[OMGWTFLEGENDARY] Use WorldofWarcraft.com as a phishing site!?

[grak]

http://www.mmowned.com/forums/wow-sc...file-scam.html , pretty much a repost?

[Fault]

After further review, this is not a repost. Its similar, but its different. It stays

[Bigjev]

REP+ for this

[-| SyphirX |-]

[COLOR="Cyan"]Dombo, you are an epic troll.
But I guess I don't understand what your are saying. If you mean cache by it still functions after I has been delete, you are wrong. If you mean its still there, I'm not sure.

By proof of concept, I meant that this is proof that the concept worked. Maybe I used the term wrong./COLOR]

[pantryboy]

Not sure if this is possible, but in addition to this, just download the main page and the Account Management one.

On the main page, all links go to the worldofwarcraft.com site, apart from the Account Management one that redirects to your local one.
After logging into Account Management, it sends you the details in an e-mail, but would it be possible to push the details to the worldofwarcraft.com site as well? That way it is much less likely to be detected as you have just been logged into the legit world of warcraft site, without knowledge that your details have been sent to a server. Kind of like a keylogger. More complicated but much less detectable.

TL;DR;
person falls for scam
person goes onto worldofwarcraft.com (After host file edited)
person logs into phishing logon
person gets forwarded to worldofwarcraft.com (the legit one) OR forwarded to the "incorrect details" screen on the wow-europe.com site (legit).
person thinks he went onto the wrong site, not realizing that he has just sent you a un/password, and proceeds to go back to the world of warcraft US site countless times.

[-| SyphirX |-]

Not sure if this is possible, but in addition to this, just download the main page and the Account Management one.

On the main page, all links go to the worldofwarcraft.com site, apart from the Account Management one that redirects to your local one.
After logging into Account Management, it sends you the details in an e-mail, but would it be possible to push the details to the worldofwarcraft.com site as well? That way it is much less likely to be detected as you have just been logged into the legit world of warcraft site, without knowledge that your details have been sent to a server. Kind of like a keylogger. More complicated but much less detectable.

TL;DR;
person falls for scam
person goes onto worldofwarcraft.com (After host file edited)
person logs into phishing logon
person gets forwarded to worldofwarcraft.com (the legit one) OR forwarded to the "incorrect details" screen on the wow-europe.com site (legit).
person thinks he went onto the wrong site, not realizing that he has just sent you a un/password, and proceeds to go back to the world of warcraft US site countless times.

Hmm. Sounds interesting.
It might be possible to even log them in through the phisher give the values for the fields point a php file that contains something to also give the info to the original WoW server, but once worldofwarcraft.com is changed in hosts it wouldn't be able to be accessed from that computer.

But it would definitely be possible to redirect them from the phisher to the site. All you would need to do is to get a phisher with the additional info page thing then once they "log-in" just use a php script to forward them to the WoW site.

[Firebendor]

Ok :P im really noob in this Scamming/Stealing accounts thingy but isnt it illigal?

Srry for my bad english ^^

[zelghadis]

Ok :P im really noob in this Scamming/Stealing accounts thingy but isnt it illigal?

all scamming/stealing accs is illegal ;P