Elliott C. Back: Internet & Technology

World of Warcraft Phishing Spam Email

Posted in Games, Hacking, Warcraft, WoW by Elliott Back on November 22nd, 2008.

Just got this lovely email, pretending to be from Blizzard:

Subject: Warning : World of Warcraft Account Notice
From: donotreply@blizzard.com
To: arfenhousetoo@gmail.com

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard’s EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement

and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:

http://www.worldofwarcraft.com/account

Only Account Administration will be able to assist with account retrieval issues.

Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,
Account Administration
Blizzard Entertainment

See, the thing is that the first two links go to real Blizzard pages, but the last one secretly goes towww.blizzard.com.login.xml.mcnewvision.com, which is clearly a moronic phishing attempt. This leaves me with two questions:

  1. Did they target me as a Wow user specifically by harvesting my WoW-associated email address somehow? A Blizzard partial hack?
  2. What would they do with my account if they got it? Sell my lousy lvl 45 char on ebay? LOL….

This entry was posted on Saturday, November 22nd, 2008 at 10:57 pm and is tagged with . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.

55 Responses to “World of Warcraft Phishing Spam Email”

  1. TallT says:

    I got one and dont rememeber signing up for an account, never played wow. I think thgey would use your character for gold farming if they got access.

  2. angela says:

    heh i got an email stating i need to login into a new battle net account that was created under my email, i didnt create a battle net account as i havent played on wow in nearly 2 yrs now. who do i send this spam mail to at battle.net??, i want to forward the spam mail to them so they can catch these guys, i was even afraid to go to google and then to wow site to tell them you know, but i do want to forward this email to the right department at wow. so if anyone knows the correct email to send it to let me know thanks.

  3. Emmzi says:

    I kept getting the ones talking about account changes even though I hadn’t been on my battle.net account in ages, I’d forgotten I even had the account since I abandoned WOW after my 10 day trial expired what my friend had sent me and I wasn’t interested in buying the actual game but when I tried to log in (yea, I’m an idiot) I had forgotten my password and so reset my password and logged in to find nothing had changed and so they probably have my account stuff and so i emailed Blizzard about it all because I was worried about the knowlege of my email since I don’t want even more spam being sent to it but even after that I still keep getting sent the same phishing email, I want to delete my account anyway, all they’ll find is an expired free trial xD

  4. Will says:

    i dont even play WoW and it sent me it -_-. i would if i didnt have to pay though^^. Lame phishing attempt.

  5. yoyo says:

    Here is a new one
    ——————————————————————————–

    Greetings,

    It has come to our attention that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment’s employees. If you wish to not get your account suspended you should immediately verify your account ownership.

    You can confirm that you are the original owner of the account to this secure website with:
    https://us.battle.net/account/support/login-support.xml

    Login to your account, In accordance following template to verify your account.

    * Account name
    * Account password
    * First and Surname
    * Secret Question and Answer
    Show * Please enter the correct information

    If you ignore this mail your account can and will be closed permanently.

    Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

    Regards,

    Account Administration Team
    Blizzard Entertainment
    http://www.blizzard.com/support/
    World of Warcraft , Blizzard Entertainment 2010

    Please retain all history if you reply to this mail

    • TheShadow says:

      Here is one i got yesterday !
      phishing email the urls were directed to another site.
      Dear customer,

      Due to suspicious activity, your Battle.net account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

      Step 1: Secure Your Computer

      In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

      Step 2: Secure Your E-mail Account

      After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

      Step 3: Restore access to Your account

      We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: http://us.battle.net/verifyservice.html

      If you still have questions or concerns after following the steps above, feel free to contact Customer Support at http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20606.

      Sincerely,
      The Battle.net Account -reviewTeam
      Online Privacy Policy

  6. Morsindriel says:

    The best way to slow down these attacks is twofold.

    1- NEVER REPLY. It tells whoever is on the other end that a real person is checking that email address and you will get 100% more spam of ALL TYPES after that.

