advertisement
Click Here

Steam, WOW used as phishing bait

By Brendan Sinclair, GameSpotPosted Jan 9, 2007 5:26 pm PT

New wave of fradulent e-mails attempts to swipe account information from gamers.

The inboxes of GameSpot editors are regularly bombarded with spam, but a handful of shady missives that slipped through the junk-mail filter this week show that at least one spammer is trying to trick World of Warcraft players and Steam users into handing up their account information through a practice commonly known as spoofing or phishing.

No, not that kind of fishing!

The first e-mail arrived Sunday night, claiming to be from Steam maker Valve Corporation. It read, "Dear Steam User, This is the official notification from STEAM, that your account will be deactivated and deleted if not email us immediately." To avoid the threatened deletion, the e-mail recipient was told to send an e-mail to steam.admins@gmail.com "with you [sic] login details," specifically a user name, a password, and a real name.

The scammer apparently used an e-mail from a previous phishing attempt as a template. A copyright line at the bottom of the message indicated not only that the contents of the e-mail were copyright Valve Corporation, but also a logo implying that Valve is an Equal Housing Lender in accordance with Federal Fair Lending Laws (a logo that when clicked on linked to Bank of America's page about its Equal Housing Lender status).

A second draft of the Valve phishing scam was received early Monday morning, this one linking to an external site that mimics the appearance of the official Valve site and requests that users enter their account information to log in. While the grammar was improved, the Equal Housing Lender logo remained.

Monday night, a handful of nearly identical e-mails arrived seeking World of Warcraft account login information. The e-mails appeared to come from account@worldofwarcraft.com and featured the same formatting and phising tactics of the second Valve e-mail. Again, the spam carried the Equal Housing Lender logo.

According to the security center on publisher Blizzard's official World of Warcraft Web site, phishing is one of the biggest sources of user security problems the company encounters. Downloading Trojans and other harmful programs disguised as add-ons or hacks for the game is another.

"People should be suspicious of anything that doesn't come from a Blizzard.com email address, or attempts to forward you to a site that isn't Blizzard.com or worldofwarcraft.com," a Blizzard representative told GameSpot. "If you're unsure about any communication you receive, you can forward any email to our official address--billing@blizzard.com--and do NOT reply at all unless our Billing staff actually confirms for you that the message is legitimate."

As for what the company is doing to crack down on these scams, the rep said, "Blizzard works actively to combat fraud against our customers" and regularly updates players on new security measures through its forums and phone support.

A Valve representative didn't return GameSpot's request for comment.

123 Comments

  • cjcr_alexandru

    Posted Jan 13, 2007 7:47 am PT

    I hope that they didn't "catch" anybody.

  • ZachX5000

    Posted Jan 11, 2007 1:55 pm PT

    ***AceCometh:
    The loading screen on WoW will often say that Blizzard will never ask for your account information. Never played Steam, though, and as addicted as I am to WoW I doubt I ever will play Steam.***

    Steam isn't a game, wow. Just wow.

    Anyway, hopefully no one lost anything!

  • nekootoko

    Posted Jan 11, 2007 10:33 am PT

    You'd have to be an idiot to fall for that. To be honest, I don't feel too much sympathy for people who lost accounts over this.

  • rodimus_prime85

    Posted Jan 11, 2007 2:20 am PT

    I work for a worldwide bank in partnership with the banks fraud department... And you'd be surprised how many cases you get through similiar to this. One customer had their account completly drained of £2000 in 2 days from a e-mail claiming to be from our bank... The e-mail said
    "Dear customer (Not even customer real name)
    Our computers have recently had a virus attack and all our data is lost. Please reply to this e-mail with your account details, birthday, transaction history and address. If you do not reply within 7 days, it is possible you will lose your ability to withdraw money from hole-in-the-walls, or even lose the account completly"

    It's usually the elder population that fall for such an obviously fake trick, but we get alot of young people to that are just....stupid. The same age-range of the population that play WoW. But how much of a moron would you have to be to fall for such a trick? 'Dear customer we've lost all your details except, luckily, your e-mail addy...'

