is this legit?

[contramundi]

Dear felllow WOWI members,

this might be the 9.999.999.999th post about this sort of stuff, but i was wondering if this one was legit.

Code:

Greetings

An investigation of your World of Warcraft account has found strong evidence that the account in question is being  sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which  can be found here: 
WoW -> Legal -> End User License Agreement 
and Section 8 of the Terms of Use found here: 
WoW -> Legal -> Terms of Use 

The investigation will be continued by Blizzard administration to determine the action to be taken against your  account. If your account is found violating the EULA and Terms of Use, your account can, and will be  suspended/closed/or terminated. 
In order to keep this from occurring, you should immediately verify that you are the original owner of the account. 

To verify your identity please visit the following webpage: 
<for noob reasons link has been removed>

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and  attention to this matter, and your continued interest in World of Warcraft. 

Sincerely, 


Account Administration 
Blizzard Entertainment

Then after reading it for the 2nd time, it struck me, blizzard would never refer to the game as WoW. But nevertheless it keeps me wondering, is this a legitimate email? Or yet another scam because either the scammers learned to use grammar and spelling correctly, or someone is indeed trying to sell my account somewhere.

It looks kind of strange that blizzard makes me login to make sure i'm an owner of an account instead of just banning my ass for something like that. I mean, i got hacked once and i was banned instantly so why not now? But even blizzard works in strange and mysterious ways.

Anyway, the only reason i showed the email here, was because the link itself made me wonder. They didn't try and conceal anything but just pointed me to a long URL for logging in. And my browser was so nice to tell me that the site had been reported ^^. Besides, if it was a true blizzard mail, it would've directed me to login to Battle.NET.

Scammers are everywhere, and thank god they don't get smart ^^. I mean making a lot of gramatical and spelling errors and use a legit looking link, thats dumb. Using correct grammar and spelling and using a long strange link thats dumb too.

Thank god they don't combine to two as of yet ^^.

So fellow WOWI members and guests, beware of mails like these and only take action the moment your account actually gets banned. Then contact blizzard throught he apropriate channels mentioned on the official blizzard website.

Golden rule to avoid a lot of nasty stuff: don't follow a link you didn't ask for unless you know its 150% trustworthy, when in doubt delete.

[MadCow]

nah its not legit. my spam box has been full of this crap w/ differing subject lines for the past week now. some place alot of us frequent has had an email list breach it appears.

[contramundi]

Mad, i know it wasn't legit, and i started the story with i didn't know, and ended it with the conclusion it was fake ^^

Just hope that at least 1 of these beware fake things can be made sticky or at least a big topic covering what is fake, or how to see what are scams so people watch out a bit more ^^.

if i would've posted the link that was in the mail, i think a lot of people here would've clicked it, some of them noticing right away it was fake, others after they logged in on the site ^^. And a handfull would notice it after their account would've been hacked in a short while

Just trying to keep the scam spam alive ^^

[ravagernl]

Originally Posted by MadCow nah its not legit. my spam box has been full of this crap w/ differing subject lines for the past week now. some place alot of us frequent has had an email list breach it appears.

Same here.

If I really want to be sure if the mail does not come from blizzard I check the mail transcript to see all the headers. Those guys change the From and Reply-to headers, but they can't change all of the headers.

[Fenrir085]

No it isn't legit. usually an e-mail like that coming from blizzard (or any other company) would never refer to one of the products with an abbreviation. I have never com across e-mails like this yet, but I'll sure be on the look out.

[contramundi]

Originally Posted by Fenrir085 No it isn't legit. usually an e-mail like that coming from blizzard (or any other company) would never refer to one of the products with an abbreviation. I have never com across e-mails like this yet, but I'll sure be on the look out.

good thing you said that, coz after looking into the source code of the message it states that Return-path should go to some black skater at hotmail ^^

and apart from refering, blizzard doesn't ask, they shoot first and ask questions later.

[Daeanor]

When in doubt, close the e-mail without clicking anything, then open your account page on the Blizzard site directly (as in, type it in, don't use any links). If there is a legit issue with your account, it should be reflected there. That's a good rule of thumb in any case ... never follow a link in an e-mail to any kind of account information. I have seen some incredibly good fake e-mails, notably copying PayPal or my bank ... you could not tell from the e-mail itself that it was fake unless you went deep into the headers or viewed the html source.

