Virtual World Phishing
Though many MMORPGs have "fishing" as a profession, I recently received the first phishing email related to VWs. Yes, it seems that your game account may be as valuable and vulnerable as your bank account.
The full message is provided under the fold, along with some commentary about it.
From: Eve Team "suspension@eve-online.com" Date: September 3, 2005 10:20:26 PM EDT To: hunterd@wharton.upenn.edu Subject: Limited Account Access - Eve-onlineWe are contacting you because on 2 Sep 2005 our Account Review Team
identified some unusual activity in your account. In accordance
with Eve's User Agreement and to ensure that your account has not
been compromised, access to your account was limited. Your account
access will remain limited until this issue has been resolved.To secure your account and quickly restore full access, we require
you to login in you account .This process is mandatory, and if not
completed within the nearest time your account may be subject for
suspension or will be bannedTo securely confirm your Eve-Online information please click on the
link bellow:[Redacted to avoid mistaken logins]
We encourage you to log in and perform the steps necessary to
restore your account access as soon as possible. Allowing your
account access to remain limited for an extended period of time may
result in further limitations on the use of your account and
possible account closure.Thank you for using Eve-online!
The Eve Team
As you can see, the href for the link actually takes you to "http://www.portatildirecto.com" a domain that the whois record indicates is owned by "Juan de Diego" of Madrid. Of course whois records are notoriously flaky, so it's anyone's guess who is running this scam.
The mechanics of the phishing attempt are no more sophsticated than usual, but I'm struck by the fact that the scammers are now phishing for login details for virtual worlds. Presumably they empty the account as soon as they get the password, by transferring the assets to their accounts, and then they sell the virtual assets on eBay. It's an indication of how significant the asset holdings are in some of these worlds, that it's worth setting up a scam like this for the account details. And it can hardly be an accident that the first one targets EVE--a world known mostly for its trade.
Expect more attempts in other MMORPGs in time.
Posted by Dan Hunter on September 8, 2005 | Permalink
« Calling all space engineers | Main | N^2 »
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/5074/3148649
Listed below are links to weblogs that reference Virtual World Phishing:
» MMORPG Phishing Scams from Privacy and Security Law Blog
As an update to our previous post on the keylogger worm that attempts to steal account data from players of Massively Multiplayer Online Role Playing Games, an interesting report at Terra Nova about a phishing scam designed to steal the... [Read More]
Tracked on Sep 14, 2005 8:54:38 PM
» loan online
from equity loan
Loans Home Equity Loans - Home Mortgage Student Loans [Read More]
Tracked on May 28, 2006 4:09:09 AM
» This Prairie Home is a bit of a rambler - USA Today from Seattle Post
1 hour ago By Claudia Puig, USA TODAY. Those who have listened avidly to Garrison Keillors radio shows are most [Read More]
Tracked on Jun 10, 2006 1:14:59 PM
» American Auto Guardian Utilizes StoneEagle's SEcureCard Solution to Automate their Claims Payment Process from with Paying Claims
URI: http://www.prweb.com/dingpr.php/U3F1YS1TaW5nLVRoaXItRW1wdC1JbnNlLVplcm8=
[Read More]
Tracked on Jun 12, 2006 4:33:22 PM
» From TweakXP comes FireTune from new freeware
of various performance tweaks rolled into one little freeware applet, making it easier than digging [Read More]
Tracked on Jun 18, 2006 4:50:44 AM
» Barr to refile Plan B contraceptive application from and older from
Barr which had sought to sell the drug to women 16 and older.
[Read More]
Tracked on Aug 14, 2006 11:38:06 PM
Comments
Ebay? IGE, more likely.
Posted Sep 8, 2005 1:52:33 PM | link
This isn't new by any means. Usually scams like these will direct users to a website that appears to be run by the MMORPG company in question and presented with a login screen. Accounts who are collected then are cleaned out of any liquid assets.
