IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.
A blog from V3.co.uk

« Mozilla admits critical Firefox flaw | Main | Barnet Council loses details of 9,000 children »

World of Warcraft users targeted in new phishing attacks

More proof emerged today that phishing attacks are not solely confined to the financial services space, as Panda Security revealed several new campaigns targeting World of Warcraft players.

In a blog post today, the vendor's technical director Luis Corrons highlighted the phishing emails designed to lure users into clicking on a malicious link. This link takes the user to a fake log-in page where they are asked to enter their username and password.

"As you have seen, the attack could be considered pretty good, both the message and the web site looked as if they were real, so we can assume that these are smart cyber criminals with high skills," he explained.

"But we know there are a lot of phishing kits out there, and that there are easy ways to accomplish these kind of attacks, so anyone could be able to do this."

These kinds of attacks are particularly dangerous given that many computer users use the same user name and passwords for multiple accounts, potentially giving the phishers access to online banking and other accounts.

Corrons added that the criminals, it turned out, were not so smart as they allowed the Panda research team to access their own database of stolen credentials.

Apparently, most of the scammed WoW players were using their email addresses as user names.

"I bet that the password used for WoW is the same one they are using for each and every online service (mail, Facebook etc)," wrote Corrons.

"And what's the moral of this story? Well, if such a moron is able to steal thousands of credentials, imagine what a smart cyber criminal could achieve."

March 29, 2010 |

Comments

As a World of Warcraft player, I just want to point out that you HAVE to use your email address as your username. That's Blizzard's new policy instituted with their battle.net program. It's not so much carelessness as it is obligation.

Posted by :Anonymous | August 7, 2010 12:55 AM

Post a comment







Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2011, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093