Blizzard has come out and announced that there has been a great influx of phishing scams lately. In fact, I actually got one under my gmail account (none of my accounts are tied to this email address).
I know a lot of other sites and blogs have addressed this lately but I think it is a pretty important topic. Account security is something that every player should care about. It sucks to lose all that hard work to a careless mistake and if you are in a guild it could effect more than just yourself (we had an officer hacked and lost the whole guild bank last year).
This is the contents of the phishing e-mail that I received recently:
An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here: WoW -> Legal -> End User License Agreement
In order to keep this from occurring, you should immediately verify that you are the original owner of the account.
To verify your identity please visit the following webpage: https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.com%2Faccount%2Findex.html
Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.
This was a scam. How did I know?
Well aside from the aforementioned fact that I have no accounts tied to my gmail account the e-mail came from firstname.lastname@example.org. A legit e-mail in this nature would come from email@example.com (noreply IS a legit Blizzard e-mail address but they do not use it for important personal contact).
The biggest tip-off is that although the link shows it will bring you to www.worldofwarcraft.com it actually points to http://battlenetlogiin.110mb.com/. Notice that there is an extra i in the login. Also notice that there is no blizzard.com or worldofwarcraft.com in the address.
It looks legit, how do I check?
First, don't click through on the e-mail. Open a new browser and go to worldofwarcraft.com and log into your account that way and check your account that way. You can also try logging into the game and see if it is truly being reported (petition a GM if you need to).
DO NOT fill out any of the form that you get posted to. Blizzard has all your information already, they do not need you to give it to them again (especially your password).
Ok it's fake, now what?
Forward the e-mail to firstname.lastname@example.org. I know this is what they say to do, although I never got a confirmation or a reply as to my forward but at least they have it to investigate.
How to protect yourself:
Do yourself a favor and get an authenticator. I toted the wonders of it before but now there is an even easier way (especially since the fob is nearly always sold out). Blizzard just released an iPhone/IPod application that works as an authenticator. They plan on making it for other mobile phones in the future as well. I already have the authenticator fob so I haven't downloaded the new authenticator app but I hear that it works just the same and is very good. Best of all, it is free (as opposed to the bank breaking $6 of the fob).
Vote for this article on Massive Blips!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
New here? Subscribe to Kree's Blog by RSS or by Email.