Scams Targeting Online Games: Old Phish With Fresh Bait

Are phishing crews paying more attention to virtual worlds? Phishing attacks on massively multiplayer online role-playing games (MMORPGs) have been around since at least 2002, and perhaps earlier. But some observers of online games say the growing market for virtual currency and player accounts may be attracting fresh attention from phishing scams, which are mass-mailing "bait" e-mails seeking to capture gamers' account logins.

Phishing attacks most commonly target banks, credit card companies and payment sites such as Paypal. This year phishers have expanded their target list to include smaller regional banks and credit unions. While phishing attacks on online games aren't new, they may represent a logical area of expansion for these scams, given the growing value of player accounts, the youthful demographics of online gaming, and a recent influx of new players due to the popularity of World of Warcraft.

A recent phishing attack targeting users of EVE Online was reported by Terra Nova, a blog that follows trends in virtual worlds. The bait email purports to be from the game's security team, investigating unusual account activity and sending victims to a spoof site at a server in Spain.

Early phishes on MMORPGs date to 2002, when Dark Age of Camelot began warning users about bait emails, while other early efforts targeted Everquest. In January Netcraft received reports of a phishing attack seeking to steal user account details for Runescape, a free virtual world popular with younger gamers.

In South Korea, where online gaming is hugely popular, malware has been used to try and steal account details. Early this year a remote access trojan with keylogging capabilities sought to capture login details for Lineage, which has millions of users. Last month a keylogger-equipped worm was discovered stealing usernames and passwords for another Korean MMORPG, Priston Tale.

TerraNova's Dan Hunter predicts phishing attacks may increase due to the growing trade in "game gold" and other game-related assets, which has thrived at eBay and gaming auction sites such as IGE, despite bans on such sales by most game publishers. "Presumably (the phishers) empty the account as soon as they get the password, by transferring the assets to their accounts, and then they sell the virtual assets on eBay," writes Hunter. "It's an indication of how significant the asset holdings are in some of these worlds, that it's worth setting up a scam like this for the account details. And it can hardly be an accident that the first one targets EVE - a world known mostly for its trade."

The Netcraft Toolbar is currently available for both Internet Explorer and Firefox, and automatically blocks access to known phishing sites whilst displaying the longevity, hosting location and country for each site you visit. The toolbar can be freely downloaded, and customized versions of the toolbar can provide phishing targets with a powerful tool to protect their customers and networks from Internet phishing scams.