Widespread wave of phishing emails reported
by Adam Holisky 
Mar 31st 2009 at 9:00AM
Over the past week WoW Insider has received an increasing number of reports of phishing emails. This means that some industrious folks have decided that now is a good time to try to steal accounts from unsuspecting players, and thus we're thinking this is a great time to remind people about the dangers of these evil emails!
Most of the current phishing emails have been telling people that their account is under investigation for account trading, and directing them to a website in which they need to fill in their complete account information along with a CD key. Obviously this website is a phishing site, and is illegitimate.
There are several things you should look for in a legitimate (or illegitimate) email from Blizzard. After the break we'll take a look at these, as well as provide some places you can go for further information.
Most of the current phishing emails have been telling people that their account is under investigation for account trading, and directing them to a website in which they need to fill in their complete account information along with a CD key. Obviously this website is a phishing site, and is illegitimate.
There are several things you should look for in a legitimate (or illegitimate) email from Blizzard. After the break we'll take a look at these, as well as provide some places you can go for further information.
How to spot a fake email
- Blizzard will never ask for your password. If the email is telling you to send it to them, then it's a fake.
- Account emails will only come from and accept replies to wowaccountadmin@blizzard.com. Anything else and it's a fake. A lot of these phishing emails are saying noreply@blizzard.com, but guess what, those are fake. Blizzard does use that email address for some things, but not when they're talking to you about your account.
- Links go to sites that are not Blizzard owned. The phishing emails that I've received recently have links pointing to sites that are clearly not Blizzard owned. Sites like zomgadamholiskyrocks.com is not a site you want to put your password into, and neither is blzard.com, wowinsidar.com, or saccovsziebart.tv. They're all fake!
If you have discovered a phishing email, then forward it to hacks@blizzard.com. I've sent a lot there, and I'm sure Blizzard is happy to get as many phishing emails as possible.
There are two more important resources that you'll want to check out.
The first is the blue sticky post about fake emails from "Blizzard Entertainment" on the customer service forums, and the second is the antivirus program AVG. If you're not running an antivirus application you're just asking for trouble.
Oh, and there's this little thing called the authenticator you should get too.
Stay safe, and watch out for the phish!
Please remember that account safety and computer security is your responsibility! While WoW Insider has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.
Filed under: Analysis / Opinion, News items, Account Security
Reader Comments (Page 1 of 3)
Keleron Mar 31st 2009 9:07AM
I got an email like this last week. It ended with @gmail.com and asked for my password both of which set a red flag off. I didn't know about hacks@blizzard.com though. Thanks for sharing.
ulon Mar 31st 2009 9:09AM
Question is: How do they get your E-MAIL?
I've never receive one of those emails. Most of the time, they get your e-mails from community website that aren't safe...
So, I recommend you don't give your real e-mail to websites, or use a junk email account as I do.
There are, as well, people who buy gold and therefore, the farmers have their emails.....
sinthar Mar 31st 2009 10:48AM
How do they get your email.
There are a few tricks, some hacking tricks i wont go into here. The simplest is via malware, where a small nasty program sends your entire email address book to someone (or more usually a program) that then uses it to email everyone you know. Others send out the emails to random addresses, and there are many other ways also (at work so not gonna write up a huge post). Reguardless how they get it- they CAN get it via many means.
My email was hacked one christmas, my email account sent out 15 million emails advertising a porn site. I never knew as they hacked the server side (good old AOL security), and they never even gave me free access to the site either :(.
Anyhow read the post above, never ever EVER give out your account or password details to ANYONE. If blizz contact you, id personally phone them up asap. Sod the cost of the call, when your risking the total cost of your WOW account. If you do, expect to find your toons nude, next to a mailbox, stripped of everything.
Jackfinished Mar 31st 2009 9:17AM
Ok, I am sorry, maybe I have worked in IT for too long, but I say let Mr. Darwin take care of this. If you honestly think Blizzard is after you for acct trading, when you haven't, or a prince from Nigeria is offering you money, and I mean you REALLY believe it then you should be scammed. I have gotten stuff like this for years and it never occurred to me that they are real.
I mean come on, If someone showed up at your door saying this or someone ran into you at the supermarket, would you believe it? No, they why is it ok for it to be a plausible via email?
/endrant
slartibart Mar 31st 2009 9:22AM
I agree with Jackfinished, I always tell my end users "does it pass the 'in person' test?"
If it's a request that you would deny over the phone, or in person, why does it become valid when tried through email?
On a side note, love the picture, I can't wait for the summer tour!
Max Mar 31st 2009 10:13AM
the thing for me was, I had received an email exactly like this one that was legitimate (they thought I was acct trading because I logged on in europe but it was a business trip etc. etc.) so my initial reaction was "oh no... not this crap again" and began to fill out all the info.
Good thing I realized the email address was wrong before I sent anything
Zarfay Mar 31st 2009 6:51PM
@Jackfinished
Does a blind person deserve to walk into a door?
dennis Mar 31st 2009 9:21AM
got an email from WOWACOUNTADMI@BLIZZARD.COM (notice the missing 'N' in Admin) this is what it read so watch out for this
Greetings!
It has come to our attention that you are trying to sell/trade your personal World of Warcraft account(s).
As you may or may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership. If the information is deemed accurate, the investigation will be dropped.
This action is taken because we at Blizzard Entertainment take these sales
quite seriously. We need to confirm you are the original owner of the account.
This is easiest done by confirming your personal information along with concealed information about your account.
