Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Just got 2 emails from Blizzard. FAKE or REA?

Forum Avatar
Prophec
#0 - Oct. 5, 2010, 5:33 p.m.
Blizzard Post
1st mail.

Dear customer,

Due to suspicious activity, the Battle.net account [email protected] (that was my e-mail) has been locked. You logined your account successfully at 5:49:10 on 2010-10-5 from the <removed>, but our system shows this IP isn't your registered IP. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail Account

After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

Step 3: Restore access to Your account

We now provide a secure website for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: <malicious link removed>

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20606.

Sincerely,
The Battle.net Account Team
Online Privacy Policy

Message ID xzymcy8mmweutn9jljx6e6sd8w0pnnfk9oeazllev4qc
Identity ID tw3kjyrrbzsahkldmdonccyo1hfnzbk1ogfdnmqv42xr

------------------------------------------

2nd mail.

Greetings!

It has come to our attention that you are trying to sell your personal World of Warcraft account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with:
<malicious link removed>

Login to your account, In accordance following template to verify your account.

* First and Surname
* Secret Question and Answer
Show * Please enter the correct information

If you ignore this mail your account can and will be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment
http://www.blizzard.com/support/
World of Warcraft , Blizzard Entertainment 2010

------------------------------------------

I haven't logged on to WoW in awhile.. only SC2 and I didn't make any offer to sell my account.. whats going on? Are these mails fake or real and did I get hacked? I'm scared to click on those links.
Forum Avatar
Zenlyth
#12 - Oct. 7, 2010, 11:02 p.m.
Blizzard Post
Heya,

The best way to tell if the email is legit or not, is to check the headers on all Blizzard emails you receive from us. Below is some information that can show you how to verify if an email is legit or not.

    http://us.blizzard.com/support/article/25133

    What should I look for in the header?

    Email headers contain information about the sender (who sent the email message), the path the email took to reach your inbox, and things that may have happened to the email before arriving. This information is very important and can be used to determine whether or not an email is malicious.
    Once you've accessed an email's header information, you'll want to attempt to verify the sending address. To do this, look at the "Return-Path" or the "originating address" for the email. For most phishing emails, the email address displayed in this location will differ from the address displayed in the "From" field.

      A legitimate header from Blizzard Entertainment should look something like this:

      X-SID-PRA [email protected]
      or
      Return-Path: < [email protected] >
      Received: from smtp01.worldofwarcraft.com ([XX.XXX.XXX.XXX]) by…
      Received: from … by smtp01.worldofwarcraft.com …
      for <Your Email Address>; Tue, 29 Jan 2008 10:46:05 GMT
      From: [email protected]
      To: You’re Email Address


    If you believe you've received a phishing email, please forward the email to [email protected] , at your earliest convenience. When forwarding the email, copy and paste the entire email header into the message body to ensure that we are able to identify the source. This information will help us prevent future phishing emails of the same type.
For similar emails and what to look for when you receive emails from us, please visit this thread:
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1