    2- *Forward* the message to hacks@blizzard.com. It allows them to track where the phishing is coming from and shut it down.

  7. josh j says:

    I accidently clicked on one of the links as i had no idea that it was fake as this was the first time i had recieved a phishing email. i followed the linked and gave the wrong password does this mean im safe? I do not care about my wow accout as there is no credit details on it as i no longer play it and my character is lvl 20 so they are not getting much its just other accounts which use the same address i am worried about. YES I AM AN IDIOT

  8. WE says:

    I receive so many of these phishing messages. Almost everyday. I don’t even play WoW, never played it before. How the hell did they get my email? Why are some WoW players so lifeless they would spam everyone just for a small chance to scam them?

  9. Anonymous says:

    Everyone:

    Important information if you do receive this, or any suspicious email. DO NOT CLICK ON ANY LINKS!!! Instead, go to the legit site by navigating to it in your browser. If you feel you have been compromised, you can change your login email and password there.

    By clicking on the links, you can potentially download malware. Which will probably turn your machine into a spam bot, or some other devious thing, and I will receive more of these emails. I do not want them, so DO NOT CLICK ON THE LINKS!

  10. Anonymous says:

    Congrats on the partial virus or worm you just downloaded.

  11. The prophet says:

    Get gmail account you’ll probably not receive does email

  12. dp says:

    My email has also been sending out messages! Anyone know how to fix this!?

    • Anonymous says:

      Try a virus scan with an up to date definition file, or wipe your machine and start new.

  13. XanROK says:

    I keep getting e-mails saying my account has been stolen to be traded or sold and stuff like that too. The problem is that 5 months ago my account was suspended for 3 hours for advertising. I did not advertise. My account had parental controls on. Therefore, I think my account is being stolen for real. Those emails were ignored but I kept receiving more. This time they said I was harassing other players and they were complaining. The email made it sound as if the people I harassed were crying. I try entering into WoW but all I get is an invalid account name or password. What am I suppose to do?

  14. jaytee says:

    LOL yep me too like others have said i wouldnt mind but i dont even play wow so i wouldnt have an account to even access if they wanted too :P i wish theses retards could research and actually target wow users at least. Has anyone had any bad issues arising from it yet?

  15. zach says:

    I got this email too, tons of it 758 of them sent to me, then they hacked my account and started sending from my email… IDK what to do

  16. Pharaoh439 says:

    got this on one of my alternate email accounts. Responded just to see what would happen (rofl) and now i get roughly 300 emails a day in that account. Gmail is also telling me that the email account has been possessed by a Japanese IP address. wtf?

  17. ajfj says:

    Got this **** to and I dont’ even play WOW. WTF

  18. Mary says:

    I received one saying I was being charged for a faction change, whatever that may be??? I never visited the site so apparently they are targeting any email they can find.

  19. lochleinn says:

    Yeah, I’ve never even seen WOW, and I’m getting them, too. Dastardly! But really? Phishing for WOW info? How lame can you get?

  20. denise says:

    I get several daily to my spam and regular folder. I stopped opening in hopes that they would end, but they still come. Several a day. From Battlenet, WOW, World of Warcraft billing, etc. I’ve called them and they say they are spam. I don’t beleive it. Never ever had an account with them. They are SOOOOOOO friggin annoying!! I wish I could stop them. My blackberry vibrates at odd times in the morning from the emails I receive from these idiots.

  21. aspenzs says:

    “You no application here”. I heard that from a gas station attendant the other day, I assume he was telling the girl they weren’t accepting applications. What is the relevance? Its obvious, unless you get a moron or a young person, the “you no application here” e-mails are slightly redundant, you’d think if they were so intent on getting accounts, they’d use someone who used clear English to write the e-mails. For what its worth, speak the language or get out or away from the country.

