Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Has my account been comprimised?

Forum Avatar
Hashmere
#0 - Aug. 20, 2010, 5:44 a.m.
Blizzard Post
Lately I have been receiving strange emails from Blizzard.com but each time I try to authenticate the claims I am unable to do so on my battle.net account. The latest odd thing is the supposed purchase of the Celestial Steed, something that I have not purchased. My account is protected with an authenticator which is the only transaction I can find in my account history other than monthly payments.

Below is the email that I have received. I believe it to be genuine although I have not clicked on any of the links. Please advise if this is a legit email from blizz.

****************************************************************************************************************

Hello, thank you for shopping at the Blizzard Store!

World of Warcraft® Mount: Celestial Steed :

To use this key to activate the pet, simply follow these instructions:

* Create a Battle.net account (or if you already have one, log in) at http://www.blizzard.supportconfirmation.com/support.htm
* Verify your e-mail address. (If you have previously verified your address, skip this step.) From the main Account Management page, click the 'verify this e-mail address' link. Then, check your e-mail account for a verification e-mail. Click the link in this e-mail to verify your e-mail address.
* Return to the Battle.net account management page, then click on 'Code Redemption'.
* Enter the above Pet Key in the code field.
* Once you have successfully redeemed this code, you will be able use the pet in World of Warcraft.


NOTE: If you have previously chosen to gift your digital purchase, attaching this key to their Battle.net account will prevent the gift recipient from being able to redeem this key with your Battle.net account.

===========================================
Purchase Receipt
===========================================
Customer Account:
Order Date: 2010-8-19
Order #:

(1) World of Warcraft® Mount: Celestial Steed - $25.00

Credit Card Number : ****-****-****-
Credit Card Type : Visa
Item Subtotal: $25.00
Tax: $0.00
Shipping & Handling: $0.00
Shipping Tax: $0.00
Grand Total: $25.00
===========================================

If you have any questions or concerns about your order, please contact us at:

Phone: Toll-free at (1-800-592-5499)
Website: http://www.blizzard.supportconfirmation.com/support.htm

Live phone support is available seven days a week, 8:00AM - 8:00PM Pacific Time.

Thanks for shopping with us!
Blizzard Customer Service
Forum Avatar
Orlyia
#2 - Aug. 20, 2010, 5:46 a.m.
Blizzard Post
This is what is commonly referred to as a phish. That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is hacks@blizzard.com – you can forward the email, headers intact to that address.

Phishes rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.
Forum Avatar
Orlyia
#4 - Aug. 20, 2010, 5:49 a.m.
Blizzard Post
Q u o t e:
I am amazed that this is a phising scam. It absolutely looks legit to me. What tips it off as being a scam other than the fact my bnet account doesn't show said transactions?


They have been sending those out for random things, SC2, the Steed, etc.

It's just a variation of them using our other 'real' emails and doctoring the links to redirect to fake sites.

NEVER trust the FROM line in an email, check the internal routing headers for the sender. Also, never trust that a link goes where it says it will.