World of Warcraft – Jade Tiger Scam

http://tobolds.blogspot.com/2009/11/phi … PG+Blog%29

reposted in its entirety below:

Please be warned that today somebody swamped the internet with an extremely well made phishing mail, which looks very much like a genuine mail from Blizzard, and promises you a Jade Tiger in-game pet if you just fill out a survey. Of course to do so you’ll have to type your Battle.net login and password on the fake website us.blizzard-survey.com. And the next time you log in after that, instead of finding a Jade Tiger, you’ll find your characters naked and all your gold and possessions gone.

Braving the dark corners of the internet I gave a fake userid and password to the phishing website, which led me to the survey (note that if the website wasn’t fake, I wouldn’t have been able to “log on” with the fake userid). I was surprised how extremely professional this phishing side was, it looked exactly like a Blizzard site, even the survey looked real, and after thanking you for participation you get forwarded to the real World of Warcraft site. Scary stuff, this.

Now excuse me while I run a virus check on my computer.

A couple of notes:

  1. Authenticators are a REALLY good idea.  Perhaps not for every game, but a game that is as popular as WoW is is bound to attract the kind of scumbags who do this sort of thing.
  2. blizzard-survey.com… Ouch.  Even if someone was sharp enough to look up the domain information, here is what they would find.

WHOIS information for blizzard-survey.com :

[Querying whois.internic.net]
[Redirected to whois.ename.com]
[Querying whois.ename.com]
[whois.ename.com]
Domain Name : blizzard-survey.com

Registrant Contact Information :
AdminDomain
Blizzard Entertainment
jackis@mailinator.com
US, 18979
tel:
fax:   

Administrative Contact Information :
AdminDomain
Blizzard Entertainment
jackis@mailinator.com
US, 18979
tel:
fax:   

Technical Contact Information :
AdminDomain
Blizzard Entertainment
jackis@mailinator.com
US, 18979
tel:
fax:   

Billing Contact Information :
AdminDomain
Blizzard Entertainment
jackis@mailinator.com
US, 18979
tel:
fax:   

Status :
clientDeleteProhibited
clientTransferProhibited

Domain Name Server :
ns1.2x4hosting.ru
ns2.2x4hosting.ru

Registration Date :2009-11-13
Expiration Date : 2010-11-13

Many folks who get this far would see “Blizzard Entertainment” and move on.  The only real indicators that this domain is a phishing domain are

  1. Registered last week.
  2. Name Servers are in Russia. (and let’s face it, the Russkies are behind 99% of the high quality Internet scams out there, trust me… I know.)

Bottom line:  TANSTAAFL.  Why would Blizzard have a survey site and not advertise the hell out of it on worldofwarcraft.com or in-game?  If it sounds too good to be true, it probably is.  Be careful out there.


Grim