Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Caution: Phishing Attempts.
sayuri2006
Member Posts: 161
I would like to write up a thread about the rise in fake e-mails sent to WoW players in an attempt to steal your account information and how you can better protect your account.
Unfortunately, I have had to see through the hardship it can cause players and with the rise of hacked and compromised accounts, we need to be kept up to date. It is not only about being better educated about today's methods of phishing but also to use caution so I would like to offer my suggestions:
-Firstly, any e-mail that has a LINK in it is not from Blizzard. I repeat if the e-mail has a direct link in it, it is NOT an official e-mail from Blizzard.
-Ask yourself if you do get e-mails claiming to be from Blizzard, why would they contact you, for what purpose?
-Alot of phishing attempts of late have been for Cataclysm invites, WoW account compromises, Starcraft 2 purchase, WoW account extensions, a payment made by a credit card. Be VERY wary of these. I must stress that any of the above is the quickest way to get your account information. They usually include a direct link to a fake support page.
-If you do indeed get any of the above e-mails, they will look real. The support page will look just like the real battle.net or WoW login page. Do not fall for this.
-Some hackers even will try and brute force your account which will cause a brief lock-out. This is from Blizzard's end. This is followed by an e-mail sent by the hackers in hope that you will during that time read the e-mail and check if your account is ok. Even if you go through the official website, some players do not realise that their account is fine but under a temporary lock-out thus causing them to freak out and try the scammer's link directly as an alternative. BE CAREFUL. Do not do this.
-It used to be that the e-mails would have alot of punctuation and spelling mistakes and hackers know this. Do not trust e-mails now that sound and read like they are from Blizzard.
-You can generally tell by looking at the address bar because the address itself will have a mistake in it. For example: having accoutlogin instead of accountlogin. ALWAYS go through the main WoW website or paste it into the address bar from a word or notepad directly.
*UPDATE* (25/08)
-Another good way of knowing if the e-mail is legit or not is to look at the headers; in other words the IP address where the e-mail has come from. You can check the IP address under g-mail by going to "show original" under the scroll-down menu on the top or bottom right next to the "reply" button. Under yahoo, it is called "full headers" on the bottom right corner. There are TWO IP addresses; one that originates from their own web server and the other that is where it was sent from. One IP address should be close to: 12.129.242.48 which is Blizzard's source. It will look like: (ext-smtp12.us.battle.net [12.129.242.48]), the last two digits may vary but you can verify the IP address for yourself.
This alone should tell you if this e-mail is legit, because hacked e-mails use someone's e-mail address as the originating source and when you check the IP address, it is not "California Irvine Blizzard Entertainment." You can check the IP source, I use: http://www.ip2location.com/free.asp.
-Lastly, get an authenticator.
Comments
My email must of got on some bullshit wow scamming list. A few months ago I used to get alot of these fake wow login emails trying to trick you but now gmail seems to be much better at putting it all in my spam folder
gmail :P
I received a fake mail this day saying i payed 25 euros for a pet in the game and i had to connect to battle.net. TAKE CARE it's a fake mail. never bought a pet for WOw and I only played a month ...
MY real blzzard 's account is ok ; this is a fake mail sent for phishing.
Yes, any e-mails that claim you have won something or will get an in-game pet is fake.
The BIG thing is to use your better judgement. Common sense. Ask yourself:
"I haven't done anything. Why would I get something free?"
"I didn't even change my password"
"I didn't even sign up for Cataclysm beta"
"I didn't even buy or sign up for any interest about SC2"
"I didn't even extend my gametime"
ALWAYS use your better judgement.
these posts are really annoying, but unfortunately they are needed because of scam artists.im sure someone will soon post "you have to be stupid to fall for one of those"... but thats not true, it just means you got caught not being cautious. (hasnt happened to me yet thankfully)
thanks for posting this for all the people that are new to mmo's or arent aware of how common these scams are now.
IF THE ONLY DEFENCE FOR CRITICISM OF A GAME IS CALLING SOMEONE A TROLL OR HATER, THAT SAYS A LOT ABOUT THE QUALITY OF THE GAME
Something else you can do if you are unsure of the emails validity is turn on full headers as you are looking at the email. If you don't know how, google it. It will give you a bunch of info, look for the originating email address. Most of the time they are from Hotmail or some other web based email service.
I got a brilliant one this morning. It said thank you for buying Starcraft II here is your product key. Please log in to your Battle.Net account by clicking on this link and confirm your password etc etc etc. I haven't bought a copy of Starcraft II so be on the look out for that one as well. These hacking boys are getting more creative
I have between 10- 15 wow fishing emails a month although i don't play wow or have wow accounts i only started getting them when i started posting here.
I am a security expert and doing research into where and how people are getting online games hacked i have many customers that have had wow accounts hacked even with best in security software and working on some software to identify and delete phishing emails and block installations of keyloggers,trojans,rootkits.
I have noticed a huge rise in phishing emails for wow notified all my customers to ignore all emails for wow and forward them to blizzard atm i am working on a cloud based spam filter to identify and remove phishing emails and emails with trojans and 0day exploits.
You need to be CONSTANTLY on your guard and not just from emails.
Today, I did a google search for something WoW related and the top link reported back which was a sponsored link from Google went straight to a phising page. The tip off was that they spelled ARMORY as AVMORY. I sent Google a notification but still anyone not paying attention might fall for it and try to log in to the web page.
Check all links and double check any links that aren't directly on the Blizzard website.
I have put up an update that might be of interest for people that like to look up on IP sources. This has been a method of mine of late, as alot of these hackers make the appearance of the e-mail look legit but you can't bypass the source of the e-mail.
I get 3-4 a day, and I only played in WoW beta.
Thank you very informative. How do they force a lock out? Can they?
