WARNING: Cataclysm closed beta e-mail scam

Tek7

Tek7

CGA President, Tribe of Judah Founder & President
Staff member
I received the following e-mail this morning:
Deathwing the Destroyer returns to Azeroth, leaving chaos and destruction in his wake. Unlikely heroes will rise up to protect their scarred and broken world from utter devastation.

To ensure you're opted-in and eligible as a potential candidate, you'll need a World of Warcraft license attached to your Battle.net account, have your current system specifications uploaded to the Battle.net Beta Profile Settings page, and have expressed interest through the franchise-specific check boxes.

In order to opt in for this beta test, you must create a beta profile containing your system specifications. To create one, please download and run the beta opt-in application: https://us.battle.net/login/en/

Blizzard Entertainment Inc
Account Administration Team
P.O. Box 27086, Irvine, CA 17690
Click to expand...
If you receive the same e-mail, DELETE IT. DO NOT click the link. Whoever is sending this e-mail is trying to steal your account information.

A few things tipped me off that this was not legitimate.

First, I don't think I've ever seen Blizzard send out a plain text e-mail. It's just not their style.

Second, the closed beta for Cataclysm started a while back. The expansion releases in early December. Whoever is sending these phishing e-mail must assume their marks must not be up on current WoW news.

Third, the e-mail contained a link that supposedly led to the Battle.net web site--a link that could easily be spoofed using sneaky HTML. I right-clicked the e-mail in Outlook, selected View Source, and sure enough: The link led to a phishing domain with a similar name.

Feel free to share the link to this thread with your fellow WoW players. Knowing, in this case, comprises greater than 50% of the battle.

For those interested in that sort of thing, the return path for the e-mail was liapawhu@yahoo.com. I wonder if it's possible to report the user to have his or her Yahoo account suspended?
 
Last edited:
First scam email?

I get around 3-4 a day :)

Dunno how the beans they got my email, but it's fun to read their many typos, grammatical errors, and idle threats...

"Click the link and log in with in 24 hours or we will delete your account"

lol. But ya. Never click a link in an email that is MMO related unless you did a forgot a password, just registered, or it's just to read an article or something... Never log on through these links.
 
Ever since I activated my Star Craft 2 account, I've been getting about 3 Blizzard spam e-mails a day. >:|
 
The link looks totally valid though. Even the certificate is valid. If it is a fake link it's unbelievable good.
 
I don't know what you people do, haha.

I have been paying for WoW off and on for 5 years now AND I have Sc2 and I have never received a scam or spam or anything from "Blizzard."
 
Lloren said:
The link looks totally valid though. Even the certificate is valid. If it is a fake link it's unbelievable good.
Click to expand...

The copy paste would work as the BBS would translate us.battle.net to the proper site. While the email link may have been spoofed. It looks like it is going to us.battle.net but it is redirected. Just like I just did. Copy paste wouldn't grab to spoof.
 
Joshinator said:
First scam email?

I get around 3-4 a day :)
Click to expand...
Keero said:
Ever since I activated my Star Craft 2 account, I've been getting about 3 Blizzard spam e-mails a day. >:|
Click to expand...
/me scratches head

Maybe it's because I have a spam filter add-in installed for Outlook, but it's very, very rare I get a "Blizzard" scam e-mail. On the rare occasions I do get a phishing e-mail, Outlook usually flags the message as potential dangerous.

Lloren said:
The link looks totally valid though. Even the certificate is valid. If it is a fake link it's unbelievable good.
Click to expand...
The link itself is real, but the HTML source of the message (which I didn't include in the OP for obvious reasons) sends the reader to a fake site. It's easy enough to do:
Code: 
<a href="http://thisistotallyascam.com">http://thisistotallynotascam.com</a>
Like ah-so.

That's why you should always view the source of any HTML e-mails (even if they appear to be plain text) from questionable sources.

Better yet, skip the link entirely and just manually type the address for the site you're trying to access directly into your web browser.

Odale said:
I don't know what you people do, haha.
Click to expand...
I don't know where scammers are getting these addresses, either.

/shrug

Avesther said:
The copy paste would work as the BBS would translate us.battle.net to the proper site. While the email link may have been spoofed. It looks like it is going to us.battle.net but it is redirected. Just like I just did. Copy paste wouldn't grab to spoof.
Click to expand...
Correct.
 
Tek7 said:
First, I don't think I've ever seen Blizzard send out a plain text e-mail. It's just not their style.
Click to expand...

I have, granted it was about them charging me twice and giving me two copies of StarCraft II, the email saying they reversed the charges and removed one of the keys from my account was plain text.
 
OrryW said:
I have, granted it was about them charging me twice and giving me two copies of StarCraft II, the email saying they reversed the charges and removed one of the keys from my account was plain text.
Click to expand...
I meant announcement e-mails, but yes, good point.
 
Avesther said:
Before you click delete, click the forward button and forward the suspicious email to hacks@blizzard.com with a subject line: Hack Attachment. Then delete the email
Click to expand...
Already did. :D But thanks for the suggestion. I didn't think to reply to the post letting everyone know I had forwarded it to Blizzard. I'd recommend anyone who receives a scam e-mail forward it on to the e-mail address Avesther posted.
 
I get a TON of them. Basically here are the telltale signs

1-Blizz will refer to you by NAME. Dear X. Not Dear player.
2-Blizz never sends plaintext.
3-Blizz seldom ends up in spam
4-Blizz never makes typos
 
I used to not get any spam but started getting a few fake blizzard e-mail all at once. The funny thing is I've never played WoW ever and the are telling me my account has been hacked :p .
 
NEW SCAM!

I have been getting these type of scam e-mails for well over a year and usually you can tell, but there is a new one out now that you pretty much can't tell so be careful!

This is the E-mail...(I XXXX out my e-mail)

Hello,

Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username XXXXXXXX. The e-mail address k***@hotmail.com has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change.

Once the new address has been verified, the e-mail address XXXXXXX can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account.

If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately.

--------------------------------

Now if you check the original to see if its been spoofed it shows the return path as ...

Return-Path: <billing@blizzard.com>
Received: from blizzard.com ([121.166.229.183])

So it looks legit. If you click on the link it will take you to the battlenet login page and everything there looks legit too. Then if you try to login you will get a page can not be displayed and your information is now had by the scammers.

So once again NEVER click on a link, if you think its legit don't click on the link and just go and login to battle net directly.

This exploit is new and due to how it looks there may be a ton of hacked accounts, you can read about at softpedia as well as McAfee is warning about this...

http://news.softpedia.com/news/Fake-Battle-net-Emails-Direct-Gamers-to-Phishing-Site-161987.shtml
 
You must log in or register to reply here.
Back
Top