« There Is No CompulsionBlog spam reduction »

They Want Your World of Warcraft Password


  10:04:39 pm, by Nimble   , 553 words  
Categories: Announcements [A]

They Want Your World of Warcraft Password

"Oh my god, somebody else is just about to steal my account!"

That's the fear they prey on, hoping that you will do anything to stop your account being stolen, and in doing so, will type in your name and password on a fake site, thus ensuring that your account will be stolen.

Subject: New Request Notification - Change the Login Address
From: "noreply@blizzard.com" <noreply@blizzard.com>
To: [my e-mail address]


Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username [my e-mail address]. The e-mail address k***@hotmail.com has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change.

Once the new address has been verified, the e-mail address [my e-mail address] can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account.

If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately.

The Battle.net Account Team
Online Privacy Policy

You have to be very mildly savvy to know that the click here link is to a bogus domain, loginconfirm.net:

   Whois Server: grs-whois.hichina.com
   Referral URL: http://www.net.cn
   Name Server: DNS23.HICHINA.COM
   Name Server: DNS24.HICHINA.COM
   Status: ok
   Updated Date: 20-dec-2010
   Creation Date: 20-dec-2010
   Expiration Date: 20-dec-2011

Domain created yesterday... in China.

I'm sure they're snagging some people with this assholery.

I'm glad this was flagged as a phishing site relatively quickly; the link for the last e-mail I got like this took a lot longer to be flagged.

Need I say that you should never ever ever click on a link in your e-mail folder purporting to be from Blizzard?


Another fake one today (January 7):


This is an automated notification regarding the recent change(s)As you may or may not be aware of, this conflicts with the EULA and Terms of Agreement.If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees.If you wish to not get your account suspended you should immediately verify your account ownership.If the information is deemed accurate, the investigation will be dropped.
This action is taken because we at Blizzard Entertainment take these salesquite seriously. We need to confirm you are the original owner of the account.This is easiest done by confirming your personal information along with concealed information about your account.
we recommend you Login verify Information your account: http://battle-wow-confirm.net/

If you ignore this mail your account can and will be closed permanently. Once we verify your account,we will reply to your e-mail informing you that we have dropped the investigation.billing@blizzard.com. Account security is solely the responsibility of the accoun tholder. Please be advised that in the event of a compromised account, Blizzardrepresentatives typically must lock the account. In these cases the Account,Administration team will require faxed receipt of ID materials before releasing the account for play.

Blizzard Entertainment Inc Account Administration Team

They are from:

   Whois Server: whois.paycenter.com.cn
   Referral URL: http://www.xinnet.com
   Name Server: NS1.WYDNS.COM
   Name Server: NS2.WYDNS.COM
   Status: ok
   Updated Date: 06-jan-2011
   Creation Date: 06-jan-2011
   Expiration Date: 06-jan-2012



Comment from: dimmy [Visitor]

i pressed the “click here” on the firt email cause i wanted to check the url out. but i brought me to a paige i couldnt connect to..
i did not give my usename or password so im safe right?
no spyware that can steal my pasword when i log into the game?

01/11/11 @ 12:12
Comment from: Nimble [Member]  

The HTML for the pages looks pretty simple - they don’t want to try to infect you and possibly trip off any alarms, I guess. They just want your name and password so they can grab your account, then your gold and possibly sell all of your items.

So yes, I’d say you’re very, very likely safe if you didn’t put in your name and password.

01/11/11 @ 12:46