All new topics created regarding phishing mails/websites will be locked and redirected to this thread; please make sure you read the entire sticky before you post.

We have been seeing a troubling increase in the number of fake or ‘phishing’ emails being sent to players, all appearing legitimate and official and seemingly originating from Blizzard Entertainment.

These emails, created for the criminally fraudulent process of attempting to acquire sensitive details (account names, passwords, or other account information), may promise exclusive in-game items, bonus game time, or ‘specially selected’ Alpha/Beta invitations to upcoming Blizzard releases.
More commonly, and undeniably more worryingly, they may even threaten dire account-related action unless the player provides his or her login information, or follows a specified website link (usually to ‘verify the legitimacy of the account’).

Please do NOT fall for these scams!

REMEMBER: Neither Blizzard nor its employees will EVER ask for your password.

I’ve received an email just like this – is it a fake? How can I tell?


There are a few key points you can check straight away in order to determine whether an email is genuine.


• Emails from Blizzard will always originate from an @blizzard.com or an @battle.net email address.
  
• Any correspondence sent from Blizzard Entertainment will make use of correct spelling and grammar.
  Multiple typographical errors, unusual sentence structure or obvious grammatical inaccuracy should serve as an immediate warning to proceed with caution.
  
• Blizzard employees will never ask you for your account password via any means.
  No matter how official or legitimate an email may look, if such information is requested then it is simply not from Blizzard Entertainment.
  
• Phishing mails will frequently claim that an account has violated, or been found in breach of, a specific policy. These mails often employ intimidating wording and claim extreme actions (including account closure or termination) will be taken should the player not ‘verify ownership’ of their account.
  This is not a standard practice of Blizzard Entertainment.
  
• Phishing mails may also appear to offer complimentary, and often hitherto unheard-of, in-game pets or mounts, periods of game time credit, or special advance access to Alpha and Beta versions of forthcoming Blizzard games.
  These mails can often seem too good to be true, and as a result they likely are! Please double-check the existence of anything mysteriously offered to you via an email, and do not accept any ‘offers’ you cannot confirm as official.
  
• In many cases, these fake emails will request that account owners visit a specific (malicious) website, where they will be asked to “log in”. While these sites can on occasion be extremely similar in appearance to actual Blizzard pages, inputting one’s login details therein will directly submit it to the companies or individuals in question (thereby instantly rendering the account liable to compromise).
  If ever asked to click through to a website linked within an email, please be very wary – double-check the destination of the hyperlink before you click.

So, this email comes from someone showing as @blizzard.com or @battle.net. That means it’s real, right?


Unfortunately, no. The appearance of an official email address as the sender is not enough to guarantee an email’s veracity, and you should still remain cautious. This is due to the fact that it is possible to alter the appearance of a sender address in the “From” field of an email, and this process (known as ‘spoofing’) may cause a malicious email to seem as if sent from Blizzard.

In order to verify the actual sender address of any email you receive, you will need to check the email header information.

What’s an email header? How do I find it, and what am I looking for?


Most email clients and providers will allow you to view more information about the email than is normally shown, including specific details about the sender, the path the email took in reaching your inbox, and any other redirections that the email may have been subject to prior to arriving in your mailbox.

For more information on how to check this data, including some specific details for some of the more common email providers, please see our Support site article;


How to Identify "Spoofed" Email Addresses
http://eu.blizzard.com/support/article.xml?locale=en_EN&articleId=43010

OK, but the links in my email look right. You said something about needing to ‘double-check’ them?


Yes, indeed. Through the use of HTML coding, it is possible for an email link that looks perfectly harmless to lead you somewhere else entirely (and inevitably to a fake website).

Depending on your Internet browser or email client, you can sometimes see the destination URL a link will use displayed in the bottom corner of your window, or in a hovering tooltip.
However, for a non-specific means of uncovering the URL that any hyperlink will direct you to, you may use the following steps;


• Right-click the link, and then select ‘Copy Shortcut’, ‘Copy Link Location’, ‘Copy Hyperlink’ or similar;
  
• Paste this information into a text-based application so that you may examine the address to be used.

