Slight change to the Phishing (Website) Scam. - MMOwned - World of Warcraft Exploits, Hacks, Bots and Guides

o0o0o00oo0 · #1 07-01-2007

Phishing with a twist!

This is just a slight variation to how the scam is done. (You use the same website, etc, etc) Find an account seller on a website like [Only registered and activated users can see links. ], and tell them that you are interested in the account. Offer them a big (Not insane, or they know it's a scammer), or if they have it posted, their buyout price. Act casual and small talk for at least 15 minutes to build trust. Then, tell them, that you'd like them to login to account management and send them a screenshot of the account type. This tells if the account is a BC-Enabled account, Non-BC account, or a trial account. Send them the link to "Login to account management", that is really a link to your phishing site. Once they try to login, go get your username\password from your log, and enjoy your new account.

Example:

WTS: 70 epicced out mage $300 bid $600 BO
Talking to them on aim...
You: I'd like to buy the account for $600
Victim: Sure! Are you Paypal verified?
You: Yes. (You don't even need a Paypal, but say Yes. It builds trust.)
You: Small chat, "Oh, I like th account, etc, etc"
Victim: So $600 it is?
You: Yes, but I'd like one thing before I click pay.
Victim: What?
You: Do you think you could send me a screenshot of the account type? I want to make sure it's BC-Enabled.
Victim: Sure.
<You go check your log on your phishing site to get his account name\pass>
Victim: Here it is. <Picture Here>
<You now know the following: His first name, last initial, Street Address, Country, Account Creation date, and last login date, and username and password.> (Assuming your Phisher site gives a real login screen after the fake one, and he doesn't edit the info out with paint.)

Now, with that info, you're in the position to change his password, and possibly recover it if he changes it back.

I am not stating that I have done this, I am just stating the basic theory behind it, and how it works.

P.S. Use the AIM hyperlink when you link your website so it doesn't show up as [Only registered and activated users can see links. ], but [Only registered and activated users can see links. ], etc (Shows up like that on AIM link, not in browser.)

-----)(Please leave the copyright text intact)(-----
This post is copyright by the user posting it and [Only registered and activated users can see links. ], where it was posted. You may not copy or reproduce this information on any other site without written permission from both the poster and MMOwned.com

OG610 · #2 07-01-2007

Wait, I don't understand you say something like:
"Do you think you could send me a screenshot of the account type? I want to make sure it's BC-Enabled. Here is the login link <fake-masked link here>"

or how do you get them to visit your phishing site?

If it is how i described above, I think the seller would just ignore your link and go to the site himself?
Otherwise, I like the theory behind it!

EDIT: ahh ok I read the first part of your post... that answered my Q

Still I bet they would think its shady if you gave them the link, but sill good idea!

o0o0o00oo0 · #3 07-01-2007

Quote:

Originally Posted by OG610

Still I bet they would think its shady if you gave them the link, but sill good idea!

Do it in the same message -

"Could you send me a screenshot of the account type? You can find the account login page at: [Only registered and activated users can see links. ] is what shows up in AIM, however, it directs to your site. They see the [Only registered and activated users can see links. ] link. **I link in Aim 5.9, old version, but it should still work. You need the following things:

"URL Link" - Link to your website
"Url Description" - Copy and paste the World of Warcraft login page. (This one shows up in your convo)

Sounding professional is crucial in this scam.

~~Tristan~~ · #4 07-02-2007

Scam disproved. I just used this scam but I just asked to test the account after he Photo shopped his info out. The e-mail shows as "T...." It only shows the First letter of your e-mail and your last name "For your security."

o0o0o00oo0 · #5 07-02-2007

Quote:

Originally Posted by Hiphopllama

Scam disproved. I just used this scam but I just asked to test the account after he Photo shopped his info out. The e-mail shows as "T...." It only shows the First letter of your e-mail and your last name "For your security."

Sir I do believe your school needs better reading classes. I stated "last initial" and no email address.

Quote:

To be exact.

Verye · #6 07-03-2007

You still come to this:

"You can login here: www.linkhere.com"

A. Most people can just hover their cursor over it and see the site, or click it then see the URL.
B. They may just log in through [Only registered and activated users can see links. ].

o0o0o00oo0 · #7 07-03-2007

Quote:

Originally Posted by Verye

You still come to this:

"You can login here: www.linkhere.com"

A. Most people can just hover their cursor over it and see the site, or click it then see the URL.
B. They may just log in through [Only registered and activated users can see links. ].

Whenever someone who sounds trustworthy sends you a link, do you automatically look at the bottem left of your screen to check what it links to? If you do, then gj, but most people don't. Also, come on, everyone wants the easier route, so they take the link. (Assuming they didn't read where it's to)