Advertisement
Pages: [1]
« previous next »
Print
Author Topic: How to spot fake 'Blizzard' emails  (Read 638 times)
Amaranthea
Administrator
Hero Member
*****
Posts: 1345
« on: May 22, 2010, 08:06:24 pm »
How to spot fake 'Blizzard' emails

World of Warcraft players are increasingly targetted by fake phishing emails designed to steal the player's account.  These emails are getting increasingly devious in their techniques.  In this guide we will talk about ways to tell whether an email is fake, what to do if you get a fake one, and also some examples of some of the fake emails we have encountered. 

How do you tell if the email is real or fake?

Note: This section of the guide is taken from Nephadne's brilliant guide over on the official forums which can be found here

Here are a few key points you can check straight away in order to determine whether an email is genuine.

  • Emails from Blizzard will always originate from an @blizzard.com or an @battle.net email address.
  • Any correspondence sent from Blizzard Entertainment will make use of correct spelling and grammar.  Multiple typographical errors, unusual sentence structure or obvious grammatical inaccuracy should serve as an immediate warning to proceed with caution.
  • Blizzard employees will never ask you for your account password via any means.  No matter how official or legitimate an email may look, if such information is requested then it is simply not from Blizzard Entertainment.
  • Phishing mails will frequently claim that an account has violated, or been found in breach of, a specific policy. These mails often employ intimidating wording and claim extreme actions (including account closure or termination) will be taken should the player not ‘verify ownership’ of their account.  This is not a standard practice of Blizzard Entertainment.
  • Phishing mails may also appear to offer complimentary, and often hitherto unheard-of, in-game pets or mounts, periods of game time credit, or special advance access to Alpha and Beta versions of forthcoming Blizzard games.  These mails can often seem too good to be true, and as a result they likely are! Please double-check the existence of anything mysteriously offered to you via an email, and do not accept any ‘offers’ you cannot confirm as official.
  • In many cases, these fake emails will request that account owners visit a specific (malicious) website, where they will be asked to “log in”. While these sites can on occasion be extremely similar in appearance to actual Blizzard pages, inputting one’s login details therein will directly submit it to the companies or individuals in question (thereby instantly rendering the account liable to compromise).  If ever asked to click through to a website linked within an email, please be very wary – double-check the destination of the hyperlink before you click.

So, this email comes from someone showing as @blizzard.com  or @battle.net. That means it’s real, right?

Unfortunately, no. The appearance of an official email address as the sender is not enough to guarantee an email’s veracity, and you should still remain cautious. This is due to the fact that it is possible to alter the appearance of a sender address in the “From” field of an email, and this process (known as ‘spoofing’) may cause a malicious email to seem as if sent from Blizzard.

In order to verify the actual sender address of any email you receive, you will need to check the email header information.

What’s an email header? How do I find it, and what am I looking for?

Most email clients and providers will allow you to view more information about the email than is normally shown, including specific details about the sender, the path the email took in reaching your inbox, and any other redirections that the email may have been subject to prior to arriving in your mailbox.

For more information on how to check this data, including some specific details for some of the more common email providers, please see the following Blizzard Support site article;

How to Identify "Spoofed" Email Addresses
http://eu.blizzard.com/support/article.xml?locale=en_EN&articleId=43010

OK, but the links in my email look right. You said something about needing to ‘double-check’ them?

Yes, indeed. Through the use of HTML coding, it is possible for an email link that looks perfectly harmless to lead you somewhere else entirely (and inevitably to a fake website).

Depending on your Internet browser or email client, you can sometimes see the destination URL a link will use displayed in the bottom corner of your window, or in a hovering tooltip.
However, for a non-specific means of uncovering the URL that any hyperlink will direct you to, you may use the following steps;

Right-click the link, and then select ‘Copy Shortcut’, ‘Copy Link Location’, ‘Copy Hyperlink’ or similar;
Paste this information into a text-based application so that you may examine the address to be used.

If you are ever in doubt about the veracity of a link, it is always safer to navigate there yourself.

Why am I getting these emails in the first place? I don’t remember giving my email address out to anyone.

Most commonly, ‘databases’ of potential player email addresses will have been compiled through the use of any unofficial World of Warcraft web pages (such as fan sites, wikis or guild websites), as well as social networking sites (like Facebook, Myspace or Beebo), so your email address will likely have been on display inadvertently without you ever specifically giving it out.

The most reliable way to stop receiving these types of mails, and also to provide an extra bit of security to your account, is to consider creating a new email address purely dedicated to World of Warcraft and Battle.net use.
During the creation process, do make sure that no part of the new address or password coincides with your previous email addresses, passwords, nicknames or profile information on any of the above sites, and that you avoid using this new email account for anything other than Battle.net in the future.

NOTE: As touched on above, with your Battle.net email address also functioning as your account name, using a dedicated, secret email account can actually help secure or increase the protection on your World of Warcraft account.

