Phishers are targeting World of Warcraft users with a scam that promises free in-game pets.
Malwarebytes has detected two email-based versions of the scam so far.
The first variant claims a friend has purchased a flying mount named “Mystic Runesaber” for the email recipient in World of Warcraft (WoW), a mass multiplayer online role-playing game which has seen its share of phishing schemes in the past.
The second variant uses the same ploy for another in-game pet called “Battlepaw.”
“You are receiving this e-mail because Your friend has purchased World of Warcraft In-Game Pet: Brightpaw for you as a gift!
Claim Your Gift
To claim your gift, enter your Gift Key on the Battle.net? Account Management. You’ll be sent to the download page afterwards, if needed.
Enjoy!
Blizzard Entertainment?”
The scam would be more convincing if question marks didn’t follow “Battle[dot]net” and “Blizzard Entertainment,” two identities with which WoW players are intimately familiar.
Blizzard Entertainment, the maker of World of Warcraft, long used Battle.net as an identity for its networking technology.
But in September 2016, the gaming company announced its decision to transition away from the name to fully embrace “Blizzard” as its new identity. This change appears to affect the company’s name only; Blizzard says that “Battle.net technology will continue to serve as the central nervous system for Blizzard games – nothing is changing in that regard.”
Not surprisingly, the “Claim Your Gift” button doesn’t lead to Battle.net or another site associated with Blizzard. Instead it leads to this mouthful-of-a-location that prompts users to enter their gaming credentials:
us(dot)battle(dot)net(dot)login(dot)login(dot)xml(dot)account(dot)support(dot)password-verify(dot)html(dot)legion-game(dot)xyz/login/en/login(dot)html
Gamers can protect against phishing emails the same way as ordinary users.
First, they should review unexpected emails containing offers for suspicious indicators (e.g. those telling question marks).
Second, they should inspect the sender email and links contained in the email for suspicious locations.
Doing so will help reveal whether a friendly companion or tech support frustration await on the other end of a URL.
If you hover the cursor over the address the phishing email comes from it will reveal "battle.com". The real email address Blizzard uses is "battle.net".