All new topics created regarding phishing mails/websites will be locked and redirected to this thread; please make sure you read the entire sticky before you post.

————————————————————————————————————————————————
TL;DR?��We've turned some of the information in this sticky into a video on YouTube!��http://bit.ly/qIJc3Y
————————————————————————————————————————————————


We have been seeing a troubling increase in the number of fake or ‘phishing’ emails being sent to players, all appearing legitimate and official and seemingly originating from Blizzard Entertainment.

These emails, created for the criminally fraudulent process of attempting to acquire sensitive details (account names, passwords, or other account information), may promise exclusive in-game items, bonus game time, or ‘specially selected’ Alpha/Beta invitations to upcoming Blizzard releases.

More commonly, and undeniably more worryingly, they may even threaten dire account-related action unless the player provides his or her login information, or follows a specified website link (usually to ‘verify the legitimacy of the account’).

Please do NOT fall for these scams!

REMEMBER: Neither Blizzard nor its employees will EVER ask for your password.

I’ve received an email just like this – is it a fake? How can I tell?

There are a few key points you can check straight away in order to determine whether an email is genuine.


• Emails from Blizzard will always originate from an @blizzard.com or an @battle.net email address.
• Any correspondence sent from Blizzard Entertainment will make use of correct spelling and grammar.
  Multiple typographical errors, unusual sentence structure or obvious grammatical inaccuracy should serve as an immediate warning to proceed with caution.
• Blizzard employees will never ask you for your account password via any means.
  No matter how official or legitimate an email may look, if such information is requested then it is simply not from Blizzard Entertainment.
• Phishing mails will frequently claim that an account has violated, or been found in breach of, a specific policy. These mails often employ intimidating wording and claim extreme actions (including account closure or termination) will be taken should the player not ‘verify ownership’ of their account.
  This is not a standard practice of Blizzard Entertainment.
• Phishing mails may also appear to offer complimentary, and often hitherto unheard-of, in-game pets or mounts, periods of game time credit, or special advance access to Alpha and Beta versions of forthcoming Blizzard games.
  These mails can often seem too good to be true, and as a result they likely are! Please double-check the existence of anything mysteriously offered to you via an email, and do not accept any ‘offers’ you cannot confirm as official.
• In many cases, these fake emails will request that account owners visit a specific (malicious) website, where they will be asked to “log in”. While these sites can on occasion be extremely similar in appearance to actual Blizzard pages, inputting one’s login details therein will directly submit it to the companies or individuals in question (thereby instantly rendering the account liable to compromise).
  If ever asked to click through to a website linked within an email, please be very wary – double-check the destination of the hyperlink before you click.

So, this email comes from someone showing as @blizzard.com or @battle.net. That means it’s real, right?

Unfortunately, no. The appearance of an official email address as the sender is not enough to guarantee an email’s veracity, and you should still remain cautious. This is due to the fact that it is possible to alter the appearance of a sender address in the “From” field of an email, and this process (known as ‘spoofing’) may cause a malicious email to seem as if sent from Blizzard.

In order to verify the actual sender address of any email you receive, you will need to check the email header information.

What’s an email header? How do I find it, and what am I looking for?

Most email clients and providers will allow you to view more information about the email than is normally shown, including specific details about the sender, the path the email took in reaching your inbox, and any other redirections that the email may have been subject to prior to arriving in your mailbox.

For more information on how to check this data, including some specific details for some of the more common email providers, please see our Support site article;


How to Identify "Spoofed" Email Addresses
http://eu.blizzard.com/support/article.xml?locale=en_EN&articleId=43010

OK, but the links in my email look right. You said something about needing to ‘double-check’ them?

Yes, indeed. Through the use of HTML coding, it is possible for an email link that looks perfectly harmless to lead you somewhere else entirely (and inevitably to a fake website).