  22. this is funny says:

    Sometimes i recive these spam emails, lol i dont even have WoW account.

    • lauren says:

      i’m getting them like twice a day now!:

      Hello,

      This is an automated notification regarding your World of Warcraft account. Your account options was recently modified through the Account Management website.

      *** If you made recent account changes, please disregard this automatic notification.

      You can login to Account Management at the following link to review your account settings:
      http://www.battle.net/account

      *** If you did NOT make any changes to your account, we recommend you change your password and make appropriate corrections as soon as possible to ensure account security.

      If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

      Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8Am-8PM Pacific Time) or at billing@bliz zard.com.

      Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

      Regards,
      The World of Warcraft Support Team
      Blizzard Entertainment
      http://www.blizzard.com/support/wowindex/

  23. cb says:

    These spams are really quite ammusing at times and I have to laugh at anybody that speaks English that has taken any of them seriously and clicked on the links in them. I receive no less than 5 of these every day for the past several months with 99% of them having been translated using some translation service like babblefish or Google translator.

    About the only thing I would expect Blizzard to do about these is to contact the registrar of each reported email that has a link for people to click to close down those sites as fast as possible to protect the stupid from giving away their real account information.

  24. sherileetess says:

    I’ve been getting these everyday for months. The spam filter doesn’t always catch them. I had never heard of WOW so I knew it was bogus. But how the heck did they get my email? They even sent me an email from my own email addr. I keep changing my password but it doesn’t help.

  25. snowkey says:

    Scott shouldn’t be so quick to accuse Blizzard of violating his privacy. I, like many others listed here, have never had a Blizzard account, I had to google “World of warcraft” to find out what it was. Obviously, they bought our emails someplace else. I noticed when looking for this site that “World of WarcARft” is mispelled in the email attachment they send. Hard to notice, if you don’t pay attention.

  26. Just Some Guy says:

    I found this WoW phishing email in my spam box when I was doing some regular house cleaning. It had been filtered out of my regular mail.

    I don’t have a WoW account. I have never played WoW. Not even sure what it is or how one plays it.

    Anywho, the point is: Looks like it was shotgunned out even to people who are not part of WoW.

    Wish we could find spammers and phishers, mulch their bodies and use them for fuel and pet food.

  27. Raab says:

    i’ve been getting them now for the last few weeks…..they automatically are scanned as spam because i don’t have a WoW account nor ever have. some of the emails that i have read are complete nonsense, with incorrect grammar and horrible spelling, but the one i got today would have probably fooled me (if i had a WoW account). i don’t believe it’s one person or group sending them; i would say that some of the people received the original emails and cleaned them up to look legit. the mailto sends to billing@blizzard.com…and much like the other links, all legit with the exception of the verification link which is obviously masked. Blizzard really does need to do something about it, because anyone who falls for it won’t be able to afford playing monthly if they get ahold of their personal information

  28. ThePunisher says:

    The thing I find the most scary about these is that they appear to originate at an email address within the domain blizzard.com

    noreply@blizzard.com
    customersupport@blizzard.com

    I would think that even an idiot designing the rules of IP would make it so that only ip address registered with ARIN as part of the domain blizzard.com should be allowed to transmit email using an alias containing blizzard.com

    Somehow these fracks have achieved anonymity.

    Either they
    A. hacked the interenet somehow so they could throw their voice so to speak and make it sound like it came from blizzard.com

    B. Hijacked computers that actually were within blizzard.com somewhere.

    C. Work or have access to blizzard.com computers, Ie. employees.

    Blizzard better get on the ball to find out which it really is because any of these scenarios are dangerous for Blizzard as well.

    • Anonymous says:

      Settle down son, it’s very simple to forge emails. Don’t jump to ridiculous conclusions when you’re obviously not very well informed.