But there has recently been a flood of these phishing scams (lately they have been adding Aion as well, which I find humorous, since I don't even have an Aion account). I delete 3-4 a day easily.

[Roane]

I get them on an email account that has nothing to do with my WoW account. It makes it easy to weed them out. I think Blizz may have suggested that previously -- use an email address for your WoW account that you use for nothing else. It's one less potential risk to deal with.

[Kallieen]

I've been getting a lot of these as well - on an email account that is NOT tied to my WoW account. I just forward them to [email protected] and delete them.

[contramundi]

there's a lot of phising scams going on, and thats why its good to keep topics like this in the picture so people are prepared in case they get some ^^. Or at least have had a fair warning this stuff is around.

not everyone is as suspicious of the internet as should be in about everything you do ^^. And too many people would just click and presume they are doing the right thing. (i can at least mention 3 people in the house i live in :P) Not to mention a lot of people in my store who are gullable in believing everything you say, or everything the internet points at them. Just because the page, or me talk like we know our thing.

And its true about the nasty and real looking emails, but most of the mails i got so far contained either grammar / spelling errors, or a weird looking link, and people who are a bit more advanced in this stuff weed them out, there are however a lot of casual players that know how to turn a computer on, play a game and turn it off again, but when it comes to something a little bit more advanced they tend to stare at you with a face like "what crazytalk is that?"

The first post is written in some sort of story type thing, i already knew it was fake when i posted it, but it was something to keep this scam stuff on the front page :P

[acapela]

these phishers have gotten my email address somehow, and now i get about 20 of these a day. fortunately my mail service provider has a good spam filter suite, and they all get junked.

i see these regularly for Aion as well.

and in addition to the "your account is about to be terminated" messages, there are a growing number of "your password has been reset" or "your account information has been changed" messages.

i mouse over the link that is invariably provided in these, and my browser shows me the "real" URL associated with that link. it is invariably false. they can forge everything (including the originating e-mail) except that. i expect that detailed inspection of the e-mail header would demonstrate an equally bogus origin.

[Sepioth]

Been getting 2-3 of these a day for several weeks now. There are various versions toting various offenses from a simple password change (I have a Authenticator so the chances that it is real are very slim) to being accused of selling my account.

In EVERY instance the language, grammar and presentation is fairly obvious it is fake. When ever they ask for your life information it is fake 100% of the time. One even went as far as asking for my CD Key ...

I use Thunderbird as my e-mail client but I'm sure other clients have the same or similar options.. Hover over any links in the email. In Thunderbird their true destination is shown in the lower left of the window. Another option is to view the full headers. In Thunderbird click View --> Headers --> All to see everything. When the headers window of the email expands look for the "Return-Path" line. This is where any replies to this email will end up. So far everyone is going to a different Hotmail account each time.

A simple test to check to see if their legit .. log into WoW .. if you can get in to the game chances are the email is fake. If they where real your account would most likely be suspended preventing you from playing. Also you can log into your account by opening up your browser and typing in the URL for WoW manually (or use your bookmarks) NEVER EVER click the link in the email as the resulting website will most likely look legit as they steal all the graphics from Blizzard. Thankfully a lot of these sites are flagged as phishing sites and any good browser will detect this and not allow entry unless you really really want to go in.

[tsankkura]

Been getting these for a couple of weeks, too. First just one every day or two but now they're dumping 4 on me every day. If you look at the headers of these mails you'll usually find it has been sent from somejoe at hotmail from an IP address registered to the PRC.

[contramundi]

hehe,

got a new one this morning wich i haven't seen yet. the source HTML code states the return path should go to an adress at blizzard.com.

