Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Scam from [email protected]

Forum Avatar
Laikar
#1 - May 24, 2010, 3:24 p.m.
Blizzard Post
People can "spoof" emails, which means the email in the From line is blizzard, but where it is actually from is different. That is how most of these work.

If you right click the email and look at its properties, the actual source is usually some hacked hotmail addy.
Forum Avatar
Syndri
#4 - May 24, 2010, 4:58 p.m.
Blizzard Post
To the mysterious OP: Thank you for your caution! It sounds like you received a phishing email that was sent from a masked, or "spoofed," address. Unfortunately, this practice is not uncommon and can be pretty convincing. If you would be willing to forward the email you received onto [email protected], we'd greatly appreciate it. :)

Also, if you would like to learn a little bit more about how to identify "spoofed" email addresses, go ahead and take a look at this article: http://us.blizzard.com/support/article/25133
Q u o t e:
So, if the sending address of an email is showing as @blizzard.com or @battle.net, then the email is definitely legitimate?
Actually, no. Even if you receive an email from an @blizzard.com or an @battle.net address, it's still important to remain cautious. This is because it's possible to change how a sending address appears in the "From" field of an email. The process is known as "spoofing" and may cause a phishing email to initially look like it's been sent by Blizzard Entertainment. To determine the actual sending address of an email, you will need to check the email's header information.


How do I access email header information?
Email headers contain information about the sender (who sent the email message), the path the email took to reach your inbox, and things that may have happened to the email before arriving. This information is very important and can be used to determine whether or not an email is malicious.

Most email providers and applications will allow you to view an email's header information with just a few mouse clicks. We've included instructions regarding how to access email headers using some of the more common email providers and applications below.

    For Gmail:
  • Open the email message and click the "down" arrow next to the "Reply" button. Select "Show Original."

    For Yahoo:
  • Open the email message and then click on the "Full Headers" option in the lower right-hand corner.

    For AOL:
  • Open the email message and click "Details" under the "To" field.

    For Windows Live:
  • Right-click the email message and select "View Source."

    For Hotmail and MSN:
  • Right-click the email message and select "View Message Source."


For more information on how to view the header, please review the help documentation provided by the e-mail provider or the software package. Additional details regarding how to locate header information using some of the more common applications and web-based e-mail providers can be found here (http://mail.google.com/support/bin/answer.py?hl=en&answer=22454).


What should I look for in the header?
Once you've accessed an email's header information, you'll want to attempt to verify the sending address. To do this, look at the "Return-Path" or the "originating address" for the email. For most phishing emails, the email address displayed in this location will differ from the address displayed in the "From" field.

A legitimate header from Blizzard Entertainment should look something like this:
    X-SID-PRA [email protected]
    or
    Return-Path: < [email protected] >
    Received: from smtp01.worldofwarcraft.com ([XX.XXX.XXX.XXX]) by…
    Received: from … by smtp01.worldofwarcraft.com …
    for <Your Email Address>; Tue, 29 Jan 2008 10:46:05 GMT
    From: [email protected]
    To: Your Email Address