  29. Markus says:

    I’m not playing this stuff but being bombarded for some time now with 4 or more of this spam/phishing every day.
    Stumbled over your site when looking for remedies to stop that.
    I emailed blizzard but they are just deaf – they don’t care

  30. alex says:

    as Mosh already said they use the Mails to get your Email address and passwords.

    but it is easy to see if it’s a real Mail or not.

    If you are using a mailprogram like thunderbird you can have a look at the sourcecode with ctrl+u in the first or second line you will see a hotmail.com address or maybe a yahoo.com.tw then you it is a phishing mail.

    The spammer are using hacked accounts to send the mails. Normal mailserver would block them if they are not using them.

    Greetz.

  31. Femmy says:

    Well i got the same.
    I sent a mail to hacks@blizzard.com
    but anyways i got a automatic message back.
    With no info about the mail i sent to them.
    Blizzard is going backwards. i really hate it.
    i get these mails 3 or 4 times a day.
    for 5 months! >.>

    • Yaz says:

      @Femmy.

      I got 3 or 4 a day too. Was going on for months. I changed email address in the end.

  32. Kevin says:

    like a lot of people on here iv’e been getteing two or three of these a day i have never owned a WoW ac i had a laugh at first but now it is a real pain in the arse

  33. Chris says:

    I don’t even own, or have I ever owned, a WoW account but I get 1-3 of these emails a day. Its been going on for about 2 months now.

  34. Kim says:

    Hy hotmail account has been used to send these mails and I am getting many Delay status notifications from these having been send from my account. I have never communicated with BLizzard or World of Warcraft………very annoying

    • Mr. Kelly says:

      Never heard of World of Warcraft, as I get 2 emails a day from them.

      But on your issue, change your hotmail password. It’s in the options menu. That should then stop.

  35. Alex says:

    ITS A SCAM
    when i clicked it it went from worldofwarcraft.com
    to http://www.wor1dofwarcraft.com !!!!!!

  36. Scott says:

    This is happening because Blizzard, with their new Battle.net account BS, has knowingly exposed your email address to the outside world, allowing every hacker and spammer known to man to see your email address, and target your account. I’ve canceled my WoW account over this, as I don’t expect a company I have had a 2 year relationship with to expose my PII so blatantly to any tom, ****, or Xio Chin Lee on the internet.

  37. prote says:

    I started getting awful lot of them (I get about 2 spam e-mails everyday) and each and every one is more funny than another. I can’t imagine how stupid would someone have to be to type their login details to a website
    “sufgd.cx/wowaccountlogin”
    I think I get them because I was to lazy to go to a actual shop and buy a WoW gamecard and just bought one over the internet (providing my real email).
    Probably changing my email address is the only thing I can do, but it’s a shame since I have this email address for long time (5+ years) and it’s only 4 letters + @ + 2 letters + . + 2 letters, so only 10 chars in total (with no lame numbers or underlines) which is pretty cool compared to modern email addresses like coolmike1234_3486@yahoo.com (my friend has a email address like that)

  38. anonymous says:

    i got a similar one. it was from “wowaccountadmin@blizzard.com”. the first 2 of my sites were legit but the last came up with a warning from google saying it had a history of illegal activity or something. i have never had a world of warcraft account. then i got another one but it only have worldofwarcraft.com with no illegal website. do you think that since i did not reply to the last the same people are trying to convince me it is legit?

  39. Brian says:

    I just got mine today. Crazy…

  40. aslum says:

    I got this and I don’t (nor have I ever) play WOW. It’s shotgun.

  41. Jose Ramones says:

    great blog!

  42. Patricia W Olson says:

    tu blog es excelente! te mando 794 felicitaciones!

  43. Betty R Brent says:

    great article!, grats for u site :)

  44. elliottback says:

    Oh,

  45. Mosh says:

    Lots of people use the same login details for several sites. By targeting and getting your email address and password, they could – potentially – also get into your PayPal, email, eBay, Hotmail, Google… Anything that uses the email address as the user ID.

Leave a Reply

Powered by WP Hashcash