Phishers target World of Warcraft users with fake in-game pet offer

No faithful companions here! Just loads of frustration...

Phishers targeting World of Warcraft users with fake in-game pet offer

Phishers are targeting World of Warcraft users with a scam that promises free in-game pets.

Malwarebytes has detected two email-based versions of the scam so far.

The first variant claims a friend has purchased a flying mount named “Mystic Runesaber” for the email recipient in World of Warcraft (WoW), a mass multiplayer online role-playing game which has seen its share of phishing schemes in the past.

The second variant uses the same ploy for another in-game pet called “Battlepaw.”

World of warcraft scam

You are receiving this e-mail because Your friend has purchased World of Warcraft In-Game Pet: Brightpaw for you as a gift!

Claim Your Gift

To claim your gift, enter your Gift Key on the Account Management. You’ll be sent to the download page afterwards, if needed.


Blizzard Entertainment?”

The scam would be more convincing if question marks didn’t follow “Battle[dot]net” and “Blizzard Entertainment,” two identities with which WoW players are intimately familiar.

Blizzard Entertainment, the maker of World of Warcraft, long used as an identity for its networking technology.

But in September 2016, the gaming company announced its decision to transition away from the name to fully embrace “Blizzard” as its new identity. This change appears to affect the company’s name only; Blizzard says that “ technology will continue to serve as the central nervous system for Blizzard games - nothing is changing in that regard.”

Not surprisingly, the “Claim Your Gift” button doesn’t lead to or another site associated with Blizzard. Instead it leads to this mouthful-of-a-location that prompts users to enter their gaming credentials:


Gamers can protect against phishing emails the same way as ordinary users.

First, they should review unexpected emails containing offers for suspicious indicators (e.g. those telling question marks).

Second, they should inspect the sender email and links contained in the email for suspicious locations.

Doing so will help reveal whether a friendly companion or tech support frustration await on the other end of a URL.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


One Response

  1. Bill Bolton

    March 29, 2017 at 3:50 pm #

    If you hover the cursor over the address the phishing email comes from it will reveal “”. The real email address Blizzard uses is “”.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.