I get a lot, and I mean a lot of scam attempts on my noisyrogue email address with the intention of hacking my WoW account. But on my actual WoW email address I get none at all. Which is why I was somewhat surprised to get a message from “Blizzard” the other day on my Battlenet email address. It was plausable enough to warrent me having a good look at it for a few minutes until I could spot that it was a scam. Here it is in full:
Greetings,
This is an automated notification sent from our account security system. You logined your account successfully at 2:41 on Jun. 30th form the 207.29.143.* IP range. According to the report of many players, we found that the account published spam information in the game which harassed other users seriously. This action has violated the EULA.
As too many customers’ complaints, the IP range above has been blacklisted. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you check your account status as soon as possible.
To do so, simply click here:
http://www.battle.net/account/support/login-support.xml
Blizzard staff will verify your account information submitted in two days, please do not modify your account information and password during this time . It will not affect your game uptime.
For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.
Regards,
Account Administration
Blizzard Entertainment
Online Privacy Policy
Looks pretty good, doesn’t it. The ‘click here’ quote is a link to the real Blizzard EU battlenet support page and the ‘online privacy policy’ at the end is also a real link to battlenet. Once you know where to spot the scam though it’s quite easy to see. If you mouse over the link that they want you to click you can see that the actual web address that shows up at the bottom of your screen is http://www.battle.1ogin, with a 1 replacing the letter ‘l’. Like I said, I get so many scam attempts that I am usually hardened to them but this one tripped me up for just a minute. So I thought that I’d share it with you all just in case you may get the same one and fall for their nasty little trap. The links aren’t showing up on my copy and paste here however, so you’ll just have to trust me on these as I don’t want to put their real links up and have someone actually click on it by mistake or because their moron factor is too high.
July 19, 2010 at 9:13 am
The trick is mostly not the “1″, but the battle.login domain itself. Blizzard uses battle.net.
As a general rule: never click a link in an e-mail, type it in yourself.
July 19, 2010 at 9:51 am
I’ve had this one too, and worringly enough to an e-mail address connected to WoW via my initial account creation, some 4 yrs ago.
Now, I’ve not used this address for anything WoW related since (its my work e-mail), with one notable exception to account creation, and that is the very occasional reply to a blog post that requires an e-mail address.
So, the leak comes for either of those two sources.I’m guessing the blogs are the weak-link and really, I’m hard pressed to remember which exactly, but I’m not an avid replyer, I’d not be over-egging the pudding if I said I’d replied no no more than 10 times over the same peroid on maybe 3 or 4 blogs (tops).
P.S. The “blog reply” connection did not occur to me at first, so initially I was sure it was a leak from Blizz, it just goes to show you, even if you are security minded (I am), we still tend to slpash ourselves about the internet without really being aware of it.
Lesson learned.
July 19, 2010 at 9:55 am
I agree with the always type the web addresses, however the first clue is the extremely poor grammar/spelling in the 1st paragraph.
“You logined your account”
July 19, 2010 at 12:43 pm
You can tell it’s a scam in the first word. Blizzard will always address you with either your account name or billing name. The one size fits all “greetings” immediately gives the game away.
July 19, 2010 at 12:44 pm
The spelling (logined) is also a giveaway, as always. There are also quite a few instances of clunky grammar, although technically right, “According to the report of many players” doesn’t sound like something Blizzard writes.
July 19, 2010 at 1:52 pm
Great points from everyone. I hope that these all help to make it easier for people to correctly identify a scam of this type.
July 19, 2010 at 1:56 pm
I find that I get a lot of those e-mails too, however the “scammers” are apparently too stupid to even think of a plausible domain name. Usually in my e-mails, the link will say “battle.net” etc. in an attempt to look legit as the address, but when I hover over the link the true address shows below on the bottom left on my Firefox. It’s always something ridiculous like:
battle-net-login-cataclysm
or
some-ridiculous-thing-with-500-dashes-in-it
or
xe.battle.chinesegoldfarmerswtf.pr
Is it bad for me to think to myself, “jesus, if these things fool people I should start writing my own just to log in and send them 50 plain letters telling them to stop reading those WoW emails!”
July 19, 2010 at 4:14 pm
I don’t remember this level of harassment in other MMOs. I wonder if it’s WoWs popularity or just the evolution of their industry. I seriously wish some hackers out there would stop hacking useful websites and hack stuff like this.
July 20, 2010 at 1:55 am
I find it highly amusing that I get WoW, Aion and Guild Wars scam emails to an address I don’t use for WoW. And I don’t play Aion or Guild Wars.
The new one seems to be the Cataclysm beta as flavour of the month for scam emails. They are getting better, but thankfully anti-phishing in browsers and stuff is also helping substantially.