-IDEA- New Phishing Theory

[Login Error]

Since the WoTLK phishers that were once epic are now obsolete, and account verification phishers fail so horribly, I think it's about time we start using a new kind of phisher.

I made this email template to supplement the idea.

Subject: World of Warcraft - Account Change Notice

Hello,

This is an automated notification regarding the recent change(s) made to your World of Warcraft account .

Your password has recently been modified through the Account Management website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make changes to your password, we recommend you reset your password at YOUR SITE HERE.

If you are unable to successfully retrieve your password using the automated system, please contact Billing & Account Services at 1-800-55-BLIZZARD (1-800-552-5499) Mon-Fri, 8am-8pm Pacific Time or at [email protected].

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment
Blizzard Support

They would click the link, which would be masked as an official-looking URL and would be redirected to your phishing page. They would come to a page asking for account name, password, full name, CD keys, e-mail account and SQA.

I'm not sure if it would work, but I figured I'll never find out if I didn't share the idea. If you don't like the idea, hopefully you can atleast appreciate the irony...

[Henessy]

Cool Idea! +Rep.

[Tierman]

Cool. I'm sure it could be done easily.

[Allenzo]

Very nice! I'm going to try it

[camicio]

Good idea. Some will just try if their old password still works and at least you get that.

[jacksonn]

this could work but other phishers do still work.

[Poglia]

This works only on very dumb people. A smart person scenario:

1) Victim reads the mail, including "Your password has recently been modified through the Account Management website.".
2) Victim clicks the link.
3) Victim types his old password.
4) Victim sees that the old password works.
5) Victim thinks "The mail said that my password was changed, but it worked.".
6) Victim realizes that this is a scam.
7) Victim immediately change his password.

[Gummibär]

Another Scenario:

1) Victim reads the mail.
2) Clicks the link.
3) He falls for it and actually types in his old password.
4) He types in a new password.
5) Logs into WoW and realizes the new password doesn't work.
6) He types in the old password, and will probably go to WorldofWarcraft.com and change it to a totally new one.

[Zaphry]

Off topic: Have i seen you somewhere?..
Your name is familiar somewhy

[Login Error]

Off topic: Have i seen you somewhere?..
Your name is familiar somewhy

I answered it in the other thread if you want to take a look over there.

[Dendra]

I never ask for keys, since most people don't have them ready to hand and it thus lowers the amount of accs i get. Otherwise, good

[Y R U A NUB ?]

Off topic: Have i seen you somewhere?..
Your name is familiar somewhy

Well, you've probably seen him while trying to login somewhere with the wrong password.

[Login Error]

I never ask for keys, since most people don't have them ready to hand and it thus lowers the amount of accs i get. Otherwise, good

I do see what you mean, if they don't know their WoW key they may try to call Blizzard instead, but the original WoW key can be used as a substitution for the SQA when you're trying to change the E-mail, so I'de say it's well worth it. You can maintain control over an account for a long time if you have the CD key.