Ever since Blizzard gotten invovled with Battle.net there has been a 3000% rise in fake emails, scams and hacked accounts.
A friend who worked for FBI Cyberspace Enforcement dept told me the other day that the authenticator's sold by blizzard is not effective as blizzard claimed it was.
Too protect your privacy, do not use Internet Explorer. Use Firefox or other browsers that have a high security rating. Also use software called Keyscrambler <--- it is a addon that works with Firefox and is very helpful and good anti-hacking tool to use.
Common mistakes that people make when doing passwords is that they use common everyday words or numbers. Passwords should be combination of the two and no less then 8 characters and no more then 40 characters long. The recommended number of characters in a password is 12-20 characters. Do not use the same password for same site. Learn to write down your password in a ledger and put it in safe place, DO NOT SHARE IT WITH ANYONE, NOT YOUR FAMILY, NOT YOUR ROOMMATE.
Also do not visit or click on sites that offer powerleveling services or gold buying services or buy accounts from ebay (heard one player who bought a account from ebay had his account hacked within 8 hours after buying a WOW account).
Do not visit sites that have banners or advertisements to powerleveling services, gold buying, gold selling, leveling guides. Most likely these sites will 100% of the time install keylogger trojans without your knowledge.
hell i dont even have a wow account, my yahoo email i use wiht this board gets tons of wow phishing spam scams because i had some free trial account to wow 2 years ago linked to it, and apparently that had battlenet connected to it recently, now every day my spam box which usually had about 20 catches in it, now has 20 more from wow phishing. way to get people that arent even customers spammed blizzard, if they start a class action lawsuit im liable to join it for undue mental stress and suffering for getting my inbox flooded when i never even bought your crap game!
I would guess they use a program trying to log in to your account with a bunch of possible passwords. They must have some kind of lockout if you written enough wrong passwords or anyone could break you password with a program.
But I don't think that the lockout time is so long, a guess would be 30 minutes.
Yes, It functions like an ATM where after a certain amount of incorrect tries to enter the account information, there is a brief lock-out (not from the game itself but of accessing the account through Account Management). This is quite a recent way to get the account holder to panic and click on the link on the scammer's e-mail which of course is not linked to Blizzard's one.
Please be careful of this and if in doubt, just wait it out....chances are your account is fine. Revert to checking exactly the source of the e-mail to confirm and put your mind at peace. Go for chking the headers and chking the IP address of the origin source.
The authenticator is not an ultimate protection to your account but it is an improvement especially since you are now forced to use an email address as the account name. I went and created a new email address just for battle.net that I will never use for anything else and is not related in anyway to me or my real name (take that realID).
The authenticator generates an 8 digit single use number basically 00,000,000 to 99,999,999 or approximately 100 million possible numbers. Now if all were valid this would be useless the trick is that only some of them are valid and they are only valid once. The issue is how quickly does Blizzard want the authenticator to expire? Do you make it capable of generating 1 million numbers then you would only have a 1 in 100 chance of getting a number randomly guessed. The problem I see with the authenticator right now is that it displays a number and then after 30 seconds or so it moves on to another one. It should only generate a number when asked to and the total amount of numbers should be limited to no more than 10,000 which would make it extremely hard to randomly guess though of course it would still be possible but now they need to guess the email address, the password and the authenticator number. It does make things harder for them.
Oh, I'm using the phone app authenticator the key probably does work by pressing a button but I suspect that it is the same algorithm. The other thing they need to do is to go from 8 digits to 12 to further increase the odds against the hackers.
-----------------
There you go, using a Free Trial account that majority of gold scammers uses is sure fire way to get your account hacked by hackers and/or getting a ton of email scammer offers in your email box.
Also people need to remember that since being in a recession a lot of game companies like Blizzard totally ignore thier own EULA and TOS and sell subscriber email address's to third parties for hundreds of thousands if not millions of dollars (USD Currency).
I would not be suprised if MMORPG also does this as well.
What lot of folks do not realize that often times these third parties have ties with the hackers community and/or organized crime families.
A class action lawsuit might be the ticket, but you have to remember that Blizzard/Activision is a Multi-Million dollar business and they have dozens if not hundreds of lawyers working for them and hundreds of thousands to millions of dollars to spend that they could bury the average gamer in legal fees and paperwork delays since the average gamer cannot afford such high price lawyers so lawsuits of this nature usually do not work.
Your best bet would be to contact your nearest Federal Law Enforcement agency that deals with Cyberspace Activities and go from there. If enough people files complaints with their local countries law enforcement, someone is bound to take notice.
Here in the USA would suggest FBI and Secret Service, UK would suggest Scotland Yard/MI5 and EU would suggest InterPol.
Complaining to blizzard or forwarding emails to blizzard usually does not work. They only go after those who make a profit like that private server lawsuit.
Hackers are everywhere, they have been collecting password of everything for years. Not just WoW. WoW just happen to have a client base larger than most of the paid subscription services. And since we are reading game forums, here is where they will come to complain. Visa card hacks will not be discussed here.
The authenticator is not effective? Well, it prevents stealing of passwords by bots and shelved for future hacks. A hacker will have to physically be present and immediately use that password, within 30 seconds or less. How many accounts can he steal that way, per hour, even if he can steal any? How many accounts he use to steal and store through bots and other keyloggers, and reused months later. If that is not effective enough for the simple cost of only $7/10 whatever, one off, per account, tell me what else you have in mind.
What are you trying to do? Having a personal agenda against blizzard, and promoting legal action against blizz? Call MI5? FBI? Do you need to alert the United Nations or pray to God tonight asking him to flood Blizzard with rain and thunder?
Good grief, so seek a psy and get your fix. i really wonder if MMORPG would like your kind of writings here, it borders legal issues.