Keylogger Email

#0 - Oct. 27, 2010, 3:13 a.m.
Blizzard Post
Can a Blizz rep put this in the right forum, I cannnot find it. Got this email a few days ago, looks authentic except the site is not secure site, ex: http://, these site look real, dont get fooled, its just a site to get yout account information, so the next day you wake up all your gold and toons are stripped.

As you know battle.net is a secured site, ex: https://

Heres the link for Blizz CS to check it out, dont link on it it is a keylogger/phishing site:

http://battle.net/

Heres the text I got with the email:

Hello,

This is an automated notification regarding your Battle.net account. Some or all of your contact information was recently modified through the Account Management website.

*** If you made recent account changes, please disregard this automatic notification.


*** If you did NOT make any changes to your account, we recommend you log in to Account Management review your account settings.

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8AM-8PM Pacific Time) or at [email protected].

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The Battle.net Support Team
Blizzard Entertainment
www.blizzard.com/support
Online Privacy Policy
#3 - Oct. 27, 2010, 6:31 a.m.
Blizzard Post
Brut, I am delighted you are questioning emails. That's a habit far more people need to get into :)

One of the very first checks you can make on ANY email is to check the internal routing headers. Those don't typically show, but every email program has a way of getting to them.

The internal routing headers will show the true sender of any email, the FROM line IN an email is incredibly easy to change - about as easy as writing a fake return address on an envelope.

Naturally there are other flags that can be looked for, spoofed links are another thing to be careful of, but checking that header first can rule something out immediately if it's not really from us.