Gaming the security – Beware of fake Diablo III beta invitations!

The long and eagerly awaited closed beta run of Diablo 3 has finally begun and Blizzard has sent out the first set of invitations to registered gamers all over the world. In order to have a chance to be among the lucky ones who can play it, you have to have a Battle.Net account and opt in for the closed beta run in the first place.

We have seen huge amounts of fraud mails in the area of gaming in the past, scaring the potential victims with disabling gaming accounts due to allegedly suspicous acitivities or security issues, luring with free bonus items and – you guessed it – invitations for a closed beta of a long awaited game or add-on of an existing – popular – game. The scheme works the same way in almost all cases: the recipient gets lured to click a given link and to type in the login credentials on the landing page – which is a replica of the original webpage of the targeted game. As a consequence, your beloved and well cared for account gets stolen!

Screenshot of legitimate invitation by Blizzard

Important note: the original invitation mail doesn’t ask you to click a link! It only tells you to log in to your Battle.Net account and visit the “Account” section to proceed. The only links given in the real mail lead to the forums, FAQ and support sections on

Phishing has come a long way by now and the quality of design and text has improved a lot over the years. Even experienced users have a hard time nowadays to identify phishing mails as such. Here’s how you can stay safe:

  • never click links in emails, always type the url manually into the address bar of your browser or use bookmarks
  • use an effective anti-spam solution to filter out phishing mails
  • if you receive an inviations mail and opted in for the beta test: try to keep cool and check if you got accepted directly in your Blizzard account – don’t trust e-mails

Aside from fake invitations, we are already seeing the first scams floating around, luring you with cracked beta versions – don’t believe them! The cyber criminals behind these scams are trying to make money with ads and surveys – the actual downloads are very likely to include malware!

And now – keep your fingers crossed to get a legitimate inviation and to beat up the skeleton king in the beta!

Gaming the security – Beware of fake Diablo III beta invitations!

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox