World of Warcraft Phishing Scam Underway: Players Warned

Ray Walsh

Ray Walsh

March 28, 2017

World of Warcraft (WoW) players are being warned to watch out for a phishing scam being directed at players of the popular online game. According to Malwarebytes Labs, the phishing campaign is designed to lure in players by making them think that they will get an in-game reward.

WoW is a massively multiplayer online role-playing game (MMORPG) that was first released in 2004 by Blizzard Entertainment. At its highest point in 2010, 12 million people were subscribed players. These days, that figure is closer to five million players – which still makes the game insanely popular.

The phishing scam is a cleverly designed cyberattack known as social engineering. Social engineering attacks are designed to lure in their victims, by praying on their innocent love of a particular topic. Sometimes, it can be an email telling the recipient that they have won a prize. Other times, it might be a business-oriented email designed to look like the recipient’s field of work, such as law news for attorneys, or engineering literature for engineers – whatever will fool the victim.

No Free Pet This Time

On this occasion, the phishing scam is designed to lure WoW players into willingly handing over their gaming credentials. According to Malwarebytes’ blog on the subject, there are currently two forms of phishing email in the wild. Both promise an in-game reward. The first is an offer for an in-game pet called a “Brightpaw.” The malicious email claims that a friend within the game has purchased it for them. The second variety of the phishing email is for a free “Mount Mystic Rune Sabre” – also claimed to be a gift from a friend.

WoW players are warned to steer away from both emails, as neither of them results in getting the promised free gift, but rather in the loss of the account to hackers who steal their credentials. Most annoyingly for lovers of the game, the malevolent email is designed to look like it came from Battle(dot)net. This used to be Blizzard Entertainment’s official online gaming service, until it was retired last week.

Blizzard has decided that having two online brands is confusing for consumers. For that reason, it has done away with the Battle(dot)net platform. This is what Blizzard has to say about its decision:

“When we created, the idea of including a tailored online-gaming service together with your game was more of a novel concept, so we put a lot of focus on explaining what the service was and how it worked, including giving it a distinct name.

“Over time, though, we’ve seen that there’s been occasional confusion and inefficiencies related to having two separate identities under which everything falls – Blizzard and Given that built-in multiplayer support is a well-understood concept and more of a normal expectation these days, there isn’t as much of a need to maintain a separate identity for what is essentially our networking technology.”

Whoever is committing the fraudulent attempt to frisk game players of their account details is either unaware of the change, or is preying on it willingly. Either way, Malwarebytes is concerned that the phishing campaign looks official enough to successfully fool game players into handing over their details.

Malwarebytes says that both the emails lead to the same location:


On arrival, game players are asked to enter their game credentials. From the Malwarebytes blog:

“The phish again touts the Battle(dot)net name and asks for an email and password. Feel free to ignore this one and send it straight to your trash folder, there’s no free pets at the end of this path, just headaches and calls to customer support.”

This isn’t the first time that scammers have directed a phishing campaign at WoW players. Back in 2010, a similar scam also attempted to steal login credentials. So, why are hackers so desperate to get hold of these passwords? It is just a game, after all.

Highly Valuable

The game’s popularity makes some accounts incredibly valuable. Depending on how much an account has been played – and how well established that character has become – the account could sell on the dark web for anything between $35 and $25,000. That is an insane amount of money, and is a huge temptation to hackers.

Back in 2010, the antivirus vendor F-Secure from Finland commented:

A World of Warcraft account could be a gold pot for phishers, depending on the player’s achievement. In-game items are in demand and could be sold for real cash value, making WoW accounts a favorite phishing target.”

With so much to lose, WoW players are warned to be very careful when opening any emails that appear to be from Blizzard. The best bet is to always log in to a WoW account away from links in an email. Instead, be careful to log in only from the official portal. You have been warned!

Title image credit: Patrik Slezak/

Screenshots: Malwarebytes Labs

Exclusive Offer
Get NordVPN for only
Get NordVPN for only