Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Phishing Email? I can't tell

Forum Avatar
Boomrocket
#0 - Jan. 19, 2010, 8:41 p.m.
Blizzard Post
Hello,

I don't know enough about message headers to see if its fake or not. The reason i think its fake is the date(Sat, 25 Jul 2009), which is not today =). There is a link under "click here" which leads to www.worldofwarcraft.net(notice .net instead of .com, I can remove if necessary). I am pretty sure its fake, but I am looking for someone to confirm this as well.

*I have edited my email from this copy/paste.

---------

Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="UTF-8"
Date: Sat, 25 Jul 2009 03:43:27 +0200 [07/24/2009 08:43:27 PM CST]
Delivered-To:
From: Blizzard Entertainment <[email protected]>
MIME-Version: 1.0
Message-ID: <f39c2d82ee7b38881769772c66a07970@localhost>
Received:

* (qmail 4861 invoked from network); 18 Jan 2010 23:34:12 -0000
* from iron6.midco.net ([24.220.0.90]) (envelope-sender <[email protected]>) by mx3.midco.net (qmail-ldap-1.03) with SMTP for <>; 18 Jan 2010 23:34:12 -0000
* from unknown (HELO blizzard.com) ([58.22.162.19]) by vip.midco.net with ESMTP; 18 Jan 2010 17:34:09 -0600
* from localhost by blizzard.com (MDaemon PRO v10.1.1) with ESMTP id md50000105619.msg for <>; Tue, 19 Jan 2010 05:00:46 +0800

Reply-To: [email protected]
Return-Path: <[email protected]>
Subject: Battle.net Account - Password Change Notice
To:
X-Authenticated-Sender: [email protected]
X-Envelope-From: [email protected]
X-IronPort-AV: E=Sophos;i="4.49,299,1262584800"; d="scan'208,217";a="265510836"
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AmuxALd+VEs6FqITgWdsb2JhbACBVYIMgTcCiUQOA4ttgSMBARYkFCaHHQ6YRgKBKgGDGgGBFCCFVYEYWhQHAQMBixSBLYEGDgcBBAGBD1YE
X-MDRemoteIP: 192.168.1.103
X-MDaemon-Deliver-To:
X-MID: 265510836
X-Mailer-LID: 2,1
X-Mailer-SID: 2
X-Mailer-Sent-By: 1
X-Return-Path: [email protected]
X-Spam-Processed: blizzard.com, Tue, 19 Jan 2010 05:00:46 +0800 (not processed: spam filter heuristic analysis disabled)
Headers: Show Limited Headers
HTML Click HERE to view HTML content in a separate window.
Greetings!

This is an automated notification regarding the recent change(s) made to your Battle.net account:

Your password has recently been modified through the Account Management website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make any changes to your password, we recommend you contact Blizzard Billing & Account Services for assistance keeping your account as secure as possible.

For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Sincerely,
The Battle.net Account Team
Online Privacy Policy
Forum Avatar
Aredek
#11 - Jan. 21, 2010, 2:30 p.m.
Blizzard Post
Both of the e-mails are in fact phishing e-mails looking to fool you into clicking a dangerous link that is hyperlinked to appear safe at first glance. Please forward these e-mails to [email protected] and take a few moments to review the following thread:

Fake E-mails from "Blizzard Entertainment"
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

Should you have any questions, please let us know.