[Account Scam] Phish with Blizzard e-mail!

[Me0w]

Here's a simple guide on a scam that is mainly a combination of two scams. Enjoy!

The two scams used are these:
[Only registered and activated users can see links. ]
[Only registered and activated users can see links. ]

To clear things up I'm going to write a complete guide for ya! Enjoy!

1. Download the files here: [Only registered and activated users can see links. ]
2. Upload them to a webhost and try and get a domain that isn't too suspicious. Hopefully our victim wont notice the domain, but it's better to be on the safe side.
3. See so the files are working, if everything is going well you should be able to "log in" on the site and then the account information should appear in the file "logs.html". Also, it's the most clever if you rename "logs.html" and change the information in "engine.php" and "engine2.php" so that they match the new name of your logfiles. What to replace is commented in the beginning of the php files.
4. Okay, we've gotten the phishing site, now we need an unsuspicious e-mail!
5. Go to [Only registered and activated users can see links. ] and register with an e-mail. What you write in doesn't really matter because hopefully the victim wont see it, but of course it's best if you make something that sounds blizzlike.
6. Now click to send a new e-mail. In the "from" form you should have a drop-down menu. Click it and press "Add an e-mailadress". Then click the big button to add an adress. I recommend "[Only registered and activated users can see links. ]" or "[Only registered and activated users can see links. ]".
7. Go to your inbox. You should now have gotten a mail with the title "Delivery Status Notification (Failure)". Click it.
8. Scroll down and click the link that says "Please click on the link below to claim ownership and activate this e-mail address".
9. Success! You can now choose the e-mail you filled in, in this example "[Only registered and activated users can see links. ]"/"[Only registered and activated users can see links. ]" from the drop-down menu when you send an e-mail!
10. Gather some e-mails from people selling their accounts and start sending mails to them separately. Use your self-written adress ("[Only registered and activated users can see links. ]"/"[Only registered and activated users can see links. ]" in this example) to send the mail from. Here's an example of what you can write in the e-mail:

Greetings!

You have been chosen to become a participant for our upcoming World of Warcraft expansion: Wrath of the Lich King! The beta will commence in a month from now, and we are accepting applicants for the closed beta until January 31th. However, if you are the original owner of your World of Warcraft account, you are granted a spot in the beta. All you need to do is to confirm your account, but hurry! Time is limited, and we have a selected amount of spots to fill for the beta testing period.

To accept the beta and confirm that you are the original owner of your account, you need to visit <YOUR PHISHING SITE HOTLINKED> and fill in your account information. It will take about 4-7 work days before you will receive any response.

Please do not share this website in any way. If you do, your account can and will be suspended.

Sincerely,

Blizzard Entertainment Inc
Account Administration Team
P.O Box 18979, Irvine, CA 92623

11. In the <YOUR PHISHING SITE HOTLINKED> spot, type the link to your Phishing site and then make it a link with the name "https://www.wow-europe.com/wrath/betasignup" (or worldofwarcraft.com depending on if it's EU or US.)

12. ???

13. Profit.

[Col]

either way u must give out ur IP or website adress and they can search whoise info and get ur home adress and your full name.

Not very smart to host PHISHING sites since if u mess with wrong person
you dont wish to be yourself for a while =)

But it might be hidden as:
example: mmowned.com

Quote:

The data contained in GoDaddy.com, Inc.'s WHOIS database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.


Registrant:
[Only registered and activated users can see links. ]

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc. ([Only registered and activated users can see links. ])
Domain Name: MMOWNED.COM
Created on: 09-May-05
Expires on: 09-May-08
Last Updated on: 02-Jan-08

Administrative Contact:
Private, Registration [Only registered and activated users can see links. ]
[Only registered and activated users can see links. ]
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599

Technical Contact:
Private, Registration [Only registered and activated users can see links. ]
[Only registered and activated users can see links. ]
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599

Domain servers in listed order:
NS1.MMOWNED.COM
NS2.MMOWNED.COM


Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited
Registry Status: clientDeleteProhibited

But this page is not hidden:
[Only registered and activated users can see links. ] (random page)

Quote:

Whois Server Version 1.00

The data contained in this whois database is provided to you for
information purposes only, and may be used to assist you in obtaining
information about a domain name registration record. The information
is provided "as is", with no guarantee or warranties regarding its
accuracy. By submitting a whois query, you agree that you will use
this data only for lawful purposes and that, under no circumstances
will you use this data to allow, enable, or otherwise support the
transmission of mass unsolicited, commercial advertising or
solicitations via e-mail, postal mail, telephone, facsimile, SMS or
any other media. The compilation, repackaging, dissemination or other
use of this data is expressly prohibited without prior written consent
from us. You agree not to use high-volume, automated, electronic
processes to access or query the whois database. We reserve the right
to terminate your access to the whois database at our sole discretion,
including without limitation, for excessive querying of the whois
database or for failure to otherwise abide by this policy. We reserve
the right to modify these terms at any time. By submitting this query,
you agree to these terms of usage and limitations of warranty.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.

Registrant:
Anders Nj?l Hansen
Furuholtet 21
Fagerstrand, 1454
NO

Domain Name: ANHANS.NET
Created on: 2006-08-14 20:10:10 UTC
Expires on: 2008-08-14 20:10:10 UTC
Updated on: 2007-07-25 05:11:40 UTC

Administrative Contact:
Anders Nj?l Hansen [Only registered and activated users can see links. ]
Anders Nj?l Hansen
Furuholtet 21
Fagerstrand, 1454
NO
+47 920 44 697

Technical Contact:
Anders Nj?l Hansen [Only registered and activated users can see links. ]
Anders Nj?l Hansen
Furuholtet 21
Fagerstrand, 1454
NO
+47 920 44 697

Domain servers in listed order:
NS1.HOSTEANPALMS.NET
NS2.HOSTEANPALMS.NET

Registry Status: clientTransferProhibited

[Me0w]

Or you don't host it yourself, and you use the web hotel thru proxy. No tracks.

[condordanish]

do you mean threads? /point NO QUESTIONS HERE

[V!persting]

the e-mail thingy is super mate, now i only need to look for a noob trading site ^^ + cookies for you.

[schoolbus1337]

the logs wont update, i havent tryied with any real logons yet, but it should come up in the logs anyways?

help me what am i doing wrong, i uploaded the files onto a ftp ser, 2 different ones actually.

[Me0w]

Quote:

Originally Posted by schoolbus1337

the logs wont update, i havent tryied with any real logons yet, but it should come up in the logs anyways?

help me what am i doing wrong, i uploaded the files onto a ftp ser, 2 different ones actually.

I'm not the creator of that website so I don't know. Ask here:
[Only registered and activated users can see links. ]

[Nilrac]

Good idea!!!!

[Me0w]

Thanks. I've just sent away some e-mails with this scam, let's hope it works.

[Me0w]

I just came home from school. In school I gathered a bunch of e-mails and tried two different pages to phish with: one being the one in the first post and the other one being [Only registered and activated users can see links. ]

And now, 3-4 hours from when I came home, three accounts had fallen in! One of them being a fake, I think. The guy had filled in silly names etc, and the account didn't work. Not sure if he misunderstood the site and thought that he could make a completely new account, or that he just understood the scam.

Anyway I got two accounts so far, one of them with two 70s and several 60s and the other one with a 70 and a couple of 60-ish alts... In that short time! This definately works well with the WotLK site. I'm going to gather up some more e-mails shortly and send em all off, god knows how many accs I will get.

I've also edited the guide now, it's now using the Wotlk phishing site instead since that worked way better.

[uberhak3r]

Did you get all the right information or did you just get username and pass?

I usally spam on youtube but rarely get valid accounts.

[Me0w]

It all depends, some people send all their info and some just acc name and pass, but if you're lucky they've forgotten their SQ/A and you can at least have the account for some time. I rent them to chinese farmers during that time. I've mass spammed e-mails with the good looking template that was posted not too long ago, I think all in all I've gotten maybe 50 accounts. Starting to get a stack with useless accounts too, might give them out soon.

[schoolbus1337]

ok, i cant get the site to work properly.... ive uploaded it and shit php is enabled but it still doesnt work.....

if anyone have allready got it up and working ,and is NOT using it anymore. can i have the url for scamming myself? :P ill give +rep to anyone who does this. make sure to delete loggs in advance,.. and teach me how also lol ..

[Dreadroth]

Greetings!

You have been chosen to become a participant for our upcoming World of Warcraft expansion: Wrath of the Lich King! The beta will commence in a month from now, and we are accepting applicants for the closed beta until January 31th. However, if you are the original owner of your World of Warcraft account, you are granted a spot in the beta. All you need to do is to confirm your account, but hurry! Time is limited, and we have a selected amount of spots to fill for the beta testing period.

To accept the beta and confirm that you are the original owner of your account, you need to visit <YOUR PHISHING SITE HOTLINKED> and fill in your account information. It will take about 4-7 work days before you will receive any response.

Please do not share this website in any way. If you do, your account can and will be suspended.

Sincerely,

Blizzard Entertainment Inc
Account Administration Team
P.O Box 18979, Irvine, CA 92623



^^^
fixed a couple grammatical errors, and tweaked it a bit to make it sound more professional, in case someone uses it. ^.-

[Me0w]

Quote:

Originally Posted by Dreadroth

Greetings!

You have been chosen to become a participant for our upcoming World of Warcraft expansion: Wrath of the Lich King! The beta will commence in a month from now, and we are accepting applicants for the closed beta until January 31th. However, if you are the original owner of your World of Warcraft account, you are granted a spot in the beta. All you need to do is to confirm your account, but hurry! Time is limited, and we have a selected amount of spots to fill for the beta testing period.

To accept the beta and confirm that you are the original owner of your account, you need to visit <YOUR PHISHING SITE HOTLINKED> and fill in your account information. It will take about 4-7 work days before you will receive any response.

Please do not share this website in any way. If you do, your account can and will be suspended.

Sincerely,

Blizzard Entertainment Inc
Account Administration Team
P.O Box 18979, Irvine, CA 92623



^^^
fixed a couple grammatical errors, and tweaked it a bit to make it sound more professional, in case someone uses it. ^.-

Thanks.