Depending on your Internet browser or email client, you can sometimes see the destination URL a link will use displayed in the bottom corner of your window, or in a hovering tooltip.
However, for a non-specific means of uncovering the URL that any hyperlink will direct you to, you may use the following steps;


• Right-click the link, and then select ‘Copy Shortcut’, ‘Copy Link Location’, ‘Copy Hyperlink’ or similar;
• Paste this information into a text-based application so that you may examine the address to be used.

If you are ever in doubt about the veracity of a link, it is always safer to navigate there yourself.

Why am I getting these emails in the first place? I don’t remember giving my email address out to anyone.

Most commonly, ‘databases’ of potential player email addresses will have been compiled through the use of any unofficial World of Warcraft web pages (such as fan sites, wikis or guild websites), as well as social networking sites (like Facebook, Myspace or Bebo), so your email address will likely have been on display inadvertently without you ever specifically giving it out.

The most reliable way to stop receiving these types of mails, and also to provide an extra bit of security to your account, is to consider creating a new email address purely dedicated to World of Warcraft and Battle.net use.

During the creation process, do make sure that no part of the new address or password coincides with your previous email addresses, passwords, nicknames or profile information on any of the above sites, and that you avoid using this new email account for anything other than Battle.net in the future.


NOTE: As touched on above, with your Battle.net email address also functioning as your account name, using a dedicated, secret email account can actually help secure or increase the protection on your World of Warcraft account.

Right, thanks for all the information. I think I definitely have a fake email here, so what do I do with it now?

Well, the first thing you should consider doing is forwarding the entire email to our hacks@blizzard.com email address.

Please also copy and paste the email header into the message body in order to ensure that we can fully identify the source of the mail, and hopefully help prevent future phishing mails of the same type.

Um, unfortunately I actually replied to one of these fake mails before reading this thread, and now they have my details (Secret Answer, CD Key, etc). Please help me!

Firstly, there’s no need to panic. You should, however, make sure you change your Battle.net account password as soon as possible:
http://eu.battle.net/account/management/

Then move on to either changing the password on your email account, or simply creating a new dedicated email account (see above) that you only use for World of Warcraft and Battle.net.

At this stage, you should hopefully have restored your account to the same level of security as prior to the phishing email, but you may also wish to consider purchasing or downloading a Blizzard Authenticator (either physical token or mobile version);


Battle.net Authenticator FAQ

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=36010
Battle.net Mobile Authenticator FAQ

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=35970

I didn’t reply to a fake mail, but I just may have clicked on a dodgy link instead… Is my PC still safe?

Unfortunately we are unable to diagnose or scan your PC remotely, so we sadly cannot help determine whether your PC may be ‘safe’ or not.
However, at the earliest opportunity, please do take some time to read some of our Support site guides on securing your account, and related software to help you with this;


Account Security Measures

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=41911
Battle.net Account Security Awareness

http://eu.battle.net/security/
Security Software

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=29142

If your account has been stolen or compromised, or you are wishing to read up on any information related to account theft, please take a look at our compromised account sticky on this very forum;

►► Account Hacked/Stolen? CLICK HERE! ◄◄
http://eu.battle.net/wow/en/forum/topic/900641512

For the remainder of this thread, we will continue to update with new examples of phishing emails reported to us.

If you do receive one of these fake mails, please check to see if we have it listed here already, and if not then you are very welcome to post it within this thread so that we can consider adding it to the list.

Oh, and please REMEMBER: Blizzard employees will NEVER ask for your password.

Scam email examples incoming!

Greetings!

It was reported that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. We will gather more information through further investigation. If you wish to not get your account suspended you should immediately verify your account ownership. You can confirm that you are the original owner of the account by providing the following information:

* First and Surname
* Date of birth
* Address
* Zip code
* Phone number
* Country
* Account e-mail
* Account name
* Account password
* Secret Question and Answer Or WoW CD-Key

Show * Please enter the correct information

If you ignore this mail your account can be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment

We don't need your password – we have no use for it whatsoever. So if a mail asks for your password, it's not us!

