Steam, WOW used as phishing bait

New wave of fradulent e-mails attempts to swipe account information from gamers.

The inboxes of GameSpot editors are regularly bombarded with spam, but a handful of shady missives that slipped through the junk-mail filter this week show that at least one spammer is trying to trick World of Warcraft players and Steam users into handing up their account information through a practice commonly known as spoofing or phishing.

No, not that kind of fishing!

The first e-mail arrived Sunday night, claiming to be from Steam maker Valve Corporation. It read, "Dear Steam User, This is the official notification from STEAM, that your account will be deactivated and deleted if not email us immediately." To avoid the threatened deletion, the e-mail recipient was told to send an e-mail to steam.admins@gmail.com "with you [sic] login details," specifically a user name, a password, and a real name.

The scammer apparently used an e-mail from a previous phishing attempt as a template. A copyright line at the bottom of the message indicated not only that the contents of the e-mail were copyright Valve Corporation, but also a logo implying that Valve is an Equal Housing Lender in accordance with Federal Fair Lending Laws (a logo that when clicked on linked to Bank of America's page about its Equal Housing Lender status).

A second draft of the Valve phishing scam was received early Monday morning, this one linking to an external site that mimics the appearance of the official Valve site and requests that users enter their account information to log in. While the grammar was improved, the Equal Housing Lender logo remained.

Monday night, a handful of nearly identical e-mails arrived seeking World of Warcraft account login information. The e-mails appeared to come from account@worldofwarcraft.com and featured the same formatting and phising tactics of the second Valve e-mail. Again, the spam carried the Equal Housing Lender logo.

According to the security center on publisher Blizzard's official World of Warcraft Web site, phishing is one of the biggest sources of user security problems the company encounters. Downloading Trojans and other harmful programs disguised as add-ons or hacks for the game is another.

"People should be suspicious of anything that doesn't come from a Blizzard.com email address, or attempts to forward you to a site that isn't Blizzard.com or worldofwarcraft.com," a Blizzard representative told GameSpot. "If you're unsure about any communication you receive, you can forward any email to our official address--billing@blizzard.com--and do NOT reply at all unless our Billing staff actually confirms for you that the message is legitimate."

As for what the company is doing to crack down on these scams, the rep said, "Blizzard works actively to combat fraud against our customers" and regularly updates players on new security measures through its forums and phone support.

A Valve representative didn't return GameSpot's request for comment.

123 Comments

  • cjcr_alexandru

    Posted Jan 13, 2007 7:47 am PT

    I hope that they didn't "catch" anybody.

  • ZachX5000

    Posted Jan 11, 2007 1:55 pm PT

    ***AceCometh:
    The loading screen on WoW will often say that Blizzard will never ask for your account information. Never played Steam, though, and as addicted as I am to WoW I doubt I ever will play Steam.***

    Steam isn't a game, wow. Just wow.

    Anyway, hopefully no one lost anything!

  • nekootoko

    Posted Jan 11, 2007 10:33 am PT

    You'd have to be an idiot to fall for that. To be honest, I don't feel too much sympathy for people who lost accounts over this.

  • rodimus_prime85

    Posted Jan 11, 2007 2:20 am PT

    I work for a worldwide bank in partnership with the banks fraud department... And you'd be surprised how many cases you get through similiar to this. One customer had their account completly drained of £2000 in 2 days from a e-mail claiming to be from our bank... The e-mail said
    "Dear customer (Not even customer real name)
    Our computers have recently had a virus attack and all our data is lost. Please reply to this e-mail with your account details, birthday, transaction history and address. If you do not reply within 7 days, it is possible you will lose your ability to withdraw money from hole-in-the-walls, or even lose the account completly"

    It's usually the elder population that fall for such an obviously fake trick, but we get alot of young people to that are just....stupid. The same age-range of the population that play WoW. But how much of a moron would you have to be to fall for such a trick? 'Dear customer we've lost all your details except, luckily, your e-mail addy...'

    I once recieved a phone call from someone claiming to be from MY bank asking for personal details. I asked for a name, staff number (Which he hesitated at, but after a lenghy pause gave me a random 8 digit number which didn't corispond to the banks pattern of staff numbers) and contact number, then instantlly reported it to my banks customer service. Thats all it takes.

  • princeofgames90

    Posted Jan 11, 2007 12:39 am PT

    Its obvios

  • supapuerco

    Posted Jan 10, 2007 9:36 pm PT

    I've been recieving these "Steam" emails for a few months now. They're pretty sneaky, but you can probably bet anything asking you to "confirm your account details" via email is probably a scam.

  • YukoAsho

    Posted Jan 10, 2007 7:37 pm PT

    I hate to sound like a jerk, but I have to agree with the people saying "if you fall for it, you deserve it." Phishing is as old as e-commerce, and is the way most people lose their money and fall prey to identity theft online. It's something most people will spot immediately and only takes a little effort to spot. Crappy grammar and sites that don't originate from the company page are usually clues.

