World of Warcraft users targeted in new phishing attacks

More proof emerged today that phishing attacks are not solely confined to the financial services space, as Panda Security revealed several new campaigns targeting World of Warcraft players.

In a blog post today, the vendor's technical director Luis Corrons highlighted the phishing emails designed to lure users into clicking on a malicious link. This link takes the user to a fake log-in page where they are asked to enter their username and password.

"As you have seen, the attack could be considered pretty good, both the message and the web site looked as if they were real, so we can assume that these are smart cyber criminals with high skills," he explained.

"But we know there are a lot of phishing kits out there, and that there are easy ways to accomplish these kind of attacks, so anyone could be able to do this."

These kinds of attacks are particularly dangerous given that many computer users use the same user name and passwords for multiple accounts, potentially giving the phishers access to online banking and other accounts.

Corrons added that the criminals, it turned out, were not so smart as they allowed the Panda research team to access their own database of stolen credentials.

Apparently, most of the scammed WoW players were using their email addresses as user names.

"I bet that the password used for WoW is the same one they are using for each and every online service (mail, Facebook etc)," wrote Corrons.

"And what's the moral of this story? Well, if such a moron is able to steal thousands of credentials, imagine what a smart cyber criminal could achieve."