More and more phishing websites are popping up, making it even harder to navigate an already vast and complex digital universe. Gaming websites are one of the biggest victims when it comes to phishing, considering you can sell game accounts for a month or so rent depending on the network, level and items/gear that account may possess.

I get many phishing emails to an email which has no gaming accounts linked to it, which I find funny and odd at the same time. I must have some how gotten put on to some email list ::shrugs:: Oh well. Anyways, they attempt to duplicate these websites, both with domain names, the website layout and emails. A lot of them don’t succeed, and I will be showing two of them to you here.

First, we have a crudely made website, which has been taken down now. Their layout attempted to mimic the World of Warcraft’s login page, but the styling was off, and had images placed in wrong order and different sides of the screen. Below is the email that was sent, and the URL the hyperlink in the email directs to.

Email 1
[The link below was used for phishing]
worldofwarcraft-consulting.com/index.asp?ref=https://www.worldofwarcraft.com/account/&app=wam

The next website is still up, and I have grabbed a picture of it, as you should not go to this site, even if you don’t input any information. Below is the email received, and website.

Email 2

The link leads to: worldofwcratcft.com
Creating the illusion of the same domain name is a big part of creating a proper phishing website.The closer the name looks to the original, the easier it is to fool victims. A lot of people only quickly glance at a domain name, which in the case of a phishing victim, is bad.

The image below is of the actual phishing website.

Phishing Site

These are only a couple of the phishing emails I’ve received. Phishing has been around for almost as long as websites have, and it’s not going to go away. A few quick tips to help you stay away from phishing sites…

1. Always watch the links you click.
Even if it looks like a site you regular at, just be sure by scrolling over the link and checking where it actually leads.

2. Don’t input sensitive information on unsecure networks.
If it’s not a secure network, it doesn’t need your information. A lot of people (including myself) have an online alias, which can be used in place of actual information for any websites needing information. The only thing that needs your actual information would be Amazon, Ebay, PayPal, etc.

3. If you’re not sure, don’t.
It’s better to be safe than sorry. If you’re unsure about a website, try searching Google for it. You’d be surprised at what you can find out about a website or company through blogs or review websites.

Until next time,
Nito