    But hey, there's a sucker born every minute.

  • hafaholo

    Posted Jan 10, 2007 7:29 pm PT

    Can somebody please answer this simple question? Is WOW Satanic or evil??

  • Inu7

    Posted Jan 10, 2007 5:41 pm PT

    I stopped playing WoW a year ago yet I still get these crap emails. Same with steam, I am never on steam dammit!

  • theKSMM

    Posted Jan 10, 2007 4:08 pm PT

    I would think that most people savvy enough to play an MMORPG would have the good sense not to fall for a poorly-designed phishing scam.

    Then again, we are talking about a virtual world with almost seven million people. Gotta be some suckers in there somewhere...

  • recalcitrant1

    Posted Jan 10, 2007 2:13 pm PT

    If Blizzard didn't follow it up they'd make consdierably less money from WoW and their member base would never have swelled to such levels. That's PR. And lets not forget, with phishing (rather than trokans and the like) the user has to give the information out, which is against the advice and user agreements of virtually every game involving a login system. Like they say, caveat emptor.

  • strategyking92

    Posted Jan 10, 2007 1:53 pm PT

    blizzard has the balls to answer back, and valve is hiding in a hole somewhere. you can tell blizzard truly cares about their customers.

  • MegaManX9101

    Posted Jan 10, 2007 1:32 pm PT

    lol... i could see a noob reading this and saying something like... "Oh teh noes! They are going to sell my hearthstone!!!! :O"

    XD

  • fahad2mail

    Posted Jan 10, 2007 12:35 pm PT

    wow, bad bad bad.

  • Dantes_Monkey

    Posted Jan 10, 2007 11:57 am PT

    keep your filthy hands off of my steam account!

  • ApisBee

    Posted Jan 10, 2007 11:18 am PT

    LOL, someone wants my low level Hunter on a PVP server? I don't think they really would want it. The Horde use it as their whipping boy. It so shot full of holes that you can see though'em, and he's poor too.

  • chrisdojo

    Posted Jan 10, 2007 10:46 am PT

    whoever follows through with phishing shouldn't be using email...

  • Arley569

    Posted Jan 10, 2007 10:29 am PT

    who responds to them.......lol

  • goddessakasha

    Posted Jan 10, 2007 9:44 am PT

    These e-mails are so easy to see through, you just need to pay attention to it. Usually if you are being threatened with "immediate closure" of your account, it's a good sign it's a bunch of BS.

  • nobeaner

    Posted Jan 10, 2007 9:30 am PT

    I would worry about any pre-teens that play these games that still have a fear of authority figures and getting in trouble. They just might send the info to their older sibling or parrents account.

  • rkownadge

    Posted Jan 10, 2007 9:12 am PT

    lol i did something similar 2 my friend as a prank lol but i told him after just wanted 2 c if he was stupid enough to do it lol !!! i told him after it was jokes

  • maxxorz

    Posted Jan 10, 2007 9:06 am PT

    "These have been around for years-if you're stupid enough to believe one you deserve to loose your account"

    hahah, so true!

  • Legir

    Posted Jan 10, 2007 8:46 am PT

    I'm glad I never played WoW because I am shocked and appaled they arn't Equal Housing Lenders.

  • Kingsnake976

    Posted Jan 10, 2007 8:39 am PT

    Wow.... 99 comments on this story and 70 are nearly identical.
    If you can't add anything new or enlightening to the conversation, please don't post. Calling the naive "dumb-*sses", or the equivilent is, by the way, like shooting fish in a barrel.

  • Doesetsu

    Posted Jan 10, 2007 8:08 am PT

    thanks for the heads up GS!

  • CapinGreen

    Posted Jan 10, 2007 7:58 am PT

    These have been around for years-if you're stupid enough to believe one you deserve to loose your account

  • Bloodlustt

    Posted Jan 10, 2007 7:54 am PT

    Any Idiot who falls for these emails deserves to loose all his money. They dont even use proper word structure lol

  • AceCometh

    Posted Jan 10, 2007 7:51 am PT

    The loading screen on WoW will often say that Blizzard will never ask for your account information. Never played Steam, though, and as addicted as I am to WoW I doubt I ever will play Steam.

  • Zoomer30

    Posted Jan 10, 2007 7:49 am PT

    I like the ones that ask you for your credit card number and PIN number, talk about obvious, why not just pull a gun on me, then I would not have to read the insanely bad grammar.

    I got one that was "from" PayPal last week telling me I had to go and update my info or my account would be closed. So obvious. The line "we would appreciate it if you could take 5-10 mins out of your online experience and update your info" Who the hell talks like that...oh that's right....a foreigner talks that way. Probably some phisher on the west side of Moscow.

  • ObiKKa

    Posted Jan 10, 2007 7:26 am PT

    You treat it the same as the fake emails proclaimed to have come from your bank(s). They all would never ask you for your private information, you should know that, & the tech experts have always stated that.

