Recently, Polar over at Securing WoW wrote about the latest phishing email being sent out by scammers. Account thieves are using the 2010 Arena Tournament as a way to lure you to their site to steal your login info. (Registration for the tournament
But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones.
Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.
Phishing emails from my Spam folder
Some of these are to the email that is not connected to my WoW account, which is always a red flag.
Supposedly from a Senior Game Master at email@example.com:
During an investigation of your World of Warcraft account we have determined that it has recently been involved in actions deemed inappropriate for the World of Warcraft by the In-Game Support staff of Blizzard Entertainment. Specifically, we have found strong evidence that the account in question is being sold or traded.
The email says it's from firstname.lastname@example.org, but details show it is mailed by hotmail.com:
An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
The from address says email@example.com, but is again mailed by hotmail.com:
We have verification the password for the World of Warcraft account associated with this email address. verification password, please click the following link and follow the instructions:
The link that follows here looks typed out and legitimate; but if you click on it, it takes you to a completely different site. Just because a link looks like a legitimate address, doesn't mean that it actually links to the address displayed. For example, I can tell you I'm sending you to http://pvzinsider.com, but the actual address I'm sending you to is completely different (though still containing some excellent PvZ advice). Most browsers will show you the actual address by mousing over the link, so you don't have to click through to the dangerous site to see.
The from address says firstname.lastname@example.org and even uses some wording from the actual invite:
Congratulations, this is your invitation to register for the beta test for Blizzard Entertainment's StarCraft® II: Wings of Liberty™! You are receiving this email because you attended a special Blizzard Entertainment event, participated in a related contest or promotion, or have otherwise been selected to join the beta-testing process. This email contains a link to the beta registration form along with instructions on how to get started.
The very friendly link, however, goes to a phishing site.
Though these are not Blizzard account related, you should probably also know the following: your Paypal account has not been limited, you haven't won an email lottery and the key to her heart is not your size. Play safe!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software. And if your account does get stolen, please see our guide on what to do next.
Filed under: Account Security