(Thanks again to Nephadne for the content of this section)

Hmm.....I kinda clicked on a fake email and told them my account details, shoe size, etc..... HALP!

First of all, no need to panic.  Usually all damage is reversable.

If you can, try changing your password at: https://eu.battle.net/account/management/
If this does not work, you will need to follow our account recovery guide: http://www.bamboobix.info/index.php?topic=1331
You should also review our account security guide: http://www.bamboobix.info/index.php?topic=1136

Remember, keep calm, have patience, and all will be fixed up as quickly as possible.

Can I report these fake emails anywhere?

Glad you asked!  There are two places to report these emails.

The first is by sending them directly to Blizzard.  Simply forward them to hacks@blizzard.com

The second option is to send them to us by forwarding them to hacks@bamboobix.info
If you forward them to us, here is what we will do with them.  Firstly, rest assured we will forward them directly to Blizzard for you. We will also check them to see if they are a new variation, and if they are we will add them to the examples section of this guide. By doing this you are helping us, and other players to be more aware of the possible scams.  All personal information will of course be removed prior to publication.  Sending them to us is optional.

Thanks for reading, and keep safe!

Example Phishing Emails

Please note, all these are FAKE emails that players have received.  We post them here (without any personal information or dangerous links) to help players see what kinds of phishing emails are out there.

Quote
From: noreply@blizzard.com
To: <snip>
Subject: Blizzard Identification
Date: Fri, 21 May 2010 17:14:55 +0800

Dear customer,

This is an automated notification sent from our account security system. You logined your account successfully at 4:27 on April 26th form the 125.31.118.* range, but our system shows the 125.85.152.* IP range exists a large number of hackers. As too many customer complaints, the 125.28.193.* IP range has been blacklisted. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you check your account status here as soon as possible. If you have any questions, please visit <fake spoofed address>

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

Blizzard account system
Blizzard Entertainment

Quote
From: noreply@blizzard.com
To: <snip>
Subject: Battle.net User Compensation
Date: Sun, 16 May 2010 12:03:27 +0800

Hello, Dear players,because the network of World of Warcraft had broken off,Blizzard decided to give each player certain compensation. please visit:( <fake website> ) and receive compensation for goods.

Quote
From: noreply@blizzard.com
To: <snip>
Subject: World of Warcraft Account Cancelled Notification
Date: Sun, 28 Mar 2010 03:48:58 +0800

Hello

This message is being sent to confirm that all credit card information will be removed from your World of Warcraft account, effectively cancelling its recurring subscription. The account will not bill or renew any further unless new payment information (credit card or game card) is manually entered in.

The account will remain playable for the remaining time it has already paid for. This account's current prepaid time will expire soon.

If you have not cancelled your subscription, you should check your account status as soon as possible, you can log into your Account Management page at this link, using your account name and password:

<Fake address made to look like a genuine one>

At this time, Blizzard has no plans to delete or "expire" characters, even if an account is deactivated or cancelled.  This means that all of your characters and their progress will be retained on our servers.  Should you decide to return to World of Warcraft and reactivate your account, you will be able to pick up your characters again wherever you left off.

In the event you have any other billing questions or concerns, please feel free to contact our Billing & Account Services team for support.  You can reply to this email directly, or call 1-800-59-BLIZZARD (800-592-5499) for live phone support between 8am and 8pm Pacific Time.  Users in Australia should please call 800-041-378, if the standard 800 line does not work for them.

Regards,

Billing & Account Services
Blizzard Entertainment
billing@blizzard.com

Quote
From: noreply@blizzard.com
To: <snip>
Subject: World of Warcraft Blizzard Entertainmen
Date: Sun, 4 Jul 2010 18:05:33 +0800

 Greetings!

This is an automated notification regarding the recent change(s)
As you may or may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.
 If the information is deemed accurate, the investigation will be dropped.
This action is taken because we at Blizzard Entertainment take these sales
quite seriously. We need to confirm you are the original owner of the account.
This is easiest done by confirming your personal information along with concealed information about your account.
we recommend you Login verify Information your account:
<snipped>

If you ignore this mail your account can and will be closed permanently. Once we verify your account,
we will reply to your e-mail informing you that we have dropped the investigation.
billing@blizzard.com. Account security is solely the responsibility of the account
holder. Please be advised that in the event of a compromised account, Blizzard
representatives typically must lock the account. In these cases the Account
Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
Blizzard Entertainment Inc Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Blizzard Entertainmen

Quote
From: noreply@blizzard.com
To: <snip>
Subject: World of Warcraft - Account
Date: Tue, 6 Jul 2010 05:31:19 +0800

Greetings,
An investigation of your World of Warcraft account has found strong evidence that the
account in question is being sold or traded.
As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
 and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use
The investigation will be continued by Blizzard administration to determine the
action to be taken against your account.
 If your account is found violating the EULA and Terms of Use, your account can,
and will be suspended/closed/or terminated. In order to keep this from occurring,
you should immediately verify that you are the account.
To verify your identity please visit the following webpage:
<snip>
Only Account Administration will be able to assist with account retrieval issues.
Thank you for your time and attention to this matter,
and your continued interest in World of Warcraft.
Blizzard Entertainment Inc Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Blizzard Entertainmen

This next one is something to watch out for.  Unless you have a faction change in progress, Blizzard will obviously not email about one.  So if you do get an unexpected email about one that doesn't exist, then don't trust it!  Below is an example of a fake one.

