Early phishes on MMORPGs date to 2002, when Dark Age of Camelot began warning users about bait emails, while other early efforts targeted Everquest. In January Netcraft received reports of a phishing attack seeking to steal user account details for Runescape, a free virtual world popular with younger gamers.

In South Korea, where online gaming is hugely popular, malware has been used to try and steal account details. Early this year a remote access trojan with keylogging capabilities sought to capture login details for Lineage, which has millions of users. Last month a keylogger-equipped worm was discovered stealing usernames and passwords for another Korean MMORPG, Priston Tale.

TerraNova’s Dan Hunter predicts phishing attacks may increase due to the growing trade in “game gold” and other game-related assets, which has thrived at eBay and gaming auction sites such as IGE, despite bans on such sales by most game publishers. “Presumably (the phishers) empty the account as soon as they get the password, by transferring the assets to their accounts, and then they sell the virtual assets on eBay,” writes Hunter. “It’s an indication of how significant the asset holdings are in some of these worlds, that it’s worth setting up a scam like this for the account details. And it can hardly be an accident that the first one targets EVE – a world known mostly for its trade.”

The Netcraft Toolbar is currently available for both Internet Explorer and Firefox, and automatically blocks access to known phishing sites whilst displaying the longevity, hosting location and country for each site you visit. The toolbar can be freely downloaded, and customized versions of the toolbar can provide phishing targets with a powerful tool to protect their customers and networks from Internet phishing scams.