Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Noreply@blizzard.com - Phishing?

Forum Avatar
Ashthorn
#0 - July 29, 2010, 2:33 a.m.
Blizzard Post
I've recently been receiving emails from "noreply@blizzard.com".

One asked me to follow a link to opt-in the the cataclysm beta - it lead to a battle.net-looking site. Obviously, I didn't put in my account information.

I received another email today from "noreply@blizzard.com" - telling me my password has been changed and I need to go to "wowbattle-review.net" or something to fix it. It even listed the actual Blizzard customer service phone number at the bottom. Well, my password hasn't been changed and I didn't go to that website. For some reason, it lists an old date in the subject header.

Why this troubles me - the golden rule is any address ending in "blizzard.com" is real. So how am I getting phishing emails from "noreply@blizzard.com"?

From: Blizzard Entertainment <noreply@blizzard.com>
Subject: Blizzard Entertainment Cataclysm beta‏‏
Date: January 5, 2007 2:58:23 PM EST
To: <removed>
Reply-To: noreply@blizzard.com

Greetings!

This is an automated notification regarding the recent change(s)
made to your World of Warcraft account. Your password has recently been modified through the Password Recovery website.
*** If you made this password change, please disregard this notification. However, if you did NOT make changes to your password
we recommend you Login verify your password:
http://www.wowbattle-review.com/login/login.asp?ref=https://www.worldofwarcraft.com/account/&app=wam
If you are unable to successfully verify your password.
using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team Blizzard Entertainment


-------------------------------------------------------------------------------------------

I'd like it explained to me how these hackers have disguised their emails to appear to be from "noreply@blizzzard.com". This is the third email like this I've received. The first one told me my play time was about to expire, the second one asked me to opt in for the beta (as mentioned above), and this is the third one.

I only clicked on one link (the second email) and didn't type in any info. I also have an authenticator, and I use a mac (lol good for something?), so I'm not too worried. Thanks for any info!
Forum Avatar
Vrakthris
#2 - July 29, 2010, 2:37 a.m.
Blizzard Post
Q u o t e:
I'd like it explained to me how these hackers have disguised their emails to appear to be from "noreply@blizzzard.com".


Information on how they are able to spoof their return address, Ashthorn, I'm not going to be able to provide. The link below does cover how to recognize fake/phishing e-mails and how to check an e-mail to make sure it is from where it says it is from.

Fake E-mails from "Blizzard Entertainment"
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The e-mail you received is a phishing.

Cataclysm Beta Invitation or Scam? Read Me!
http://forums.worldofwarcraft.com/thread.html?topicId=25626457464&sid=1