Variations on this theme include "You have been selected for our new beta!" and "You've been given a free account! Click here to set up."
Our always amusing Internet Relations Manager has at times made a game out of warning our users of these:
http://www.camelotherald.com/more/228.shtml
http://www.camelotherald.com/more/359.shtml
http://www.camelotherald.com/more/681.shtml
http://www.camelotherald.com/more/692.shtml
http://www.camelotherald.com/more/786.shtml
http://www.camelotherald.com/more/815.shtml
http://www.camelotherald.com/more/1740.shtml
http://www.camelotherald.com/more/1747.shtml
http://www.camelotherald.com/more/1882.shtml
Posted Sep 8, 2005 2:26:34 PM | link
Hm, links should really auto-HTML themselves. :)
Posted Sep 8, 2005 2:27:10 PM | link
"To secure your account and quickly restore full access, we require you to login in you account .This process is mandatory, and if not completed within the nearest time your account may be subject for suspension or will be banned"
I love how these scamming nerds can go out of their way to punctuate and spell correctly for the first few paragraphs, and then you inevitably see lapses such as the paragraph I just quoted. There's about 5 serious errors in it, and even though EVE's team is from Iceland (which results in the occasional typo in its game), the scammers are losing a fair portion of their targeted fishies by not investing 60 more seconds of their time in some proofreading.
Posted Sep 8, 2005 2:33:49 PM | link
No surprise that phishers are looking for other lucrative markets, but thanks for posting the info so that these scams don't take people off-guard. Worth an update to the recent post we did on our blog about worms and other malware that attempt to steal such account info -- thanks!!
Posted Sep 8, 2005 3:51:28 PM | link
What about phishing while in game?
http://afkgamer.com/archives/2005/09/07/something-old-something-new/
Posted Sep 8, 2005 6:50:06 PM | link
Since I don't have an EVE account, I felt safe clicking on the link. Doesn't work; you get a 404
Posted Sep 8, 2005 9:37:44 PM | link
On a completely unrelated note (I wish I could submit stuff to TN): Ex -WoW devs form a new company and are looking for talent.
Posted Sep 9, 2005 1:38:04 AM | link
This type of phishing email showed up rather frequently in Everquest as well. Like DaoC, the Community Rep would generally post a sample and remind everyone that this sort of email would never be sent out.
Posted Sep 9, 2005 12:12:23 PM | link
This is nothing new. I remember various phishing techniques (in-game, on the forums, and email) being used in the early Runescape beta. This would have been about four years ago.
Posted Sep 9, 2005 12:13:43 PM | link
In Diablo 2, phishers tell noobs to check their stats by whispering their account name and passord to a third-party member (someone with a registered name of like "BlizzTech" or "BlizzStats"). While this is common, it is interesting the lengths to which some phishers will go. It seems as if the one who wanted your account is very devious. I expect means of phishing will only get more subtle.
Posted Sep 9, 2005 1:24:58 PM | link
Man, you think that's bad? The other day, someone attempted the first scam in a VW on me. It was unreal. I guess it goes to show how valuable in-game items are to some people!
Posted Sep 14, 2005 2:44:44 PM | link
"Expect more attempts in other MMORPGs in time."
In fact, this has been going on for year(s) already and is not really new. But yes, it is increasingly becomming problematic. In south korea, over 50% of the cybercrimes involve games and the selling game money to launder the ill gotten money.
And why would we be surprised? With all the impressive quotes about the total value going on in what's called the secondary market of MMORPG's, something like this could only be expected.
Posted Sep 14, 2005 5:00:31 PM | link
Runescape is plagued with these scammers. Every time there is a game update people will start saying something like "the new update blocks your password when you typre it. Look! ******" And with fansites like Rune Tips people are always sending out e-mails to players with spoofed e-mail adresses from "jagex.com". Also some people have been puting keyloggers in image files and putting them in there signatures on fansite forums.
Posted Jan 15, 2006 10:54:55 PM | link