Greetings,

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement

and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage: <fakewebsite.com>

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Please remember that it is your responsibility to keep your login information confidential. You may not share access to the account with anyone who is not expressly permitted in the World of Warcraft Terms of Use and the Terms of Use for the games you play. You are also responsible for every use of your login information, whether you have authorized it or not.

Sincerely,


Account Administration
Blizzard Entertainment

It is your responsibility to keep your login information confidential, but a trip to <fakewebsite.com> is not the way to do so.

Hello,

This is an automated notification regarding your World of Warcraft account.

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement and Section 8 of the Terms of Use

A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.

Thank you for respecting our position on this matter.
** We request that you verify your legitimate ownership of the account here: <fakewebsiteagain.com>

Blizzard staff will verify your account information submitted in two days, please do not modify your
account information during this time . It will not affect your game uptime. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Regards,
Blizzard Entertainment Inc Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Blizzard Entertainmen

Playing from Europe, with a European account, it is extremely unlikely you would ever receive any correspondence from an ‘Account Administration Team’ in California. We also haven’t changed the company name to “Blizzard Entertainmen”!

Greetings!

This is an automated notification regarding the recent change(s) made to your World of Warcraft account.

Your password has recently been modified through the Password Recovery website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make changes to your password, we recommend you Login verify your password: <websiteoffakeness.com>

If you are unable to successfully verify your password using the automated system, please contact Billing & Account Services at

1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com.

Account security is solely the responsibility of the account holder.

Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account.

In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

The World of Warcraft Support Team
Blizzard Entertainment

We have verification the password for the World of Warcraft account associated with this email address. verification password, please click the following link and follow the instructions:

<websiteoffakeness.com>

If you notice issues with the World of Warcraft account or associated games after logging in with your account, please contact the appropriate support department for assistance immediately: <snip>

Please remember that it is your responsibility to keep your login information confidential. You may not share access to the account with anyone who is not expressly permitted in the World of Warcraft Terms of Use and the Terms of Use for the games you play. You are also responsible for every use of your login information, whether you have authorized it or not.

Billing and Account Services can be reached directly at 1-800-592-5499. Players in Australia and Singapore should call 1-800-041-378 and 800-2549927 respectively if unable to connect via the first number. Our representatives are available Monday through Friday, between 8:00AM and 8:00PM Pacific Time.

Thank you,

Blizzard Entertainment

Mails that require you to log into <websiteoffakeness.com> in order to verify your password are not standard Blizzard practice, nor especially logical either.

***Notice of Account Will Closure***

Reason for Closure: Terms of Use Violation -- Exploitative Activity: Unauthorized Cheat Programs ("Hacks")

This account Will closed because one or more characters were identified using an unauthorized cheat program, also known as a

"hack." These programs provide character benefits normally not achievable in the World of Warcraft. Such benefits include, but are

not limited to, increased speed, teleportation, or running through walls/boundaries. Use of these unauthorized programs harm the

game environment because they offer an unfair advantage over other players and superscede the intended limits of the game.

Even if this behavior is the result of a third party accessing the account instead of the registered user (for example, a friend,

family member, or leveling service) then the account can still be held responsible for the penalty because of the impact it had on

the game environment.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage: <stillafakesite.com>

We've found the above behavior is many times directly related to groups responsible for compromising World of Warcraft accounts; we

take these issues very seriously. To better understand our position against exploitative activity and the risks involved, please

review this article:

http://www.worldofwarcraft.com/info/basics/antigold.html

The exploitative activity that took place on this account violates the World of Warcraft Terms of Use. We ask you take a moment to

review these terms at

http://www.worldofwarcraft.com/legal/termsofuse.html

Any recurring subscriptions on this account have been suspended to prevent further monetary charges.

