Tag Archives: scams

Blizzard Account Phishing Email

Proving again that World of Warcraft is big business, I got a phishing email this morning trying to get me to send all my account information to somebody in order to keep my account from being suspended.

HELLO!

It has come to our attention that you are trying to sell your personal World of Warcraft account(s).

As you may not be aware of, this conflicts with the EULA and Terms of Agreement.

If this proves to be true, your account can and will be disabled.

It will be ongoing for further investigation by Blizzard Entertainment’s employees.

If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account by replying to this email with:

Use the following template below to verify your account and information via email.

  • First and Surname
  • Date of birth
  • Address
  • Zip code
  • Phone number
  • Country
  • Account e-mail
  • Account name
  • Account password
  • Secret Question and Answer

Please enter the correct information

If you ignore this mail your account can and will be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment

This follows the pattern of dozens of similar emails I have seen advising me that I needed to provide information for my eBay, PayPal, or financial institution account.

  • I’ve been accused of doing something that I am quite clearly not doing to provoke me into responding quickly without thinking.  The idea is to get you in the mood to quickly clear your good name.
  • I am asked for information to confirm that the account in question is mine.  This includes information that Blizzard always tells you that no Blizzard representative will ever ask you for.
  • I am asked to respond to an address, in this case the email reply-to address that looks close to valid.  This time it was “blizzard@mail-blizzard.com.”  The address actually displayed as “blizzard@blizzard.com” until I hit reply, and the reply-to was different.

Now getting an email like this isn’t exactly news.  As I said, I have seen dozens of variations of this sort of thing.  But I figured it was timely, what with Tobold also writing about account security, to just check and make sure that we all know NOT to respond to an email like this.

In my case, this email showed up in the in-box of an account which has no association with any of my Blizzard accounts, but one I use to create accounts on gaming sites where I may or may not return, so it is easy to remember with a standard password that is not very secure.

Blizzard, like any company that faces such account hacking threats, has a long page of information about various hacking and phishing threats, how you can help avoid them, and what you should do if you are a victim.

I personally did what Blizzard requested on the page, which was to forward the email with “show headers” enabled to “hacks@blizzard.com” so they are aware of yet another phishing attempt.

EVE Online Simple Trainer Trojan Horse

If, like me, you recieved this email:

Hello EVE Online community,

Gold Harvest Macro Solutions is proud to announce the retail launch of the Simple Trainer automated skill training macro for use with EVE Online! Simple Trainer will take any length skill plan for an unlimited number of characters and train it automatically. It has an easy to use interface that allows any user to create or upload their personalized skill training plan and begin training in minutes. No extensive setup is required to use Simple Trainer and you do not need to monitor it either. Simple Trainer will read and react to the information presented on the screen in a manner that will not get you or your account in trouble, so it is completely safe to use. Your account information is not necessary, but if used it is only stored locally and we stand by our promise of safety.

Be warned that the software being offered contains a Trojan Horse that will probably swipe information from your computer and send it off to the authors of the program.

Massively reports that this has been verified by CCP and they have put out a warning about this program.

Of course, I know you would never be tempted to use such a program, but somebody out there might.

The author of this scam can apparently be reached at andrew@simpleminer.com, just in case you were interested.