Quote
Hello,

        A Character Faction Change for the character Kalaneer is now pending for the World of Warcraft account <your email>. Please allow several days for the faction change process to complete. An email will be sent to you when it is done. You can also track the status of your request by signing into the Transaction page here: https://www.worldofwarcraft.com/character/faction-change-status.html. <Note:  This when clicked would take you to a malicious website>
               
Below is a summary of the transaction, which you may want to keep for your records.

------------------------------------------------------------------------------------------------------------------------------------------------

World of Warcraft Account Name: <your email>
TRANSACTION ID: 38303185

------------------------------------------------------------------------------------------------------------------------------------------------

Please note the following additional information:

-   This account is not available for play while the faction change is pending.
-   If you did not make this transaction, you should immediately check your account to prevent character lost.
-   This account cannot change factions again until 3 days have elapsed.
-   You can review this and other Account Management transactions by logging into Account Management and going to your Transactions page at https://www.wow-europe.com/character/faction-change-status.html.
-   For more details on Character Faction Change, refer to the Character Faction Change FAQ located at http://us.blizzard.com/support/article.xml?articleId=39810.

You can find World of Warcraft Account Management at: https://www.worldofwarcraft.com/account <also would link to a dodgy site>

We hope you enjoy your new faction!

Regards,

The World of Warcraft Team
Blizzard Entertainment

Quote
From: billing@blizzard.com <billing@blizzard.com>
Date: Fri, Jul 2, 2010 at 12:29 AM
Subject: World of Warcraft Account - Subscription Change Notice
To: <snip>


Hello,
 
This is an automated notification regarding your World of Warcraft account. Your account options was recently modified through the Account Management website.
 
If you made this change to your subscription type, please disregard this automatic notification.
 
*** If you did NOT make any changes to your account or subscription, we recommend you login to Account Management at the following link to review your account settings:
<fake address that looks real>
 
If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for advanced assistance.
 
Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8Am-8PM Pacific Time) or at billing@blizzard.com.
 
Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
 
Regards,
 
The World of Warcraft Support Team
Blizzard Entertainment
http://www.blizzard.com/support/wowindex


Quote
Subject:     Blizzard Store Order #75766 - StarCraft II®: Wings of Liberty™
Date:    Mon, 2 Aug 2010 15:07:13 +0800
From:    Blizzard Entertainment <scam email address that may or may not look like Blizzard's>
Reply-To:    <definate scam email address>
To:    <snip>


Hello, thank you for shopping at the Blizzard Store!

StarCraft II®: Wings of Liberty™: 3561977797961649164783930

To use this key to activate the game, simply follow these instructions:

    * Create a Battle.net account (or if you already have one, log in) at <nasty fake web address of doom™>
    * Verify your e-mail address. (If you have previously verified your address, skip this step.) From the main Account Management page, click the 'verify this e-mail address' link. Then, check your e-mail account for a verification e-mail. Click the link in this e-mail to verify your e-mail address.
    * Return to the Battle.net account management page, then click on 'Code Redemption'.
    * Enter the above CDKey in the code field.
    * Once you have successfully redeemed this code, you will be able to play the game.


NOTE: If you have previously chosen to gift your digital purchase, attaching this key to their Battle.net account will prevent you from being able to redeem this key with your Battle.net account.

===========================================
Purchase Receipt
===========================================
Customer Account: <some email that may or may not be yours>
Order Date: 2010-8-2
Order #: 1760303

(1) StarCraft II®: Wings of Liberty™ - $59.99

Credit Card Number : ****-****-****-4437
Credit Card Type : Visa
Item Subtotal: $59.99
Tax: $0.00
Shipping & Handling: $0.00
Shipping Tax: $0.00
Grand Total: $59.99
===========================================

If you have any questions or concerns about your order, please contact us at:

Phone: Toll-free at (1-800-592-5499)
Website: <another web address of doom™>

Live phone support is available seven days a week, 8:00AM - 8:00PM Pacific Time.

Thanks for shopping with us!
Blizzard Customer Service
« Last Edit: August 05, 2010, 07:37:06 pm by Amaranthea » Logged
Pages: [1]
Print
« previous next »
Jump to:  


Advertisement

World of Warcraft® and Blizzard Entertainment® are all trademarks or registered trademarks of Blizzard Entertainment in the United States and/or other countries.
These terms and all related materials, logos, and images are copyright © Blizzard Entertainment.  This site is in no way associated with or endorsed by Blizzard Entertainment®.

© 2009-2010 Coven of the Blue Panda™
Terms of Use | Privacy Policy