Security

Beware of WoW Armory phishing scams [Updated]

First things first: the correct address for the WoW Armory is wowarmory.com. Bookmark it. Memorize it. But don't ever, ever search for it again. We've talked before about how misspelling searches can get you into trouble. But even if you spell WoW Armory correctly when Googling, the first sponsored site that shows up is a phishing site -- and it's a really good one.

Update 1:10pm: Google seems to have removed the site from their sponsored listing in the short time since I wrote this post. Kudos! Nonetheless, there are and will be more sites using the same technique, so the warning remains valid.

Do not go to the following site: armory-worldofwarcnaft.com/wowarmory/, it is evil. Notice the n in warcnaft? You may not when you are clicking on it in your search page or when it shows up in your address bar. And that's what they are counting on. Because the rest of the site looks authentic. When you type in what you want to search for, you get asked for your Battle.net info. Then, no matter what you type in, it gives you a password error. (I typed in profanity. It was fun.) They have stolen all of the elements of the actual Blizzard pages, so that if you want your login page in other languages, just a click of the button will get you there. But don't. It's evil.

Read more →

Filed under: Analysis / Opinion, Account Security

In defense of care packages and mandatory authenticators

If you read WoW.com with any regularity, you probably saw and read our pieces on Friday discussing some rather curious policies Blizzard has recently instituted. There are two in particular that I'd like to discuss further: The care package for hacked accounts and the possibility of mandatory authenticators.

First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.

Read more →

Filed under: Analysis / Opinion, Blizzard, Account Security

You are not invited to the Cataclysm alpha

In the wake of yesterday's rumor that the Cataclysm Friends and Family alpha will be starting this Tuesday, January 12, we should expect an increase in scammers trying to get your account details by offering phony alpha invites. We saw a lot of these for both Burning Crusade and Wrath of the Lich King as well, and some of them were very well crafted.

At this phase of Cataclysm's development, though, it will be comparatively easy to keep yourself safe. Since this is a friends and family alpha, if you don't have friends or family that work at Blizzard, you will not get an invite. Therefore, anyone offering you one is trying to pull a scam. Basically, everyone who's going to be getting legitimate access to the alpha should know who they are already. Everyone else, sit tight and stay tuned to WoW.com for the latest on WoW's next chapter.


World of Warcraft: Cataclysm will destroy Azeroth as we know it. Nothing will be the same. In WoW.com's Guide to Cataclysm you can find out everything you need to know about WoW's third expansion. From Goblins and Worgens to Mastery and Guild changes, it's all there for your cataclysmic enjoyment.

Filed under: Expansions, Account Security, Cataclysm

Malware targeting gamers gets some mainstream spotlight

Those vicious and despicable malware authors are targeting gamers, according to BBC.

I know, big whoop, right?

The news article reports on something many World of Warcraft players have known for years -- that viruses, phishing sites, trojans, and all those dirty tech terms have us gamers smack in the middle of their digital crosshairs. The findings are a result from a study by Microsoft, which tracked the exceptional growth of a family of worms called Taterf.

The programs have been around for some time now, snooping around players' computers for login details to various games with in-game currency. World of Warcraft players are juicy targets because of the remarkably large player base and existence of the gold-buying industry which Blizzard has actively warned and fought against. While the findings are nothing new, they only serve to confirm our fears about the growing threats to our accounts.

WoW.com has been big about account security for awhile, and it's nice to see the mainstream media begin to show some attention to the matter.

Filed under: Analysis / Opinion, Odds and ends, Account Security

PSA: Don't get scammed by Cataclysm phishing


No, what you see above is not the logo of the (probably) upcoming World of Warcraft: Cataclysm. It's the graphic being used by a phishing site that's been making the rounds lately and we've received a number of emails about. To make sure everybody is completely clear, if you see the logo above, the website you're visiting is absolutely not legit. There are no Cataclysm Alpha invites going out to the public, and certainly not Beta invites. When Blizzard kicks off a beta, we'll be sure to tell you. And even better, Blizzard will be sure to tell you. Until that happens, please be careful about what you click on. The pre-expansion period is prime time for phishing attempts.

Naturally, even if that's not the graphic you see, you should be wary of Cataclysm-related phishing sites. There are quite a few right now, and they will even grow more numerous after BlizzCon. Be mindful of the sites you're linked, be careful where you enter your WoW account information, as well as your personal information. I know we've said it many times before, but we really can't say it enough. Don't do anything silly, and if you want to be absolutely sure that you don't do anything silly, grab yourself an authenticator if you can. If you can't get the physical authenticator, there's always one of the mobile authenticators.

Filed under: Account Security, Cataclysm

Popular scams and how to avoid them


We have a lot of reports of scams coming in to our tip line and many of us are receiving the same phishing emails you are. Even Scott Kurtz from PvPOnline was tweeting about getting one the other day. These scams can be initiated via email to any one of your email addresses. Or they may start in game. Regardless of where they attack you, most of the scams require some form of social engineering to get your info and therefore access to your in-game valuables.

What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.

Read more →

Filed under: Analysis / Opinion, Account Security

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories

Joystiq

Massively

Engadget