Code:

An investigation of the World of Warcraft account has produced evidence that 
the  account has been accessed by someone who is not allowed to use it. Now 
you can bind  your mobilephone to your World of Warcraft account for free. 
This will protect your  account from being stolen:  

<link deleted for noob reasons> 
 
Please be sure to review the information below to help prevent future 
security  issues:
Account compromises are usually the result of the registered player of the 
account  sharing his or her login information or playing on a computer that 
has a virus.
Please remember that it is your responsibility to keep your login 
information  confidential. Any account that is registered to your name may 
not be shared with  anyone except for one minor, of whom you are acting as a 
parent or guardian. You  are also responsible for every use of your login 
information, whether authorized or  not.
For your own protection, we encourage you to keep the following security 
tips in  mind when using any computer on which you play World of Warcraft:
- Keep current with the latest operating system and other software updates.
- Make use of firewall protection if possible.
- Regularly scan for viruses, Trojan files, and key loggers.
- Be wary of "spoof" emails and websites and when downloading new software.

i know this is fake because if my account would've been compromised, i would've been banned, my chars would've been naked, and the blizzard authenticator would be hackable then ^^ (yes i use one of them since i got hacked a while ago)

However this mail has been marked as spam, wich normally never happens with blizzard emails ^^

The funny thing is, they don't use the Mobile Authenticator as a name for the protection, and i know from trying to get it for my phone, it aint completely free :P But still, the scammers try and search for new ways for people to get them to give up their info, and the most annoying part is, that they try it more and more ingame as well, been getting around 50 of those fake sites in whispers the last week or so, and there's no way to stop it because they all use lvl 1 characters they make, send whisper and delete.

[nightcracker]

Originally Posted by contramundi hehe, got a new one this morning wich i haven't seen yet. the source HTML code states the return path should go to an adress at blizzard.com. Code: An investigation of the World of Warcraft account has produced evidence that the account has been accessed by someone who is not allowed to use it. Now you can bind your mobilephone to your World of Warcraft account for free. This will protect your account from being stolen: <link deleted for noob reasons> Please be sure to review the information below to help prevent future security issues: Account compromises are usually the result of the registered player of the account sharing his or her login information or playing on a computer that has a virus. Please remember that it is your responsibility to keep your login information confidential. Any account that is registered to your name may not be shared with anyone except for one minor, of whom you are acting as a parent or guardian. You are also responsible for every use of your login information, whether authorized or not. For your own protection, we encourage you to keep the following security tips in mind when using any computer on which you play World of Warcraft: - Keep current with the latest operating system and other software updates. - Make use of firewall protection if possible. - Regularly scan for viruses, Trojan files, and key loggers. - Be wary of "spoof" emails and websites and when downloading new software. i know this is fake because if my account would've been compromised, i would've been banned, my chars would've been naked, and the blizzard authenticator would be hackable then ^^ (yes i use one of them since i got hacked a while ago) However this mail has been marked as spam, wich normally never happens with blizzard emails ^^ The funny thing is, they don't use the Mobile Authenticator as a name for the protection, and i know from trying to get it for my phone, it aint completely free :P But still, the scammers try and search for new ways for people to get them to give up their info, and the most annoying part is, that they try it more and more ingame as well, been getting around 50 of those fake sites in whispers the last week or so, and there's no way to stop it because they all use lvl 1 characters they make, send whisper and delete.

I once made a script that blocks all whispers from characters that are level 1-5. Basicly blocks 99% of the spam. Can't seem to find it anymore though.

[contramundi]

Originally Posted by nightcracker I once made a script that blocks all whispers from characters that are level 1-5. Basicly blocks 99% of the spam. Can't seem to find it anymore though.

i think there was an addon somewhere called anti-spam or something that did a great job too, but there has to be a reason why i deleted it a long time ago, just cant remember wich reason it was.

i found it again, it was an addon in the "Bad Boy" series ^^

and this one does what your refering to with that script thingy:

http://www.wowinterface.com/download...rsByLevel.html

[forty2j]

Originally Posted by contramundi The funny thing is, they don't use the Mobile Authenticator as a name for the protection, and i know from trying to get it for my phone, it aint completely free :P

Depends on your phone. It's free on iPhone (/iPod Touch).

[contramundi]

Originally Posted by forty2j Depends on your phone. It's free on iPhone (/iPod Touch).

most mobile phones do require payment though, just a small fee and nothing too high but thats getting off-topic ^^

[forty2j]

Originally Posted by contramundi most mobile phones do require payment though, just a small fee and nothing too high but thats getting off-topic ^^

Oh, I thought the topic was done anyway

[contramundi]

Originally Posted by forty2j Oh, I thought the topic was done anyway

well. i think your probably right ^^