If you are ever in doubt about the veracity of a link, it is always safer to navigate there yourself.

Why am I getting these emails in the first place? I don’t remember giving my email address out to anyone.


Most commonly, ‘databases’ of potential player email addresses will have been compiled through the use of any unofficial World of Warcraft web pages (such as fan sites, wikis or guild websites), as well as social networking sites (like Facebook, Myspace or Bebo), so your email address will likely have been on display inadvertently without you ever specifically giving it out.

The most reliable way to stop receiving these types of mails, and also to provide an extra bit of security to your account, is to consider creating a new email address purely dedicated to World of Warcraft and Battle.net use.
During the creation process, do make sure that no part of the new address or password coincides with your previous email addresses, passwords, nicknames or profile information on any of the above sites, and that you avoid using this new email account for anything other than Battle.net in the future.


NOTE: As touched on above, with your Battle.net email address also functioning as your account name, using a dedicated, secret email account can actually help secure or increase the protection on your World of Warcraft account.

Right, thanks for all the information. I think I definitely have a fake email here, so what do I do with it now?


Well, the first thing you should consider doing is forwarding the entire email to our hacks@blizzard.com email address.
Please also copy and paste the email header into the message body in order to ensure that we can fully identify the source of the mail, and hopefully help prevent future phishing mails of the same type.

Um, unfortunately I actually replied to one of these fake mails before reading this thread, and now they have my details (Secret Answer, CD Key, etc). Please help me!


Firstly, there’s no need to panic. You should, however, make sure you change your Battle.net account password as soon as possible: https://eu.battle.net/account/management/
Then move on to either changing the password on your email account, or simply creating a new dedicated email account (see above) that you only use for World of Warcraft and Battle.net.

At this stage, you should hopefully have restored your account to the same level of security as prior to the phishing email, but you may also wish to consider purchasing or downloading a Blizzard Authenticator (either physical token or mobile version);


Battle.net Authenticator FAQ
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=36010

Battle.net Mobile Authenticator FAQ
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=35970

I didn’t reply to a fake mail, but I just may have clicked on a dodgy link instead… Is my PC still safe?


Unfortunately we are unable to diagnose or scan your PC remotely, so we sadly cannot help determine whether your PC may be ‘safe’ or not.
However, at the earliest opportunity, please do take some time to read some of our Support site guides on securing your account, and related software to help you with this;


Account Security Measures
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=41911

Battle.net Account Security Awareness
https://eu.battle.net/security/

Security Software
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=29142

If your account has been stolen or compromised, or you are wishing to read up on any information related to account theft, please take a look at our compromised account sticky on this very forum;

►► Account Hacked/Stolen? CLICK HERE! ◄◄
►► Account Hacked/Stolen? CLICK HERE! ◄◄

For the remainder of this thread, we will continue to update with new examples of phishing emails reported to us.

If you do receive one of these fake mails, please check to see if we have it listed here already, and if not then you are very welcome to create a new thread about it and we will add it to the list.

Oh, and please REMEMBER: Blizzard employees will NEVER ask for your password.

Scam email examples incoming!

---

Q u o t e:
Greetings!

It was reported that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. We will gather more information through further investigation. If you wish to not get your account suspended you should immediately verify your account ownership. You can confirm that you are the original owner of the account by providing the following information:

* First and Surname
* Date of birth
* Address
* Zip code
* Phone number
* Country
* Account e-mail
* Account name
* Account password
* Secret Question and Answer Or WoW CD-Key

Show * Please enter the correct information

If you ignore this mail your account can be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment

---

We don't need your password – we have no use for it whatsoever. So if a mail asks for your password, it's not us!

