« Calling all space engineers | Main | N^2 »

Sep 08, 2005

Virtual World Phishing

Though many MMORPGs have "fishing" as a profession, I recently received the first phishing email related to VWs. Yes, it seems that your game account may be as valuable and vulnerable as your bank account.

The full message is provided under the fold, along with some commentary about it.

From: Eve Team "suspension@eve-online.com"

Date: September 3, 2005 10:20:26 PM EDT

To: hunterd@wharton.upenn.edu

Subject: Limited Account Access - Eve-online

We are contacting you because on 2 Sep 2005 our Account Review Team
identified some unusual activity in your account. In accordance
with Eve's User Agreement and to ensure that your account has not
been compromised, access to your account was limited. Your account
access will remain limited until this issue has been resolved.

To secure your account and quickly restore full access, we require
you to login in you account .This process is mandatory, and if not
completed within the nearest time your account may be subject for
suspension or will be banned

To securely confirm your Eve-Online information please click on the
link bellow:

[Redacted to avoid mistaken logins]

We encourage you to log in and perform the steps necessary to
restore your account access as soon as possible. Allowing your
account access to remain limited for an extended period of time may
result in further limitations on the use of your account and
possible account closure.

Thank you for using Eve-online!
The Eve Team

As you can see, the href for the link actually takes you to "http://www.portatildirecto.com" a domain that the whois record indicates is owned by "Juan de Diego" of Madrid. Of course whois records are notoriously flaky, so it's anyone's guess who is running this scam.

The mechanics of the phishing attempt are no more sophsticated than usual, but I'm struck by the fact that the scammers are now phishing for login details for virtual worlds. Presumably they empty the account as soon as they get the password, by transferring the assets to their accounts, and then they sell the virtual assets on eBay. It's an indication of how significant the asset holdings are in some of these worlds, that it's worth setting up a scam like this for the account details. And it can hardly be an accident that the first one targets EVE--a world known mostly for its trade.

Expect more attempts in other MMORPGs in time.

on Sep 08, 2005 in Economics |

| | | |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c022953ef00d8345915b669e2

Listed below are links to weblogs that reference Virtual World Phishing:

» MMORPG Phishing Scams from Privacy and Security Law Blog
As an update to our previous post on the keylogger worm that attempts to steal account data from players of Massively Multiplayer Online Role Playing Games, an interesting report at Terra Nova about a phishing scam designed to steal the... [Read More]

Tracked on Sep 14, 2005 at 20:54

» loan online from equity loan
Loans Home Equity Loans - Home Mortgage Student Loans [Read More]

Tracked on May 28, 2006 at 04:09

» This Prairie Home is a bit of a rambler - USA Today from Seattle Post
1 hour ago By Claudia Puig, USA TODAY. Those who have listened avidly to Garrison Keillors radio shows are most [Read More]

Tracked on Jun 10, 2006 at 13:14

» American Auto Guardian Utilizes StoneEagle's SEcureCard Solution to Automate their Claims Payment Process from with Paying Claims
URI: http://www.prweb.com/dingpr.php/U3F1YS1TaW5nLVRoaXItRW1wdC1JbnNlLVplcm8= [Read More]

Tracked on Jun 12, 2006 at 16:33

» From TweakXP comes FireTune from new freeware
of various performance tweaks rolled into one little freeware applet, making it easier than digging [Read More]

Tracked on Jun 18, 2006 at 04:50

» Barr to refile Plan B contraceptive application from and older from
Barr which had sought to sell the drug to women 16 and older. [Read More]

Tracked on Aug 14, 2006 at 23:38

Comments