Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Phishing Email?

Forum Avatar
Grinsom
#0 - Oct. 18, 2010, 11:45 p.m.
Blizzard Post
I got an email from Blizzard Entertainment ([email protected]) That said
________________________________________________________________________________________
Greetings!

In order to make our servers more efficient, we are taking the time to remove inactive accounts. We are mass mailing all email addresses registered to World of Warcraft accounts to target those that are inactive. If you are currently active in the World of Warcraft, or plan on picking up where you left off the in the future, please continue reading. If you do not foresee yourself ever rejoining us, please disregard this message.

Please take a moment and login to your Battle.net Account to verify and maintain your enjoyable gameplay experience:
_________________________________________________________________________________________

Now, I notice that there was a grammar mistake in the "you left off the in the future" But the problem was that the from looked so legit @blizzard.com

I opened up the header information and it said;


_________________________________________________________________________________________
Received: from blizzard.com ("ip adress goes here) by Bay0-mc1-f12.bay0.hotmail.com with microseft smtpsvc (6.0.3790.4675)
From: "Blizzard Entertainment" <[email protected]>
_________________________________________________________________________________________


Now, if this were a legitimate email, the "by" part of it should have been @blizzard as well right? But it says from blizzard in the header as well. Just wanted to

A) get a clarification on what I'm looking for in the header and
B) Warn people about this particular email.
Forum Avatar
Zenlyth
#5 - Oct. 19, 2010, 1:48 a.m.
Blizzard Post
Heya Grinsom,

This is not a legit email. Here is some information that can show you how to verify if an email is legit or not and what to look for in the header.

    http://us.blizzard.com/support/article/25133

    What should I look for in the header?

    Email headers contain information about the sender (who sent the email message), the path the email took to reach your inbox, and things that may have happened to the email before arriving. This information is very important and can be used to determine whether or not an email is malicious.
    Once you've accessed an email's header information, you'll want to attempt to verify the sending address. To do this, look at the "Return-Path" or the "originating address" for the email. For most phishing emails, the email address displayed in this location will differ from the address displayed in the "From" field.

      A legitimate header from Blizzard Entertainment should look something like this:

      X-SID-PRA [email protected]
      or
      Return-Path: < [email protected] >
      Received: from smtp01.worldofwarcraft.com ([XX.XXX.XXX.XXX]) by…
      Received: from … by smtp01.worldofwarcraft.com …
      for <Your Email Address>; Tue, 29 Jan 2008 10:46:05 GMT
      From: [email protected]
      To: You’re Email Address


    If you believe you've received a phishing email, please forward the email to [email protected] , at your earliest convenience. When forwarding the email, copy and paste the entire email header into the message body to ensure that we are able to identify the source. This information will help us prevent future phishing emails of the same type.
For similar emails and what to look for when you receive emails from us, please visit this thread:
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1