You can confirm that you are the original owner of the account by replying to this email with:
Use the following template below to verify your account a nd information via email.
* First and Surname
* Date of birth
* Address
* Zip code
* Phone number
* Country
* Account Original e-mail address
* Account Now e-mail address
* Account name
Account password
* Secret Question and Answer
-Or-
WoW CD-Key
Show * Please enter the correct information
If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.
We ask you to NOT change password until the investigation is fully completed.
Only the Account Administration department can address disputes or questions you may have about this account action. To learn more about how we are able to assist you, please visit us at http://us.blizzard.com/support/article/21505.
Regards,
Lanhelly
Account Administration
please be aware this has happened to me legitamately before and Lanhelly may or may not be a name of a real GM but Zargohbah is the ONLY GM who can actually ban an account for selling/trading. If you get an email like this plz send to hacks@blizzard.com without any personal info. keep an eye out this can be dangerous.
native Mar 31st 2009 9:28AM
ok.
if this is what the emails look like and you fall for it you're an absolute idiot.
really. do we need to warn people to beware of something that screams "BEWARE".
good lord people are stupid.
Tim Mar 31st 2009 9:55AM
Actually, having gotten a ban from Blizz in the past (long story, I don't feel like getting into it, let's just say it was a misunderstanding) I can say that looks fairly similar to the actual email they send you.
Except that their email tells you to email them back, and doesn't ask for any information. But the first few paragraphs look close enough.
rick gregory Mar 31st 2009 1:52PM
"It will be ongoing for further investigation by Blizzard Entertainment's employees."
Hint - if the email contains sentences that aren't actually ENGLISH... you might want to consider that it's fake.
little_warlock Apr 1st 2009 4:34AM
I've gotten these before as well, because the email I use get spammed quite a lot, these phishers obviously buy email adresses from the same people that sell them to spammers.
With 11 million players there's enough hits in 100.000 or even 1.000.000 mails sent. Notice that the mail never actually mentions the account name.
My typical reaction is "if this is legit, let them close the account and I'll start up the recovery procedure by mailing the adress on their website, knowing that I'm actually dealing with Blizzard".
starbuck327 Mar 31st 2009 9:25AM
Hmm oddly enough I received one of these this morning. However, they made two mistakes. First, they sent it to an email no longer attached to my WoW account (already hacked once FTL), and second, it said something about the EULA ToA. I'm in the US, and I had seen this yesterday on the forums. Had I not, I'm glad that this place is my first stop in the morning and I saw the story here!
Keyra Mar 31st 2009 4:20PM
Not quite following you past the previously hacked email account, unless you are mistaking EULA to indicate something to do with Europe? If you are, "EULA" stands for "End User Licensing Agreement" and is the second thing that we agree to (along with the Terms of Service agreement) whenever we do a fresh install or Blizzard does a new patch and we load up the game.
If you knew that, then I'm not certain what being in the US and checking...um...really lost...okay, maybe I just really need some caffeine? Yes, anti-snooze medicine. Going now.
Kemikalkadet Mar 31st 2009 9:46AM
We've had an odd phishing scheme plague our guild recently. Someone made an account with the same name as one of our officers, but with an í instead of an i saying to check out a guild video with a link attached. The URL it'self was so retardly obvious it was a keylogger.. something like www12.khbf.com/wow.exe. It's happened twice in a cuple of weeks with two different officers names being used.
Lainie Mar 31st 2009 12:36PM
I had the same thing happen last night in my guild that Kemikalkadet
is reporting. I am an officer of the guild & maintain the guild
website. Someone misspelled my character's name (changed the i to a
different ASCII character i) then sent in game mails to all the other
characters in the guild. This in game mail told them to visit a
website & download a video.exe file.
I know one person in my guild downloaded it, got his password logged
& account hacked. We changed the guild message of the day to warn
people about it. Others visited the site, but did not download &
install the file.
Omestes Mar 31st 2009 3:44PM
Who the heck would download a video ending in .exe?
Nevermind, don't answer that. As with most hacks and such, it generally is completely user error. Never run .exe (or any other executable) files unless the sender is trusted, and the extention makes sense (no .jpg.exe either). Never reply to a unsolicited email with personal information, and if you must, then seek to resolve the issue on their webpage (making sure it is valid), or over the phone.
As I tell my tech illiterate friends and parents, "if someone came to your door, asking the same questions, would you answer them", and in the case of software, this question is revised to "would you let them in, without question?".
Also, use a service like spamgourmet or xoxy.net to make disposable email addresses when handing out your main email address to potential security risks. The best way to avoid phishing scams, is to never put yourself at risk in the first place.
Xcelsior Mar 31st 2009 9:47AM
I think some community site got hacked or is selling their email lists, as I got a phishing email to an account that's set up specifically for site registrations and isn't used for anything else, especially my blizzard account stuff.
I wonder how many people did get taken in by this?
Rassama Apr 1st 2009 5:48AM
I agree, very possibly these addresses come from a community site. I got one of these emails to an address I use for everything wow-related, except my account :)
I've used this address to only register with the 'well-known'-sites.
FakeSend Mar 31st 2009 9:51AM
I own a website called http://FakeSend.com
Just thought I'd mention that a ton of account email scams attempt to originate from my site, since they can make the email come from what seems to be a legit wowaccountadmin@blizzard.com email.
They way you know its a phishing email is if they send you to an external link, or ask you to reply to another email.
Just a heads up.