Daily Archives: January 5, 2010

Blizzard Account Phishing Email

Proving again that World of Warcraft is big business, I got a phishing email this morning trying to get me to send all my account information to somebody in order to keep my account from being suspended.

HELLO!

It has come to our attention that you are trying to sell your personal World of Warcraft account(s).

As you may not be aware of, this conflicts with the EULA and Terms of Agreement.

If this proves to be true, your account can and will be disabled.

It will be ongoing for further investigation by Blizzard Entertainment’s employees.

If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account by replying to this email with:

Use the following template below to verify your account and information via email.

  • First and Surname
  • Date of birth
  • Address
  • Zip code
  • Phone number
  • Country
  • Account e-mail
  • Account name
  • Account password
  • Secret Question and Answer

Please enter the correct information

If you ignore this mail your account can and will be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment

This follows the pattern of dozens of similar emails I have seen advising me that I needed to provide information for my eBay, PayPal, or financial institution account.

  • I’ve been accused of doing something that I am quite clearly not doing to provoke me into responding quickly without thinking.  The idea is to get you in the mood to quickly clear your good name.
  • I am asked for information to confirm that the account in question is mine.  This includes information that Blizzard always tells you that no Blizzard representative will ever ask you for.
  • I am asked to respond to an address, in this case the email reply-to address that looks close to valid.  This time it was “blizzard@mail-blizzard.com.”  The address actually displayed as “blizzard@blizzard.com” until I hit reply, and the reply-to was different.

Now getting an email like this isn’t exactly news.  As I said, I have seen dozens of variations of this sort of thing.  But I figured it was timely, what with Tobold also writing about account security, to just check and make sure that we all know NOT to respond to an email like this.

In my case, this email showed up in the in-box of an account which has no association with any of my Blizzard accounts, but one I use to create accounts on gaming sites where I may or may not return, so it is easy to remember with a standard password that is not very secure.

Blizzard, like any company that faces such account hacking threats, has a long page of information about various hacking and phishing threats, how you can help avoid them, and what you should do if you are a victim.

I personally did what Blizzard requested on the page, which was to forward the email with “show headers” enabled to “hacks@blizzard.com” so they are aware of yet another phishing attempt.