For any disputes of this action, please visit the Exploitative Activity FAQ and Contact page here:

http://us.blizzard.com/support/article/exploitfaq

Regards,

Blizzard Entertainment
www.WorldofWarcraft.com

There is far more wrong with this mail than can be summed up in a single sentence, but real-looking links still do not necessarily equal real websites nor should the presence of some real links convince you that all the others must be.

Greetings,

As a part of our ongoing coverage of World of Warcraft: Cataclysm, we will start a global database upgrade. When this upgrade begins, we cannot accept any requests for character and item restoration.Please understand that due to the amount of content we support, our logs are not indefinite.

If you want to restore your character and item, tell us as soon as possible. We will strive to help whenever we can. This document serves to specifically describe how we will address these instances.

Virtual property lost for reasons beyond a players' control

If we can verify that your loss of virtual property was the direct result of:

* A documented bug.
* Data loss due to a problem with our service (unless due to a global database revert).

We will attempt to restore the virtual property.

Virtual Property lost that is essential to class development

If we can verify you have lost possession of an item (for any reason) that meets of the following categories:

* Was previously in your inventory.
* You are unable to recover yourself.
* Is essential for proper class development (i.e. a quest reward needed to receive a class defining skill).

We will attempt to restore the virtual property.

Virtual property lost due to user error

If we can verify that your loss of virtual property was the direct result of:

* Accidental deletion (characters, items, and in-game currency).
* Accidental sale to a vendor.
* Falling victim to a scam.
* Any other user error.

We will attempt to restore the virtual property.

How to start the process

For us to be able to investigate your loss, please send us an email with the following information:

* Battle.net account name
* World of Warcraft account name
* Character names
* Realms the characters are on
* Level, class, and race of the characters
* Exact name of the items that were lost (if any)
* The time and date of the loss (as precisely as possible)
* How the items or characters were lost (if you know)

We reserve the right to refuse restoration if we feel an excessive number of requests have been made in this particular category or if an undue amount of time has passed since the item or character was lost. We do not wish to encourage career victims, nor will we penalize players who legitimately make the occasional slip-up. Although we understand that the occasional mistake can be made, please be aware that restorations are limited, not guaranteed, and are at the sole discretion of Blizzard Entertainment

If your particular case fits any of the above criteria, you may be eligible to receive assistance with the recovery of your lost goods. Due to many variables with investigating these claims, your reimbursement, if approved, may not be immediate. Keep in mind that a player and the account registered to him/her will be permitted a limited number of instances in which the GM staff will assist with property recovery. While we can restore items with random modifiers (of the Bear, of the Eagle, etc.), we cannot guarantee that you will receive the same modifier you had on your original item. We are also unable to restore enchantments or add-ons that these items may have possessed.

Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,

Blizzard Support Team

Please note: We do not anticipate that database upgrades or the Catacylsm expansion will prevent us from providing restorations. This is a "fake" e-mail.

To English-speaking players:


In The coming 2012, World of Warcraft is trying to launch a New version of Game:

<< The anger of Azeroth >>

includes:

New Maps, New Races, Funny Pets, More Skills and Endless Challenges!

Participating in our theme, you can probably get lucky prizes, including up to six months free game time.

For more amazing information, please visit our website:

<fake link>

If you have additional questions or concerns, please log in to the Blizzard Customer Support web site

at <fake link> and reply to the ticket.

Looking forward to your participation!

Regards,

Game Master Rahzzyl
Customer Service
Blizzard Entertainment

With the recent announcement of the next expansion, players may start to see e-mails like the one above either inviting you to participate in a fake expansion or giving you the chance to play in the expansion beta.

While tempting, keep in mind that these are very fake and there are currently no plans for any invites being sent out at this time.

Greetings!

Recently, the problem of account invasion is getting worse and worse which cause enormous player’s equipments and virtual currency stolen. This severely damages the benefits of mass players, also causes our company lose a lot of customers.

