More Blizzard Account Phishing

This seems to be the week for phishing when it comes to World of Warcraft accounts.

Well, two in one week is two more than I have received in the last five years.

I almost believed this one… for a second or two.

Greetings!

This is an automated notification regarding the recent change(s)  made to your World of Warcraft account. Your password has recently been modified through the Password Recovery website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make changes to your password we recommend you Login verify your password

[Bogus URL deleted]

If you are unable to successfully verify your password using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com.

Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment

Okay I believed it for more than a second.  It was simple enough to be believable at first glance, and I still had in the back of my mind the events of another account hacking.  But I had to wonder how anybody could change my password since I have the Blizzard Authenticator, and you need a code from that edit account information.

Then I looked closely at the URL in the email.  The domain it it was “battlu.net.”  Not the real deal.

So be wary.  If you want to go check up on something like this, go directly to the Blizzard site and log into account management from there.  Avoid “helpful” URLs.

9 thoughts on “More Blizzard Account Phishing

  1. We Fly Spitfires

    Those are the scariest form of phising because they don’t outright ask for your details and instead mimic real emails but just change the URL. If you aren’t wise to the Internet or don’t have a good anti-virus with a phising filter, they can be very hard to spot.

    Someone at my work, a couple of years ago, fell for one of these for eBay and put all of her login details into a fake site (that looked just like eBay but with a different URL). Horrible stuff.

    Like

  2. Bhagpuss

    I just don’t use email unless it’s absolutely unavoidable. Consequently I rarely get sent anything that I’m not expecting.

    And anything I receive that I don’t immediately recognise from the header I don’t open. I don’t even open unsolicited correspondence form sources I recognise and if I got email from the real Blizzard I wouldn’t even open that. There’s nothing they have to say to me that I need to know that they can’t put in the log-on message when I log in to WoW.

    I have zero curiosity for unsolicited mail of any kind, whether it comes through my front door or onto my computer. If I didn’t ask for it it goes in the bin unopened.

    Like

  3. Vett

    Normally when research the domains these are sent from they are mostly from China. This is the back-lash of people buying gold from “farmers”. Granted some attain their money from legitimate means in game but there is obviously an increasing number of people who have found its easier to gut someones account in this manner. Like I had commented in your previous article on this I myself was hacked. All of my gold was distributed in a very exact manner to 4 different characters of mine and they were all transferred to different realms presumably to meet “customers”. All of this while I slept on evening. Also my main character was respecced for what purpose I have no idea.

    Bottom line and I don’t think many realize this is that if you buy gold/characters from these sorts of people these types of activities will continue to increase.

    Like

  4. Llani

    *shudder* I made a fresh email for my battle.net account, a fresh password, and just ordered my authenticator yesterday. No spam has been sent to my email yet, and I hope it stays that way. My younger brother was hacked yesterday also, so the first thing we all did was order authenticators.

    Apparently he runs the tightest network ship possible in our house and all of us use Mozilla + NoScript. Turns out he had installed (8 months ago) a chat program on his computer that had been monitoring stuff for the last 8 months. Both my mother and I have played on his computer (me when I’m home from college, and before I got my current machine) and my mother before she built her new computer.

    Hmm. I am not even sure what my secret question is anymore =/ But I will be super happy when that authenticator arrives.

    Like

  5. Darth Solo

    It might be a good thing if Blizzard mandates authenticators for everyone (even though it might be hard on certain countries) because a lot of these phishing scams will go away. Still, there are ways for phishers to steal an authenticator-generated code and then use it once to log in and steal your info.

    Bottom line is, always type in the battle.net address manually and go from there. Don’t trust any link from an email.

    Like

  6. Starburn

    @Llani
    “the first thing we all did was order authenticators.”

    I hope the 1st thing you did was go to a different PC and logon to the Blizzard website and change your passwords. And probably for anything else that you’ve used on that PC with a password (banks, emails etc.)

    Like

  7. Llani

    I phoned a friend and had it done, but as of today neither mine nor mother’s accounts have been touched, so we think that he just installed something he shouldn’t have. Who knows =/ Since using his computer (months ago) I’ve changed my passwords a few times (WoW and email were the two things I accessed). Authenticator should be here by the end of the week.

    Like

  8. Xyd

    A year ago I had no pity for those whose accounts had been hacked. Email, bank, WoW, etc. My view was simple: if you’re dumb enough to install something from a potentially unreputable source then caveat emptor (or the high-tech shareware-compatible equivalent). Then about a year ago I got a call from my brother: his email account was hacked.

    Now my brother is in his 50’s and a self-proclaimed computer-savvy kinda guy (I’d argue this, and often do. LOL) but this didn’t come as a shock to me as he has no issue installing anything that helps him play his online Java games.

    Looooong story short: the guy who hacked his account did so by stealing mail from his physical mailbox. Targeted mail. His Comcast bill and his 2008 W2 which gave the guy what he needed to socially engineer Comcast into resetting his email password. The guy used the “lost password” function to email password resets to the email account on file which he now controlled. The guy did some SERIOUS damage and, fortunately for my brother, made the critical mistake of stealing US Mail which is the ONLY reason the local yahoos, er authorities, did anything at all.

    The guy who did this is in his late 40’s – not a kid – and he’s educated and holds a desk job. His reason? My brother beat him out for a promotion. They worked together.

    FWIW, Comcast offers its users a security feature you can request attached to your Comcast account where they will not do a password change without that PIN. May have helped here, dunno, but the net net is: changing your password isn’t always enough but is a darn good idea.

    I haven’t seen the Authenticator but it will not prevent a phishing scheme. Unless I misunderstand its functionality a phishing email could coerce you to click on a link which would bring you to a blizzard-looking site where you enter your credentials. Those credentials could then be immediately used to login to your account giving the hacker access. I think the Authenticator is like SecurID where the PIN expires every 60 seconds so the hack would need to be automated, not stored, so the Authenticator is only part of the solution.

    @Darth is spot-on: NEVER click a link in an email to go to an online account. Period.

    Like

  9. Wilhelm2451 Post author

    @Xyd – Authenticator codes change every 30 seconds and to do critical things to your account, like remove the authenticator, you actually need to enter two codes.

    So I suppose somebody could setup a site that would grab the authenticator code and do something within the 30 seconds or less window. But at the moment, few enough people use authenticators that I doubt it would be worth the effort.

    But yes, the key lesson here is not to click on stuff without knowing what you’re getting. I long ago developed the habit of opening a new browser window to visit the site in question directly rather than via an email embedded link.

    Like

Voice your opinion... but be nice about it...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s