In the last weeks we’ve seen several phishing campaigns targeting World of Warcraft players. This is one of the messages that have been circulating:

WoW phishing mail
WoW phishing mail

If you click on the link included in the message, you will get to the following web site, which for almost everyone will look like the real one:

WOWPhishing
Fake WoW login site

And what happens once you enter your data? Well, let’s enter a fake user name and password and we’ll see:

WOWPhishinglogin

Now we click on “Log In”, where will we be taken?:

WOWPhishingReal

Yes, it really looks like the real World of Warcraft site. In fact, it is the real site… As you have seen, the attack could be considered pretty good, both the message and the web site looked as if they were real, so we can assume that these are smart cybercriminals with high skills. But we know there are a lot of phishing kits out there, and that there are easy ways to acomplish these kind of attacks, so anyone could be able to do this. Of course, if the cybercriminals are not that smart, they could have left a door opened. Do you imagine what we could find if we could enter there?  Well, you don’t have to, we entered and this is what we found:

WOWPhishingFAILNow take a close look at the first file:

Phishing Data Base
Phishing Data Base File

Yes, it looks like a Microsoft Office Access file, but this can’t be true, come on… let’s download it and take a look at what kind of data it contains:

Stolen credentials
Stolen credentials

Oops! Yes, this is the database with all the credentials stolen so far… ours is the number 13,401, and most of the people seems to use their e-mail address as user name… I bet that the password used for WoW is the same one they are using for each and every online service (mail, Facebook, etc.).

And what’s the moral of this story? Well, if such a moron is able to steal thousands of credentials, imagine what a smart cybercriminal could achieve…