Como vai, Forasteiro!?

Parece que você é novo por este pedaço. Se você quer se envolver, clique em algum destes botões!

How cybercriminals victimize WoW players

How cybercriminals victimize WoW players

A Battle.net account is something attackers find valuable. They can use it to get access to purchased games as well as characters and in-game currency and items. If a player has properly configured their account, however, then contacting technical support will likely help them regain control and restore stolen virtual wealth.To get more news about buy gold wow classic, you can visit lootwowgold official website.

Nevertheless, attackers can still cause you a lot of inconvenience, so it’s better to act now to avoid being hacked later. So that you too can avoid this unpleasant situation, I’m going to tell you what I learned from an attempt to hijack my Battle.net account using in-game phishing in World of Warcraft Classic.
To say that there was something fishy about this message would be an understatement. For starters, it’s hard to believe that a real game master at Blizzard Entertainment would respond to such violations as “economic exploits” using a character name that was similar but not identical to the name of the company and inform a player that they had to visit a particular site. Moreover, just for the record, I absolutely did not violate anything.

I usually just ignore such messages, but this time I got curious and decided to investigate how this particular scheme worked. First, I checked the link using whois services because I recognized that the domain was not one of the domains belonging to Blizzard. Also calling the site’s legitimacy into question was the lack of any security certificate whatsoever.

As I suspected, domain that the mighty Bizzard wanted me to visit had been registered for less than a week. Moreover, the attackers did not even try very hard to cover their tracks: The domain was registered by someone from the Chinese province of Anhui through the Hong Kong registrar Hongkong Domain Name Information Management Co., Ltd.

Nevertheless, the phishing site looks convincing. Its appearance is quite similar to legitimate login page eu.battle.net. The Security Check label, which is formatted using the wrong font and color, does spoil the impression a bit. And the Facebook and Google login options don’t work, as you might already suspect. However, almost all other links on this fraudulent page lead to real Blizzard sites. That said, their nationality is not consistent: Some are European, others American.

I decided to continue my investigation to see exactly how the attacker would pursue hijacking my account. Right on the fake page, I clicked the “Create a free Blizzard Account” link (which was fine; the link led to the genuine Blizzard site), and signed up for a new account. Having thus prepared myself for my experiment, I proceeded to hand over my newly created account and password to the attackers.

After I entered my credentials on the fake page, the creators of the site asked me to help them secure my new account by performing a quick check. To do that, of course, I had to enter a verification code sent by e-mail. This code came from Blizzard’s real address.

I had anticipated that step, and as soon as I entered my credentials on the fake page, the attackers immediately entered them on the real site. But they also needed to enter a verification code. Blizzard sent that code to my mail, but the attackers needed to get it from me. Of course, I played along and entered the code on the fake page.

In addition, for some reason, they asked me to answer a secret question on the final page. The truth is, when I registered, I did not set up any secret questions. No worries there, though: I was ready to give them an answer.

I was then informed that I had successfully passed the verification. As you might expect, at the same time someone else logged in to my new account (the IP address placed them in the German city of Brandenburg, but it’s unlikely the attacker was actually connecting from there; they were probably using a proxy server, VPN, or other means of virtually masking their true location).

Sign In or Register to comment.