Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is an example of social engineering techniques used to fool users. The most common method of phishing is by sending misleading e-mails that point to web sites masquerading as legitimate account holding institutions.
For World of Warcraft players, the most frequently encountered type of phishing are e-mails that pretend to be sent from Blizzard Entertainment, but usually point to some domain or URL that sound similar to a legitimate one, but is not.
Below is one of the more amusing examples of a phishing email. Notice the extraordinarily defeative lack of correct or consistent spelling or grammar. On occasion, the email will also consist of more than one type font.
Of particular note with WoW phishing emails is that the link to battle.net which is given always refers to a misleading URL. Always check the URL target on a supposed email from Blizzard by hovering over the link in any email.
Subject: World of Warcraft:Cataclysm survey
Date: Mon, 13 Jun 2011 22:00:42
World of Warcraft:Cataclysm survey
Dear players,big disaster has arrived. We are closely watching the development of the game. In this beautiful moment to thank all the players.We have to do a surey to obtain some information used to adjust some details of the game in order to obtain better service. please sign the following links:
survey of vote after the vote we will adjust the information for statistical details of the game. You work with our playres,please,thank you. After the questionnaire had the palayers to vote will receive a mystery gift.
Advice and FAQ from Blizzard to avoid phishing scams
EU blue posts
#1 - Fake or ‘Phishing’ E-mails from Blizzard | 2011-10-12 15:30 |Nephadne
All new topics created regarding phishing mails/websites will be locked and redirected to this thread; please make sure you read the entire sticky before you post.
TL;DR? We've turned some of the information in this sticky into a video on YouTube!http://bit.ly/qIJc3Y
We have been seeing a troubling increase in the number of fake or ‘phishing’ emails being sent to players, all appearing legitimate and official and seemingly originating from Blizzard Entertainment.
These emails, created for the criminally fraudulent process of attempting to acquire sensitive details (account names, passwords, or other account information), may promise exclusive in-game items, bonus game time, or ‘specially selected’ Alpha/Beta invitations to upcoming Blizzard releases.
More commonly, and undeniably more worryingly, they may even threaten dire account-related action unless the player provides his or her login information, or follows a specified website link (usually to ‘verify the legitimacy of the account’).
Please do NOT fall for these scams!
REMEMBER: Neither Blizzard nor its employees will EVER ask for your password.
#2 - Fake or ‘Phishing’ E-mails from Blizzard | 2010-12-05 18:02 |Nephadne
I’ve received an email just like this – is it a fake? How can I tell?
There are a few key points you can check straight away in order to determine whether an email is genuine.
Emails from Blizzard will always originate from an @blizzard.com or an @battle.net email address. Any correspondence sent from Blizzard Entertainment will make use of correct spelling and grammar.
Multiple typographical errors, unusual sentence structure or obvious grammatical inaccuracy should serve as an immediate warning to proceed with caution.Blizzard employees will never ask you for your account password via any means.
No matter how official or legitimate an email may look, if such information is requested then it is simply not from Blizzard Entertainment.Phishing mails will frequently claim that an account has violated, or been found in breach of, a specific policy. These mails often employ intimidating wording and claim extreme actions (including account closure or termination) will be taken should the player not ‘verify ownership’ of their account.
This is not a standard practice of Blizzard Entertainment.Phishing mails may also appear to offer complimentary, and often hitherto unheard-of, in-game pets or mounts, periods of game time credit, or special advance access to Alpha and Beta versions of forthcoming Blizzard games.
These mails can often seem too good to be true, and as a result they likely are! Please double-check the existence of anything mysteriously offered to you via an email, and do not accept any ‘offers’ you cannot confirm as official.In many cases, these fake emails will request that account owners visit a specific (malicious) website, where they will be asked to “log in”. While these sites can on occasion be extremely similar in appearance to actual Blizzard pages, inputting one’s login details therein will directly submit it to the companies or individuals in question (thereby instantly rendering the account liable to compromise).
If ever asked to click through to a website linked within an email, please be very wary – double-check the destination of the hyperlink before you click.
So, this email comes from someone showing as @blizzard.com or @battle.net. That means it’s real, right?
Unfortunately, no. The appearance of an official email address as the sender is not enough to guarantee an email’s veracity, and you should still remain cautious. This is due to the fact that it is possible to alter the appearance of a sender address in the “From” field of an email, and this process (known as ‘spoofing’) may cause a malicious email to seem as if sent from Blizzard.
In order to verify the actual sender address of any email you receive, you will need to check the email header information.
What’s an email header? How do I find it, and what am I looking for?
Most email clients and providers will allow you to view more information about the email than is normally shown, including specific details about the sender, the path the email took in reaching your inbox, and any other redirections that the email may have been subject to prior to arriving in your mailbox.
For more information on how to check this data, including some specific details for some of the more common email providers, please see our Support site article;
#3 - Fake or ‘Phishing’ E-mails from Blizzard | 2010-12-05 18:05 |Nephadne
Why am I getting these emails in the first place? I don’t remember giving my email address out to anyone.
Most commonly, ‘databases’ of potential player email addresses will have been compiled through the use of any unofficial World of Warcraft web pages (such as fan sites, wikis or guild websites), as well as social networking sites (like Facebook, Myspace or Bebo), so your email address will likely have been on display inadvertently without you ever specifically giving it out.
The most reliable way to stop receiving these types of mails, and also to provide an extra bit of security to your account, is to consider creating a new email address purely dedicated to World of Warcraft and Battle.net use.
During the creation process, do make sure that no part of the new address or password coincides with your previous email addresses, passwords, nicknames or profile information on any of the above sites, and that you avoid using this new email account for anything other than Battle.net in the future.
NOTE:As touched on above, with your Battle.net email address also functioning as your account name, using a dedicated, secret email account can actually help secure or increase the protection on your World of Warcraft account.
Right, thanks for all the information. I think I definitely have a fake email here, so what do I do with it now?
Well, the first thing you should consider doing is forwarding the entire email to our firstname.lastname@example.org email address.
Please also copy and paste the email header into the message body in order to ensure that we can fully identify the source of the mail, and hopefully help prevent future phishing mails of the same type.
Um, unfortunately I actually replied to one of these fake mails before reading this thread, and now they have my details (Secret Answer, CD Key, etc). Please help me!
Firstly, there’s no need to panic. You should, however, make sure you change your Battle.net account password as soon as possible:
Then move on to either changing the password on your email account, or simply creating a new dedicated email account (see above) that you only use for World of Warcraft and Battle.net.
At this stage, you should hopefully have restored your account to the same level of security as prior to the phishing email, but you may also wish to consider purchasing or downloading a Blizzard Authenticator (either physical token or mobile version);
For the remainder of this thread, we will continue to update with new examples of phishing emails reported to us.
If you do receive one of these fake mails, please check to see if we have it listed here already, and if not then you are very welcome to post it within this thread so that we can consider adding it to the list.
Oh, and please REMEMBER: Blizzard employees will NEVER ask for your password.