Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Is this legitimate? (email)

Forum Avatar
Roguesrlame
#0 - July 27, 2010, 1:30 p.m.
Blizzard Post
Found this in junk; I'm calling fake but you guys probably know better than I do.

"Greetings,

We have determined that your World of Warcraft account has been accessed/compromised by someone not authorized to do so by the World of Warcraft Terms of Use*Removed*.

To protect your privacy and security, we have temporarily disabled this account. Any recurring subscriptions have been suspended to prevent further monetary charges. In order to regain access to the account, you must complete the steps below to secure the account and your computer.

Please keep this email for your reference until the account recovery process has been completed.


STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS
Account compromises most often occur when a player shares login information with an unauthorized third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend following the *Removed* on our Account Security site at *Removed*

STEP 2: RECOVER THE ACCOUNT
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:
*Removed*


STEP 3: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.


Please be aware that if unauthorized access to this account continues after the recovery process is complete, it may lead to further action against the account.


Regards,

Neil G.
Game Master Bahrdrak
Customer Services
Blizzard Entertainment"

The email address was WoWAccountEU@blizzard.review.com
Forum Avatar
Orlyia
#2 - July 27, 2010, 2:05 p.m.
Blizzard Post
Well, that's one of the more insidious tricks they play.

Is the email 'real'? After a fashion, it is mostly ours.

What they do on these is edit the links to go to fake look-alike websites.

Pop open the internal routing header on that email - I think you'll see it did not originate from Blizzard.

This is what is commonly referred to as a phish. That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is hacks@blizzard.com – you can forward the email, headers intact to that address.

Phishes rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.
Forum Avatar
Orlyia
#6 - July 27, 2010, 2:23 p.m.
Blizzard Post
Checking the internal routing headers on ANY email is the surest way to determining it's source.