reposted in its entirety below:
Please be warned that today somebody swamped the internet with an extremely well made phishing mail, which looks very much like a genuine mail from Blizzard, and promises you a Jade Tiger in-game pet if you just fill out a survey. Of course to do so you’ll have to type your Battle.net login and password on the fake website us.blizzard-survey.com. And the next time you log in after that, instead of finding a Jade Tiger, you’ll find your characters naked and all your gold and possessions gone.
Braving the dark corners of the internet I gave a fake userid and password to the phishing website, which led me to the survey (note that if the website wasn’t fake, I wouldn’t have been able to “log on” with the fake userid). I was surprised how extremely professional this phishing side was, it looked exactly like a Blizzard site, even the survey looked real, and after thanking you for participation you get forwarded to the real World of Warcraft site. Scary stuff, this.
Now excuse me while I run a virus check on my computer.
A couple of notes:
- Authenticators are a REALLY good idea. Perhaps not for every game, but a game that is as popular as WoW is is bound to attract the kind of scumbags who do this sort of thing.
- blizzard-survey.com… Ouch. Even if someone was sharp enough to look up the domain information, here is what they would find.
WHOIS information for blizzard-survey.com :
[Querying whois.internic.net] [Redirected to whois.ename.com] [Querying whois.ename.com] [whois.ename.com] Domain Name : blizzard-survey.com Registrant Contact Information : AdminDomain Blizzard Entertainment firstname.lastname@example.org US, 18979 tel: fax: Administrative Contact Information : AdminDomain Blizzard Entertainment email@example.com US, 18979 tel: fax: Technical Contact Information : AdminDomain Blizzard Entertainment firstname.lastname@example.org US, 18979 tel: fax: Billing Contact Information : AdminDomain Blizzard Entertainment email@example.com US, 18979 tel: fax: Status : clientDeleteProhibited clientTransferProhibited Domain Name Server : ns1.2x4hosting.ru ns2.2x4hosting.ru Registration Date :2009-11-13 Expiration Date : 2010-11-13
Many folks who get this far would see “Blizzard Entertainment” and move on. The only real indicators that this domain is a phishing domain are
- Registered last week.
- Name Servers are in Russia. (and let’s face it, the Russkies are behind 99% of the high quality Internet scams out there, trust me… I know.)
Bottom line: TANSTAAFL. Why would Blizzard have a survey site and not advertise the hell out of it on worldofwarcraft.com or in-game? If it sounds too good to be true, it probably is. Be careful out there.