Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Is this a valid E-mail?

Forum Avatar
Cerenia
#0 - Aug. 24, 2010, 10:55 a.m.
Blizzard Post
I recently received an email from [email protected] that said the following:


Dear customer,
Due to suspicious activity, the Battle.net account [email protected] has been locked. You tried to login your account on 2010-8-22 from several different IP.
We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:
Step 1: Secure Your Computer
In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.
Step 2: Secure Your E-mail Account
After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.
Step 3: Restore access to Your account
We now provide a secure website for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: (address removed)
If you still have questions or concerns after following the steps above, feel free to contact Customer Support at http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20606.
Sincerely,
The Battle.net Account Team
Online Privacy Policy

I have an authenticator and a long password that I've never shared with anyone or use for anything else online, as well as several anti-virus/malware scanners that I run bi-weekly so despite being a professional-looking email, I wasn't so sure I had been hacked. The link provided seems to lead to battle.net, I didn't login however, but closed the browser, then re-opened and went to the official bnet from there. I was able to login to battle.net as well as WoW and none of my items are missing and no toons have been moved/deleted.

Is this another phishing attempt? If it is, they're getting good. Thank you for your time and sorry for the long post.
Forum Avatar
Orlyia
#2 - Aug. 24, 2010, 11:01 a.m.
Blizzard Post
This is what is commonly referred to as a phish. That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is [email protected] – you can forward the email, headers intact to that address.

Phishes rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.