New Version of Phishing Scame Email

#0 - Dec. 10, 2009, 10:31 p.m.

Hello all,

I thought I would share a new version or twist on the old WoW Phishing scam to get you login info so your account gets hacked:

World of Wracraft Product transferred‏
From: [email protected] on behalf of [email protected] ([email protected])
Medium riskYou may not know this sender.Mark as safe|Mark as junk
Sent: Mon 12/07/09 5:33 PM
To: <removed>
Dear Valued Blizzard Customer:
The Promo Code has been successfully transferred to you and you can use it buy cheap our serive product:
Now's the time to make sure all the information associated with this domain is accurate and up to date.
Please log in to your Blizzard, Inc.(htt) account to view or change your domain details:
Go to the Blizzard home page and log in with your username or customer number and password.
From the My Products list, you can manage, renew, and upgrade your products and services.
To retrieve your customer number or password hint or to reset your password, click the "Forgot Your Password?" hyperlink in the login area on the home page.
Auto-Renew Your Account Now!
When you modify your option to Auto-Renew, you won't have to do it yourself when your Account are about to expire.
In the My Products section, select "My Product."
Use the checkboxes to select the Product(s) you want to modify, and then click "Change Auto Renew." If you selected multiple Account, enable the fields using checkboxes on the right.
Select "Automatically Renew Account."
Take 10%* off your next order at Blizzard!
After you've set up your account, enjoy 10% savings on us. The next time you visit Blizzard, simply enter source code wowcheap at checkout to receive your savings. Or mention the code when you visit
Our Website:
<removed>
Once again, welcome and congratulations on a successful Become our Customer
Sincerely,
Blizzard

HERE is another one I just received just a few hours after the one above:

Battle.net Account – Password Change Notice‏
From: Blizzard Entertainment ([email protected])
Medium riskYou may not know this sender.Mark as safe|Mark as junk
Sent: Wed 12/09/09 7:06 PM
To: <removed>

Hello

This is an automated notification regarding the recent change(s) made to your Battle.net account

Your password has recently been modified through the Account Management website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make any changes to your password, we recommend you contact Blizzard Billing & Account Services for assistance keeping your account as secure as possible.

For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Sincerely,
The Battle.net Account Team
Online Privacy Policy

Note in both that spelling is not a big issue for the sender of these fake emails - if you get one look at the header information and you'll see that the email didn't originate from Blizzard at all - you will NEVER get an email from Blizzard asking for your account info...

Beware...

Malkorix

#1 - Dec. 10, 2009, 10:36 p.m.

Thank you for spreading the word!

You can forward those emails to [email protected] along with a brief explanation to report them directly, and you can refer to our stickied thread to view examples of similar emails:

Fake E-mails from "Blizzard Entertainment"
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

Orlyia

#7 - Dec. 11, 2009, 12:43 p.m.

This is what is commonly referred to as a phish. That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is [email protected] – you can forward the email, headers intact, to that address.

Phishes rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login. If a URL has a hyphen in it, that's NOT the same thing as a period in a domain. They are hoping to catch folks unaware that just breifly glance at the URL. Cleverly misspelled domains are another trick often used.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.