World of Warcraft Account Management

#0 - Sept. 30, 2009, 7:47 a.m.
Blizzard Post
I just received the following email. It has to be fake, right? How do I report it?

from wowaccountadmin@blizzard.com <wowaccountadmin@blizzard.com>
reply-to wowaccountadmin@accountadmin-blizzard.com
to danielwolden <*************@gmail.com>
date Tue, Sep 29, 2009 at 11:40 PM
subject World of Warcraft Account Management
mailed-by hotmail.com

hide details 11:40 PM (5 minutes ago)

Greetings!
It has come to our attention that you are trying to sell/trade your personal World of Warcraft account(s).
As you may or may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership. If the information is deemed accurate, the investigation will be dropped.
This action is taken because we at Blizzard Entertainment take these sales
quite seriously. We need to confirm you are the original owner of the account.
This is easiest done by confirming your personal information along with concealed information about your account.
You can confirm that you are the original owner of the account by replying to this email with:

Use the following template below to verify your account and information via email.
* First and Surname
* Date of birth
* Address
* Zip code
* Phone number
* Country
* Account e-mail
* Account name
* Account password
* Secret Question and Answer
-Or-
WoW CD-Key
Show * Please enter the correct information
If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.
We ask you to NOT change password until the investigation is fully completed.
Blizzard Entertainment Inc
Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Regards,
Account Administration Team
Blizzard Entertainment

2009-09-30
wowaccountadmin@blizzard.com
#4 - Sept. 30, 2009, 8:07 p.m.
Blizzard Post
This is what is commonly referred to as a phish. That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is hacks@blizzard.com – you can forward the email, headers intact, to that address.

Phishes rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.