Trend Micro researchers warn that players have begun receiving in-game phishing emails supposedly sent by Blizzard and inviting them to participate in the testing:
The offered link takes them to a spoofed Battle.net login page. If they enter and submit their login credentials, they are automatically sent to the phishers and used to hijack the users' account.
The researchers say that the scammers are seemingly currently targeting only users with low level characters.
"This may be part of the scam detection avoidance strategy of the bad guys, as high level characters may have more awareness to this security issue as they have spent more time in the game," they hypothesize.
By analyzing the domain in question and the server it hosts it, they also discovered a number of other phishing sites targeting World of Warcraft players, and that some of these were registered just days after the new WoW expansion pack was announced.
"This clearly shows that the bad guys are up to date and are always in the lookout for events and opportunities to expand their nefarious schemes," they concluded.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.