Security Warning: Phishing emails on the rise
by Robin Torres 
Apr 30th 2010 at 6:00PM
But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones.
Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.
Phishing emails from my Spam folder
Some of these are to the email that is not connected to my WoW account, which is always a red flag.
Supposedly from a Senior Game Master at donotreply@blizzard.com:
Greetings,
During an investigation of your World of Warcraft account we have determined that it has recently been involved in actions deemed inappropriate for the World of Warcraft by the In-Game Support staff of Blizzard Entertainment. Specifically, we have found strong evidence that the account in question is being sold or traded.
The email says it's from noreply@blizzard.com, but details show it is mailed by hotmail.com:
Greetings,
An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use
The from address says wowaccountadmin@blizzard.com, but is again mailed by hotmail.com:
We have verification the password for the World of Warcraft account associated with this email address. verification password, please click the following link and follow the instructions:
The link that follows here looks typed out and legitimate; but if you click on it, it takes you to a completely different site. Just because a link looks like a legitimate address, doesn't mean that it actually links to the address displayed. For example, I can tell you I'm sending you to http://pvzinsider.com, but the actual address I'm sending you to is completely different (though still containing some excellent PvZ advice). Most browsers will show you the actual address by mousing over the link, so you don't have to click through to the dangerous site to see.
The from address says support@starcraft2.com and even uses some wording from the actual invite:
Congratulations, this is your invitation to register for the beta test for Blizzard Entertainment's StarCraft® II: Wings of Liberty™! You are receiving this email because you attended a special Blizzard Entertainment event, participated in a related contest or promotion, or have otherwise been selected to join the beta-testing process. This email contains a link to the beta registration form along with instructions on how to get started.
The very friendly link, however, goes to a phishing site.
Though these are not Blizzard account related, you should probably also know the following: your Paypal account has not been limited, you haven't won an email lottery and the key to her heart is not your size. Play safe!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software. And if your account does get stolen, please see our guide on what to do next. Filed under: Account Security
Reader Comments (Page 1 of 3)
Tokkar Apr 30th 2010 6:05PM
I think I received one of these. Since I don't participate in arenas, I just deleted it. Time to change the ol' password again...just in case...not that it'll do them any good since my account is currently inactive...
kia Apr 30th 2010 6:11PM
That wouldn't actually matter. They steal inactive accounts all the time. They put stolen credit card details on to reactivate the sub.
Hooch [Quite possibly crazy] Apr 30th 2010 6:53PM
The most important thing to do is to mouse over links in the email, showing where it really goes.
For example, a link that says it is to www.battle.net will actually show up as www.wowserver.com/details.ihacku
Basically, they mask the URL, be very careful!
K G Apr 30th 2010 9:56PM
Just to inform the good readers (and staff) of WoW Insider, the 2010 Arena Tournament Registration is not closed until June 7th.
Blue Post Source:
(http://forums.worldofwarcraft.com/thread.html?topicId=24401512355&sid=1)
K G Apr 30th 2010 9:58PM
WTB: Edit button.
That being said, Blizzard would never email a player to entice them to come to the Arena Tournament.
Robin Torres Apr 30th 2010 10:02PM
@Tokkar Everyone is correct when they say that scammers reactivate inactive accounts, pay for it and farm on them happily as long as they can.
@K G Thank you! Fixed.
Tokkar May 1st 2010 1:47AM
I didn't notice anything untoward when I went there today; however, I still changed my password. Never hurts.
Thanks for the heads-up!
bep4815 Apr 30th 2010 6:06PM
slimy worms. easiest thing you can do is buy an authenticator. so much protection for a one time fee of $6.50(?) is so worth it.
Tokkar Apr 30th 2010 6:07PM
Agreed. Got mine sitting on my router. Always a good idea to routinely change your password info, too...which is what I'm about to do.
Valt Apr 30th 2010 6:12PM
Heck, its free for most mobile phones and iPhone, iPod touch.
Kurtis Apr 30th 2010 7:07PM
Actually it's $0.99 for most mobile phones, and free for iPhone, iPod Touch and Android.
Jormund Fenris Apr 30th 2010 6:15PM
I'm confused over why you've used a picture of Griftah in this post. I mean, he seems totally legit to me. He sold me an Infallibe Tikbalang Ward not long ago and i've NEVER been attacked by those nasty tikbalangs! Let's not even mention his amazing Soap on a Rope.
ladygamertn Apr 30th 2010 6:20PM
Another giveaway is that these phishing emails are sent to an email account that is not associated with my Battlenet account. I have an email account that I use to register for sites that require registration and another account for stuff like posting on forums. So I know where the phishers are getting my email accounts...
Sunhead May 1st 2010 12:04PM
This.
My account details are not the same as the e-mail I used for Battle.NET signup.
My Battle.NET address does not get used for anything other then Battle.NET.
Task Apr 30th 2010 6:22PM
It may just be me but I'm pretty sure there is no such thing as a "Senior" Game Master.. Senior Designer etc., sure I can see that.
And the fact they use Hotmail says 2 things:
1. MSN has done an awesome job giving away the scammers email origin
and
2. They're (the scammers) aren't very clever anymore..
Task Apr 30th 2010 6:24PM
That should be "not" not " aren't"...
I apologize for my lack of proofreading skills.. :(
vertigobliss86 Apr 30th 2010 6:29PM
That's true, but also some of the recipients aren't clever either.
I have countless battle.net scams in my spam folder asking about password changes X_x
Joseph Smith Apr 30th 2010 9:27PM
You forgot about 3: the gold farmers are using stolen email accounts too, and aren't picky about what service they use. Remember kids, your WOW information isn't the ONLY thong being recorded by a good keylogger
Ninjasammie May 1st 2010 4:28PM
I think you mean thing not "thong"
Kaz Apr 30th 2010 6:25PM
For some reason I received three phishing emails over the last week (never got one before). I just forwarded them to hacks@blizzard.com Hopefully, Blizz can find and put a stop to these scam artists.