---

Q u o t e:
Greetings,

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement

and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage: <fakewebsite.com>

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Please remember that it is your responsibility to keep your login information confidential. You may not share access to the account with anyone who is not expressly permitted in the World of Warcraft Terms of Use and the Terms of Use for the games you play. You are also responsible for every use of your login information, whether you have authorized it or not.

Sincerely,


Account Administration
Blizzard Entertainment

---

It is your responsibility to keep your login information confidential, but a trip to <fakewebsite.com> is not the way to do so.

---

Q u o t e:
Hello,

This is an automated notification regarding your World of Warcraft account.

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement and Section 8 of the Terms of Use

A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.

Thank you for respecting our position on this matter.
** We request that you verify your legitimate ownership of the account here: <fakewebsiteagain.com>

Blizzard staff will verify your account information submitted in two days, please do not modify your
account information during this time . It will not affect your game uptime. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Regards,
Blizzard Entertainment Inc Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Blizzard Entertainmen

---

Playing from Europe, with a European account, it is extremely unlikely you would ever receive any correspondence from an ‘Account Administration Team’ in California. We also haven’t changed the company name to “Blizzard Entertainmen”!

---

Q u o t e:
Greetings!

This is an automated notification regarding the recent change(s) made to your World of Warcraft account.

Your password has recently been modified through the Password Recovery website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make changes to your password, we recommend you Login verify your password: <websiteoffakeness.com>

If you are unable to successfully verify your password using the automated system, please contact Billing & Account Services at

1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com.

Account security is solely the responsibility of the account holder.

Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account.

In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment

---

Mails that require you to log into <websiteoffakeness.com> in order to verify your password are not standard Blizzard practice, nor especially logical either.

---

Q u o t e:
***Notice of Account Will Closure***

Reason for Closure: Terms of Use Violation -- Exploitative Activity: Unauthorized Cheat Programs ("Hacks")

This account Will closed because one or more characters were identified using an unauthorized cheat program, also known as a

"hack." These programs provide character benefits normally not achievable in the World of Warcraft. Such benefits include, but are

not limited to, increased speed, teleportation, or running through walls/boundaries. Use of these unauthorized programs harm the

game environment because they offer an unfair advantage over other players and superscede the intended limits of the game.

Even if this behavior is the result of a third party accessing the account instead of the registered user (for example, a friend,

family member, or leveling service) then the account can still be held responsible for the penalty because of the impact it had on

the game environment.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage: <stillafakesite.com>

We've found the above behavior is many times directly related to groups responsible for compromising World of Warcraft accounts; we

take these issues very seriously. To better understand our position against exploitative activity and the risks involved, please

review this article: http://www.worldofwarcraft.com/info/basics/antigold.html

The exploitative activity that took place on this account violates the World of Warcraft Terms of Use. We ask you take a moment to

review these terms at http://www.worldofwarcraft.com/legal/termsofuse.html Any recurring subscriptions on this account have been

suspended to prevent further monetary charges.

For any disputes of this action, please visit the Exploitative Activity FAQ and Contact page here:

http://us.blizzard.com/support/article/exploitfaq

Regards,

Blizzard Entertainment
www.WorldofWarcraft.com

---

There is far more wrong with this mail than can be summed up in a single sentence, but real-looking links still do not necessarily equal real websites nor should the presence of some real links convince you that all the others must be.

---

Q u o t e:
Greetings,

As a part of our ongoing coverage of World of Warcraft: Cataclysm, we will start a global database upgrade. When this upgrade begins, we cannot accept any requests for character and item restoration.Please understand that due to the amount of content we support, our logs are not indefinite.

If you want to restore your character and item, tell us as soon as possible. We will strive to help whenever we can. This document serves to specifically describe how we will address these instances.

Virtual property lost for reasons beyond a players' control

If we can verify that your loss of virtual property was the direct result of:

* A documented bug.
* Data loss due to a problem with our service (unless due to a global database revert).

We will attempt to restore the virtual property.

