I have to give some points for ingenuity on this one.
My inbox this morning had this email in it:
Subject: Blizzard Store Order #87859 – StarCraft II®: Wings of Liberty™
Date: Sunday, August 1, 2010 10:22 PM
From: “Blizzard Entertainment” <WoWAccountAdmin@blizzard.com>
Hello, thank you for shopping at the Blizzard Store!
StarCraft II®: Wings of Liberty™: 9744253649464714451160736
To use this key to activate the game, simply follow these instructions:
- Create a Battle.net account (or if you already have one, log in) at [Bogus URL]
- Verify your e-mail address. (If you have previously verified your address, skip this step.) From the main Account Management page, click the ‘verify this e-mail address’ link. Then, check your e-mail account for a verification e-mail. Click the link in this e-mail to verify your e-mail address.
- Return to the Battle.net account management page, then click on ‘Code Redemption’.
- Enter the above CDKey in the code field.
- Once you have successfully redeemed this code, you will be able to play the game.
NOTE: If you have previously chosen to gift your digital purchase, attaching this key to their Battle.net account will prevent you from being able to redeem this key with your Battle.net account.
Customer Account: [Not my Battle.net email address]
Order Date: 2010-8-2
Order #: 1882359
(1) StarCraft II®: Wings of Liberty™ – $59.99
Credit Card Number : ****-****-****-8089
Credit Card Type : Visa
Item Subtotal: $59.99
Shipping & Handling: $0.00
Shipping Tax: $0.00
Grand Total: $59.99
If you have any questions or concerns about your order, please contact us at:
Phone: Toll-free at (1-800-592-5499)
Live phone support is available seven days a week, 8:00AM – 8:00PM Pacific Time.
Thanks for shopping with us!
Blizzard Customer Service
Now, I knew I had not ordered a copy of StarCraft II, so my first thought was, “Hey, did somebody buy me a copy? Cool!”
Wishful thinking, I know, at $59.99 a pop, but I had just rolled out of bed.
And then my sleep addled brain began to pick out the dubious details of this email.
The “from” address jumped out at me first.
I have seen “WoWAccountAdmin@blizzard.com” at the top of a lot of phishing attempts. Plus Blizzard would never be so sloppy as to send something from a WoW focused account for a Blizzard Store transaction. Those are two different groups in the company. The Blizzard Store uses “firstname.lastname@example.org” as the from address for all transactions that I have seen.
That lead me to parse the email again, which lead me to the bogus URL for account activation. Standard operating procedure for a phising attempt.
And, to top it off, as usual, the whole thing was directed to a “customer account” email address which is my email address, but not one I use for a Battle.net account.
The email looked pretty good though. I was tempted to try and enter that product key.
I went and compared the email to other receipt emails from the Blizzard Store I have tucked away from items I have purchased, and it was first pass close to the real thing. One other flag: Blizzard always uses my first name in the salutation. Something to remember.
Ah, well… no free copy of StarCraft II for me today.
Here we are starting to see the price of Blizzard rolling up all of their games into Battle.net for administration. The same account I would use for StarCraft II also lets me into World of Warcraft. And the same will no doubt be true when Diablo III rolls around.
Now, having the Blizzard Authenticator, I am covered… or more so than somebody without the authenticator. But still, everything that might send somebody to log into Battle.net is a potential hole that phishing scams will try to exploit.