  • AjaxsLastStand

    Posted Jan 10, 2007 7:15 am PT

    I just don't see how people can be that stupid to fall for anything like that...

  • jrod9999

    Posted Jan 10, 2007 7:13 am PT

    This just reminds me to tell my mom and others about emails like this so they don't respond to them(ebay phishers and the like)

  • hart704

    Posted Jan 10, 2007 7:13 am PT

    This problem is simply solved by not giving any of this info out. I don't know anybody who would even tell a friend this type of info. Pretty simple.

  • usaokay

    Posted Jan 10, 2007 7:05 am PT

    Scammers + Invading Copyright laws = Federal Jail.

    Owned.

  • seth1689

    Posted Jan 10, 2007 6:42 am PT

    its its gmail or yahoo u kno right off tha bat its a scam cause big buisnesses like valve have their own email type thing and when u sign up they said they will never email u asking for ur info so if u do give scammers ur info thats ur fault and i kno its still wrong and these ppl really need to grow the hell up

  • kelinn

    Posted Jan 10, 2007 6:38 am PT

    Glad I stopped playing WoW January last year. Now I have much more time to do more important things in life than spending almost all of my spare time in one game.

  • Sheiko

    Posted Jan 10, 2007 6:30 am PT

    Equal housing lender? Valve? LMAO too much time on CS:S is starting to drain even the Phishers themselves.

  • peeweeshift

    Posted Jan 10, 2007 6:04 am PT

    WoW ruined by scammer

  • V_Zarnold_N

    Posted Jan 10, 2007 5:57 am PT

    lmao that is really lame that people have to try and do this to people.... man get a life

  • catsimboy

    Posted Jan 10, 2007 5:39 am PT

    I got one of the WoW ones and I knew that it was a scam. I'm glad I'm not stupid like a lot of internet users who make actually make scams profitable for the scammers.

  • doffythebest

    Posted Jan 10, 2007 5:27 am PT

    Firstly people should really stop being so stupid and answer these mails.

    Secondly i think all these people stealing accounts should start getting a life, and go to hell.

  • sonicare

    Posted Jan 10, 2007 5:26 am PT

    Sad to see that there are so many lowllifes out there.

  • Prestonian

    Posted Jan 10, 2007 5:03 am PT

    All I'll say is this: I wish I was an Equal Housing Lender.

  • AppleJuices

    Posted Jan 10, 2007 4:32 am PT

    What the person under me said.

  • StevenJWeir

    Posted Jan 10, 2007 4:08 am PT

    If people are stupid enough to reply to these emails and hand over their account information, then they deserve to lose their accounts.

  • KingofTrolls

    Posted Jan 10, 2007 4:07 am PT

    You would have to be a complete freaking moron to fall for this crap. No GM or Admin would ever need to ask for a user's password EVER. Also if the email address is pointed to a gmail account that is just a no brainer. People are freaks I tell ya.

  • Peppita_Nel

    Posted Jan 10, 2007 2:37 am PT

    " To avoid the threatened deletion, the e-mail recipient was told to send an e-mail to steam.admins@gmail.com "with you [sic] login details,"

    steam.admins@GMAIL.com that GMAIL gives him out...and the fact that it always say that blizzard and steam will NEVER EVER ask for your email since they always get your IP instead and other stuff
    those that get tricked by these scam mails are...well not smart, but i wouldn't call them stupid either ^^

  • diablobasher

    Posted Jan 10, 2007 2:10 am PT

    It's really no hard to ignore these stupid emails, it clearly states in the user agreement that Blizzard/Steam staff will NEVER ask for your password. If they really needed it, those with the proper database authority wold go and look it up on their databases, not ask you for it.

    If they really need to confirm your identity or whatever reason, they will ask other questions such as date of birth or adress, not your account password.

    Anybody who falls for this stuff, as legit as some of it sounds, didn't even skim red the user agreement.

  • Destroyeron13

    Posted Jan 10, 2007 12:44 am PT

    Blizzard > Valve

  • datniccah187

    Posted Jan 10, 2007 12:29 am PT

    Email theft is not kosher. Not kosher at all.

advertisement

Hot Stories

Newsmakers

Featured Stories

Submit News

Got tips? Send them in!

Related Game

World of Warcraft Boxshot
World of Warcraft

Game Stats

  • Rank:
    8 of 59,064
    PC Rank:
    4 of 11,439
    Tracking:
    37,527 Track It»
    Wishlists:
    10,033 Wish It»
  • Users Now Playing:
    19,154
  • Number of Players:

    Massively Multiplayer Online Modes: Competitive, Cooperative, Team Oriented

  • Top 5 User Tags:
    1. wow
    2. world of warcraft
    3. mmorpg
    4. warcraft
    5. blizzard
  • Teen Rating Description

    Titles rated T (Teen) have content that may be suitable for ages 13 and older. Titles in this category may contain violence, suggestive themes, crude humor, minimal blood, simulated gambling, and/or infrequent use of strong language. Learn more

Full Game Details »Close
Also on

Site Blogs