Tobold's Blog
Friday, November 20, 2009
 
Phishing alert: Jade Tiger e-mails

Please be warned that today somebody swamped the internet with an extremely well made phishing mail, which looks very much like a genuine mail from Blizzard, and promises you a Jade Tiger in-game pet if you just fill out a survey. Of course to do so you'll have to type your Battle.net login and password on the fake website us.blizzard-survey.com. And the next time you log in after that, instead of finding a Jade Tiger, you'll find your characters naked and all your gold and possessions gone.

Braving the dark corners of the internet I gave a fake userid and password to the phishing website, which led me to the survey (note that if the website wasn't fake, I wouldn't have been able to "log on" with the fake userid). I was surprised how extremely professional this phishing side was, it looked exactly like a Blizzard site, even the survey looked real, and after thanking you for participation you get forwarded to the real World of Warcraft site. Scary stuff, this.

Now excuse me while I run a virus check on my computer.
Comments:
On the plus side, think of all the newly liberated gold that will soon be available for purchase.
 
Thank you for this warning. I would add; avoid opening links directly from email. Go to the base website which you know and navigate from there. The bit of time lost to inconvenience is more than worth the potential loss.
 
I pray your computer is alright. :)
 
Please update us after the virus scan. I'm resisting the urge to check it out for myself.
 
I'm surprised you went to visit the dangerous site! All in the name of journalistic integrity, I suppose.

I run Firefox with 3 security addons: Adblock Plus, NoScript, and Web of Trust. Each one serves its own purpose, and I find the combination to work pretty well. In order to fill out a survey, I'd have to manually white-list the site in NoScript, which sounds very risky to me.

If I had to visit the site for journalistic integrity, I'd probably install a new browser like Opera or Chrome, then visit the site, then uninstall the browser.
 
Lol I have gotten so used to seeing phising from all major companies that I don't believe a thing unless I see it on the companies page that I type in.

Blizzard is the most popular followed by banks that i don't have accounts in. and eby. com is 3rd
 
We can't say that Blizzard doesn't warn us.

They've been quite clear with their "Blizzard employees will never ask for your authentication" messages.
 
Thanks for the Heads up for the community. But in all honesty the best way to avoid hacking is just throw down 7 dollars on an authenticator.
 
Whats sad is that I can bet they are getting hunreds (if not more) of passwords through their little scam. People fall for these phising scams way too easily.
 
Thank you. Most people should know better than now, but there's always someone who won't know any better.
 
Jeez, I'd be incredibly leery of finding out what's on the other side of such a scam...thanks for revealing what they actually do.
 
Please update us after the virus scan. I'm resisting the urge to check it out for myself.

No virus, no trojan, just the highly professional phishing attempt.
 
Things like this definitely make the authenticator worth the money. I have 2 accounts, 1 for me and 1 for my kids - although I do warn them about phishing e-mails I can't say for sure that they wouldn't be seduced by the promise of that Jade Tiger!

Having the authenticator doesn't mean that I have other precautions in place but it does mean that if all else fails my account isn't going to get stripped.
 
I tried to enter the link, I'm using Firefox with the noscript addon, and I noticed the typical 'Enable javascript' message is written in cyrilic letters.

That means the scam is well done, but not as well done as you said. I know the average computer user uses Iexplore or Firefox without addons, but still I think it's easy to spot.
 
Post a Comment

<< Home
Newer›  ‹Older

  Powered by Blogger   Free Page Rank Tool