Posted: March 28, 2017 by

Last updated:

We take a look at a World of Warcraft phish doing the rounds which could stand to do a spot of updating where it's branding is concerned.

A phishing campaign currently in circulation is attempting to bait World of Warcraft with the promise of free in-game pets. We’ve seen two variations on this so far, and it’s possible there’s more. Both of the below examples lead to the same phishing URL. As great as the promise of some free content is, this is nothing more than an attempt at stealing your gaming credentials.

One of the emails read as follows:

You are receiving this e-mail because Your friend has purchased World of Warcraft In-Game Pet: Brightpaw for you as a gift!

Claim Your Gift

To claim your gift, enter your Gift Key on the Battle.net? Account Management. You’ll be sent to the download page afterwards, if needed.

The second mail claims a “WoW mount mystic rune sabre” is up for grabs.

Keen Warcraft players will notice the email is branded with Battle(dot)net, the name of Blizzard’s online gaming service – but this name has just been retired, which may well set off a few alarm bells.

Both emails lead to a phish located at (deep breath):

us(dot)battle(dot)net(dot)login(dot)login(dot)xml(dot)account(dot)support(dot)password-verify(dot)html(dot)legion-game(dot)xyz/login/en/login(dot)html

The phish again touts the Battle(dot)net name and asks for an email and password.

Feel free to ignore this one and send it straight to your trash folder, there’s no free pets at the end of this path, just headaches and calls to customer support.

Christopher Boyd