Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details. Phishing is typically carried out by e-mail or instant messaging,[ and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Blizzard's MMORPG World of Warcraft is one of the most popular games and the reason why it is most targeted by this phishers.
It is common knowledge that login credentials for WoW accounts are very much sought after by phishers. Their target is to get your gold and pass all passable equips or items that have value.
The in-game chat/whisper system is often used to lure players to phishing sites. The phishers usually pose as Blizzard employees or unknown players and "whisper" to the victim that they have been selected for receiving a free gift or that their account has been flagged as hazardous:
In both cases, the victims are urged to follow the offered link that will take them to a phishing page where they are supposed to register with their account credentials in order to receive the gift/prevent the suspension of their account.
Recently, WoW's in-game mail system has also been employed to deliver similar malicious messages to players:
To add to the credibility of the message, the text and the offered phishing URL make many references to WoW and other Blizzard games. The website in itself resembles very closely the official Battle.net site, making it easy for some people to fall for the scam.
Blizzard is aware of these phishing attempts, and has made it their business to intensify its efforts when it comes to informing the players about them on Battle.net’s security page. They have also made it possible to report scammers from within the game (see, for example, the "Report Spam" button in the in-game mail system).