Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Blizzard.com now a scam?

Forum Avatar
Seleron
#0 - June 12, 2010, 7:17 p.m.
Blizzard Post
I'm a little confused. My friend and I were told anything from blizzard.com was supposed to be save, such as emails from them. Yet checking his email today he came across one from [email protected] saying he needed an authenticator or his account would be frozen. The website linked in the email was detected as a phishing website by his anti-virus. The website asked for his account name and password but he didn't enter in anything. Now we're confused, why are blizzard emails now including fake websites?
Forum Avatar
Syndri
#6 - June 12, 2010, 7:41 p.m.
Blizzard Post
Q u o t e:
Yet checking his email today he came across one from [email protected] saying he needed an authenticator or his account would be frozen.

[...]

Now we're confused, why are blizzard emails now including fake websites?


The way a sending address appears in the "From" field of an email can actually be manipulated. This process is known as "spoofing" or masking, and malicious parties will often use it to make a phishing email look more official.

If you ever receive an email that appears to be from Blizzard Entertainment, but still seems suspicious, don't take the sending address at face value. Always check the email's header information to find its source.

Here's how:

    So, if the sending address of an email is showing as @blizzard.com or @battle.net, then the email is definitely legitimate?
    Actually, no. Even if you receive an email from an @blizzard.com or an @battle.net address, it's still important to remain cautious. This is because it's possible to change how a sending address appears in the "From" field of an email. The process is known as "spoofing" and may cause a phishing email to initially look like it's been sent by Blizzard Entertainment. To determine the actual sending address of an email, you will need to check the email's header information.


    How do I access email header information?
    Email headers contain information about the sender (who sent the email message), the path the email took to reach your inbox, and things that may have happened to the email before arriving. This information is very important and can be used to determine whether or not an email is malicious.

    Most email providers and applications will allow you to view an email's header information with just a few mouse clicks. We've included instructions regarding how to access email headers using some of the more common email providers and applications below.

      For Gmail:
      Open the email message and click the "down" arrow next to the "Reply" button. Select "Show Original."

      For Yahoo:
      Open the email message and then click on the "Full Headers" option in the lower right-hand corner.

      For AOL:
      Open the email message and click "Details" under the "To" field.

      For Windows Live:
      Right-click the email message and select "View Source."

      For Hotmail and MSN:
      Right-click the email message and select "View Message Source."


    For more information on how to view the header, please review the help documentation provided by the e-mail provider or the software package. Additional details regarding how to locate header information using some of the more common applications and web-based e-mail providers can be found here (http://mail.google.com/support/bin/answer.py?hl=en&answer=22454).



This information plus much, much more can be found in the following article from the Knowledge Base:




Let me know if you have any further questions, Seleron! And be sure to encourage your friend to forward on that email to [email protected].