    I once recieved a phone call from someone claiming to be from MY bank asking for personal details. I asked for a name, staff number (Which he hesitated at, but after a lenghy pause gave me a random 8 digit number which didn't corispond to the banks pattern of staff numbers) and contact number, then instantlly reported it to my banks customer service. Thats all it takes.

  • princeofgames90

    Posted Jan 11, 2007 12:39 am PT

    Its obvios

  • supapuerco

    Posted Jan 10, 2007 9:36 pm PT

    I've been recieving these "Steam" emails for a few months now. They're pretty sneaky, but you can probably bet anything asking you to "confirm your account details" via email is probably a scam.

  • YukoAsho

    Posted Jan 10, 2007 7:37 pm PT

    I hate to sound like a jerk, but I have to agree with the people saying "if you fall for it, you deserve it." Phishing is as old as e-commerce, and is the way most people lose their money and fall prey to identity theft online. It's something most people will spot immediately and only takes a little effort to spot. Crappy grammar and sites that don't originate from the company page are usually clues.

    But hey, there's a sucker born every minute.

  • hafaholo

    Posted Jan 10, 2007 7:29 pm PT

    Can somebody please answer this simple question? Is WOW Satanic or evil??

  • Inu7

    Posted Jan 10, 2007 5:41 pm PT

    I stopped playing WoW a year ago yet I still get these crap emails. Same with steam, I am never on steam dammit!

  • theKSMM

    Posted Jan 10, 2007 4:08 pm PT

    I would think that most people savvy enough to play an MMORPG would have the good sense not to fall for a poorly-designed phishing scam.

    Then again, we are talking about a virtual world with almost seven million people. Gotta be some suckers in there somewhere...

  • recalcitrant1

    Posted Jan 10, 2007 2:13 pm PT

    If Blizzard didn't follow it up they'd make consdierably less money from WoW and their member base would never have swelled to such levels. That's PR. And lets not forget, with phishing (rather than trokans and the like) the user has to give the information out, which is against the advice and user agreements of virtually every game involving a login system. Like they say, caveat emptor.

  • strategyking92

    Posted Jan 10, 2007 1:53 pm PT

    blizzard has the balls to answer back, and valve is hiding in a hole somewhere. you can tell blizzard truly cares about their customers.

  • MegaManX9101

    Posted Jan 10, 2007 1:32 pm PT

    lol... i could see a noob reading this and saying something like... "Oh teh noes! They are going to sell my hearthstone!!!! :O"

    XD

  • fahad2mail

    Posted Jan 10, 2007 12:35 pm PT

    wow, bad bad bad.

  • Dantes_Monkey

    Posted Jan 10, 2007 11:57 am PT

    keep your filthy hands off of my steam account!

  • ApisBee

    Posted Jan 10, 2007 11:18 am PT

    LOL, someone wants my low level Hunter on a PVP server? I don't think they really would want it. The Horde use it as their whipping boy. It so shot full of holes that you can see though'em, and he's poor too.

  • chrisdojo

    Posted Jan 10, 2007 10:46 am PT

    whoever follows through with phishing shouldn't be using email...

  • Arley569

    Posted Jan 10, 2007 10:29 am PT

    who responds to them.......lol

  • goddessakasha

    Posted Jan 10, 2007 9:44 am PT

    These e-mails are so easy to see through, you just need to pay attention to it. Usually if you are being threatened with "immediate closure" of your account, it's a good sign it's a bunch of BS.

  • nobeaner

    Posted Jan 10, 2007 9:30 am PT

    I would worry about any pre-teens that play these games that still have a fear of authority figures and getting in trouble. They just might send the info to their older sibling or parrents account.

World of Warcraft Quick Links

Summary | Reviews | News | Previews & Features | Images | Videos | Downloads | Answers | Hints & Cheats | Forum | Check Prices

Check Prices: $19.82 – 38.35

GameStop $19.99 SHOP ›
Amazon.com $19.82 SHOP ›
Other World Computing $19.99 SHOP ›
advertisement
Click Here
advertisement
Click Here

Related Unions

World of Warcraft Boxshot Enlarge the boxshot
World of Warcraft

Game Stats

Full Game Details »Close
Also on

Games you may like…

Users who looked at content for this game also looked at these games.

See More Similar Games
advertisement