Inactive Account Removal

#0 - Sept. 28, 2010, 1:15 a.m.

I received an email stating that one of my accounts has been flagged as inactive and that if I want to keep it to follow a link and input information. Normally, I NEVER follow links and will always access battle.net directly, however after trying to do that on my own and not fully being certain what I was doing I decided to click on the link. I immediately got an error message saying that the site was blocked for my protection and it wouldn't let me continue. Normally when I access a non-secure site it asks if I'm sure I want to continue. This option is not coming up.

First problem, if this email is a scam, it's a pretty good one. I cannot fully see the email address, but it starts out as being from a @blizzar... address so I'm inclined to believe that it may be real. That and it instructed me to go to battle.net (I checked multiple times to make sure there were no misspellings as is typical with scams). The grammar in general seemed to be intact as well (I know mine isn't that great, but most scams I've seen have the telltale poor grammar that anyone can spot).

Second problem, assuming this is a real email (which I was fairly certain of before I got that error) I'm not sure what I'm supposed to do to make sure that my account doesn't get purged. I went ahead and merged it with my battle.net account while I was trying to figure things out on my own (something that I didn't do when I merged my main account), but I'm not sure if that's enough to express interest in keeping this account. It was initially a second account on my main server, but after I changed servers and no longer needed two accounts I closed it. I am now reaching the point where I may need it again (with the release of Cata, I am definitely going to need a second account if I want to make anymore toons).

Any feedback would be appreciated, even if it's simply to tell me I've been duped.

Orlyia

#3 - Sept. 28, 2010, 6:44 a.m.

This is what is commonly referred to as a phish. That quite literally means someone is ‘fishing’ for information and hoping they get a bite :)

If you look at the top of this forum you’ll see a library of ones that are commonly used (or close variants thereof) under “Fake Emails from Blizzard”

http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

The proper email to report these is [email protected] – you can forward the email, headers intact to that address.

Phishes typically rely on two primal human emotions and hope they get you to react before you think through what is being asked, greed and fear. They’ll either try to entice with an offer or intimidate with a threat. There is a third variety sometimes seen where they take an otherwise 'legitimate' email of ours and doctor the links to go to a fake look-alike site.

We never ‘threaten’ an account action. If we have sufficient cause to think an account has been tampered with or needs locked down, we do it first – we don’t threaten with an ‘or else’ email.

WoW accounts are certainly not the only target of phishers. They send them out purporting to be banks, credit card companies, shipping companies – all aimed at obtaining information the thief can use to your detriment.

We will also NEVER ask for your password, or ask you to sign into some website somewhere not under our domain to login.

One way to check any email is to open up the header in your email program and check to see the actual route and sender. This is done in various ways, depending on your email program, but all can do it. Internal email addresses (what you see at the top of an email) can be spoofed very easily. Where it says it came from under sender is not necessarily true. The header of that email will show the true sender. Many spam programs actually use a comparison of these to flag suspicious emails.

Links in an email are also incredibly easy to spoof and/or redirect. Just because the URL looks legit doesn’t necessarily mean that’s where it really goes. Before clicking ANY link, in ANY email, mouse over the link and look at your bottom browser bar to see where it is reported to actually be destined.