The popular online game World of Warcraft (WoW) is being hit with a new phishing scheme that lets attackers steal players' accumulated "gold" and other treasure by luring players with offers of free "mounts" used in the online game, say security researchers at F-Secure.

It's an attack that exploits the WoW-based in-game chat to lure a player into clicking on a link. The link takes the player to a site that looks exactly like World of Warcraft and offers them free “mounts,” the fantasy horses that humans would ride or trusted wolf mounts that the Orcs prefer, which have powers like helping move the player more quickly through the game or defend them against monsters. If the victim falls for the "free mounts” phishing fraud and enters his online credentials, the attacker can take over his account and steal all the “gold” or other treasures the player accumulated in the game’s progress.

“This is like physical property, it can be traded,” said Sean Sullivan, security researcher at F-Secure about the value of the online game’s items like “gold” and “mounts,” which can bring money in auctions in sites in China, for example. The latest phishing scam to hit WoW, which F-Secure describes here, is a new twist on some of the older attacks that made use of malicious banner ads on WoW to try and install trojans on victim’s desktops.

Sullivan added that over two years ago, eBay declared a ban on auctioning WoW items like fantasy “gold,” apparently because of the fraud level. The current “mounts” phishing scam allows the successful attacker to steal whatever treasures the victim has associated with the WoW account, and then to go after other victims. F-Secure’s Internet Security 2010 product recognizes this type of phishing scam and blocks against it, the vendor says.