Phish Dupes Gamers with Cheating Accusations

“Warlords of Draenor – now invite you to join” Phish

Is that the sound of an email from Blizzard landing in my mailbox? Not exactly.

There’s a number of clues that the below email – inviting me to sign up to Blizzard’s Warlords of Draenor – is a fake and should be deleted / ignored / fired into the heart of the Sun. The mail, titled “Warlords of Draenor – now invite you to join”, is little more than an image file with a pre-purchase button on it.

Email time.

1) “Pre-purchase”. Uh, the game came out in November so unless this email comes with a TARDIS we won’t be pre-ordering anything.

2) “Game Key”. A quick search for that supposed key reveals lots of hits on the official forums warning of phishing attempts.

3) The URL is registered to an individual in China, and according to a Whois search the registrant’s email is tied to at least 25 other WoW themed domains. There’s at least one blog entry about the sender that I could find.



Note also that the site is asking for a login, yet is not HTTPS secured. While you do occasionally see a HTTPS phish page, they’re not particularly common and we have more than enough additional information here to work out the legitimacy of this email / website combo.

4) The above blog mentions emails tied to Google accounts, and how Blizzard don’t send mails via Google; in this case, the mail was sent by a Gmail account.

In conclusion: time travel doesn’t exist unless you’re Christopher Nolan, and – in this case – neither does a valid login.


Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.