Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Hacked again?

Forum Avatar
Bladeson
#0 - July 29, 2010, 4:41 a.m.
Blizzard Post
I got an email saying i requested a faction change even though ive never done that ever and only been on WoW for a few hours total in the last month - i clicked the link to see if i could cancel the change and it began to load, then i remember, 'oh, crap, that could have been a convincing fake' and i closed the window before anything appeared in the new window - did i back out in time or did just clicking it wreck me?

Here's a copy of the email i got:

Hello,

A Character Faction Change is now pending for the World of Warcraft account (censored). Please allow several days for the faction change process to complete. An email will be sent to you when it is done. You can also track the status of your request by signing into the Transaction page here: http://eu.blizzard.characterverify.com/faction-change-status.html.

Below is a summary of the transaction, which you may want to keep for your records.

------------------------------------------------------------------------------------------------------------------------------------------------

World of Warcraft Account Name: (censored)
TRANSACTION ID: 41286014

------------------------------------------------------------------------------------------------------------------------------------------------

Please note the following additional information:

- This account is not available for play while the faction change is pending.
- If you did not make this transaction, you should immediately check your account to prevent character lost.
- This account cannot change factions again until 3 days have elapsed.
- You can review this and other Account Management transactions by logging into Account Management and going to your Transactions page at https://eu.blizzard.characterverify.com/faction-change-status.html.
- For more details on Character Faction Change, refer to the Character Faction Change FAQ located at http://us.blizzard.com/support/article.xml?locale=en_US&articleId=28825&parentCategoryId&pageNumber=1&categoryId=2327.

You can find World of Warcraft Account Management at: http://eu.blizzard.worldofwarcraft.com/battlelogin.html

We hope you enjoy your new faction!

Regards,

The World of Warcraft Team
Blizzard Entertainment


mailkey gbhx1h.6pt97p7c.rxoa

Note: the last bit i didnt even see - it didn't show up at all until i highlighted it.

Also note: I have an authenticator, don't know whether that helps things at all for something like this.
Forum Avatar
Orlyia
#7 - July 29, 2010, 6:15 a.m.
Blizzard Post
Q u o t e:


So scan for keglogger first, then login?


To be on the safe side, yes. I'd also double check your email security - although this is probably just a random phish.

That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is hacks@blizzard.com – you can forward the email, headers intact to that address.

Phishes rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.
Forum Avatar
Orlyia
#9 - July 29, 2010, 7:45 a.m.
Blizzard Post
Q u o t e:
I ran Malwarebytes' Anti-Malware - it came up clean - think it's safe to play WoW?


One can never be certain of scans, Bladeson, but I'd change your password as a precaution.

Even running every updated scanner won't necessarily identify a new threat - that's why it's important to update any scanner immediately before use.

The authenticator is your best 'extra' layer of defense. It doesn't replace good security habits, but it does help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109