Virtual Property lost that is essential to class development

If we can verify you have lost possession of an item (for any reason) that meets of the following categories:

* Was previously in your inventory.
* You are unable to recover yourself.
* Is essential for proper class development (i.e. a quest reward needed to receive a class defining skill).

We will attempt to restore the virtual property.

Virtual property lost due to user error

If we can verify that your loss of virtual property was the direct result of:

* Accidental deletion (characters, items, and in-game currency).
* Accidental sale to a vendor.
* Falling victim to a scam.
* Any other user error.

We will attempt to restore the virtual property.

How to start the process

For us to be able to investigate your loss, please send us an email with the following information:

* Battle.net account name
* World of Warcraft account name
* Character names
* Realms the characters are on
* Level, class, and race of the characters
* Exact name of the items that were lost (if any)
* The time and date of the loss (as precisely as possible)
* How the items or characters were lost (if you know)

We reserve the right to refuse restoration if we feel an excessive number of requests have been made in this particular category or if an undue amount of time has passed since the item or character was lost. We do not wish to encourage career victims, nor will we penalize players who legitimately make the occasional slip-up. Although we understand that the occasional mistake can be made, please be aware that restorations are limited, not guaranteed, and are at the sole discretion of Blizzard Entertainment

If your particular case fits any of the above criteria, you may be eligible to receive assistance with the recovery of your lost goods. Due to many variables with investigating these claims, your reimbursement, if approved, may not be immediate. Keep in mind that a player and the account registered to him/her will be permitted a limited number of instances in which the GM staff will assist with property recovery. While we can restore items with random modifiers (of the Bear, of the Eagle, etc.), we cannot guarantee that you will receive the same modifier you had on your original item. We are also unable to restore enchantments or add-ons that these items may have possessed.

Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,

Blizzard Support Team

---

Please note: We do not anticipate that database upgrades or the Catacylsm expansion will prevent us from providing restorations. This is a "fake" e-mail.

---

Q u o t e:
world of warcraft: Cataclysm Beta Test Invitation!

Get those opt-ins ready for the World of Warcraft: Cataclysm closed beta! The
sundering of Azeroth is nigh, and you don’t want to be left out in the
cold of Northrend when you could be enjoying the sun-drenched beaches on the
goblin isle of Kezan. To ensure you’re opted-in and eligible as a
potential candidate, you’ll need a World of Warcraft license attached to your
Battle.net account, have your current system specifications uploaded to
the Battle.net Beta Profile Settings page, and have expressed interest through
the franchise-specific check boxes.

Get the Installer - Log in to your Battle.net account:

<fake link>


** IMPORTANT ** To avoid graphical bugs and other technical issues,
please ensure your video card drivers are up-to-date.

Enjoy the game!

?2010 Blizzard Entertainment, Inc.

---

This is actually a very cleverly disguised mail containing a hidden link; but rest assured it is fake, when the closed beta starts we will make sure you guys are all aware that it has started - always make sure you check the headers and never press any links you don't trust.

 

 

 

 

 

 

 

 

 

 

Hi everyone,

We have now opened this thread for discussion; this will let you post any phishing/scam mails you might have received, but please make sure you follow these guidelines when posting:

• Remove the links to any phishing websites.
  
• Do not post a mail if that mail, or a very similar one, is already listed – posting a duplicate mail will result in your post being deleted.
  
• Do not post comments that are not related to phishing mails and websites – all off-topic posts will be deleted.

Please remember that you should report in-game phishing attempts by using the ‘Report Spam’ feature, or by submitting a ticket with the player’s name, message and time.

We welcome all discussion that is related to phishing emails, websites, whispers and anything else you might encounter. However, we once again ask that you make sure to keep all the discussion related to phishing, as off-topic posts can make it harder for players to check if the mail they have received is already in here. :)

Hi Breakage,

All of these emails are real; the easiest way to see this is to check for your account name, normal scam mails do not have this. Another way to spot that they are authentic is by checking the 'real' sender, which is us in all the above mails (WoWgmEU@blizzard.com & noreply@battle.net).