Our company has to adopt some measures to safeguard our common benefits in order to strengthen the safety of mass players'accounts, and firmly resist the account to be stolen again.Through our company's research and investigation to xxx customers,we will make the following decisions: we launch a package of updated Battle.net Mobile Authenticator and dynamic code protection card which can effectively prevent the accounts invaded. We will send this package of code protection system to players free of charge.

Please open this connection:

<fakelink>

If your account passes the check successfully, we will send this package of dynamic Battle.net Mobile Authenticator to you in the form of e-mail.

In 3 days after you receiving the e-mail, if you don't submit your information, we have right to freeze your account, every player is obligated to protect the safety of the account. You must work together with us to be determined to crack down all the behaviors of destroying games.

If you had already authenticator your account, please disregard this automatic notification.


Regards,


The World of Warcraft Support Team
Blizzard Entertainment

The structure, grammar and spelling of this mail should have already alerted you to the fact that it is a fake e-mail. Please also note that we will not take action on your account unless it is compromised or you have broken our policies. We will always take the action first and then send an e-mail to your registered e-mail address explaining the situation.

Do keep in mind though that authenticators are a great way to protect your account and if you have not got one yet and would like one, you can find out more about them here. :)

Battle.net Mobile Authenticator FAQ
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=35970

Battle.net Authenticator FAQ
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=36010

Hello,

Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username <your e-mail address>. The e-mail address k***@hotmail.com has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change.

Once the new address has been verified, the e-mail address <your e-mail address> can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account.

If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately.

Sincerely,
The Battle.net Account Team
Online Privacy Policy

This fake e-mail contains information that pertains to you and can make it seem more genuine than it really is. It is very important to remember that if you change information on your Battle.net account then the e-mail we send only mentions the change made, rather than providing what it was changed to.

Should you receive this mails on your registered e-mail address, it may be worth changing your e-mail details in Battle.net to a brand new one to be on the safe side.

Dear <name>

This is an automated notification sent from our account security system. You logined your account successfully at <date> form the <insert IP address> range, but our system shows the <insert IP address> IP range exists a large number of hackers. As too many customer complaints, the <insert IP address> IP range has been blacklisted. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you check your account status here as soon as possible. If you have any questions, please visit: <fakelink>

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

Blizzard account system
Blizzard Entertainment

While it seems that you may have been caught by our security software, rest assured that this mail is fake and once again an attempt to steal your account details.

The important thing to note about this particular mail is that the <date> and <IP address> are generic and will more than likely be the same information on all mails of this type sent. However, at first glance it might seem genuine as you may have indeed logged in at that time. Keep in mind though that many other players probably have also logged in at this time and is why it is easy to catch people out.

If you are concerned that you might have unauthorised software on your machine, then you are welcome to take a look at this sticky and follow the instructions there. :)

(Sticky)[Guide] How to SCAN and SECURE your PC
http://eu.battle.net/wow/en/forum/topic/900641537

Greetings,

NO.S4D64FS564S3S

***Please read this e-mail carefully, as it is related to your account state of World of Warcraft ID.

Deathwing the Destroyer returns to Azeroth. There is a serious saturation point in the World of Warcraft ID(s) and it is very difficult for players to creat a role. That we may delete some of the same as role's ID(s) to ensure to get a better gaming experience for players.

Sorry, because the part ID(s) which is not logged on ,for a long time. For our regular check may cause your ID(s) is cleared. We need you to submit the further questionnaire in person. In order to confirm that you are still in Azeroth. Please click

<There was an obviously fake link here>

Login to your account, In accordance following template to verify your account.

*We look forward to seeing you back in Azeroth.

Once we verify your account, we will reply to your e-mail informing you that we have given up deleting.

Game Masters:

Game Masters (GMs) are Blizzard Entertainment personnel that are available in-game to assist you with your gameplay related questions, problems, etc. Learn more about Game Masters, including how to contact them at <Snip Link>

Best regards,
World of Warcraft Account Administration Team
<Snip Link>
Blizzard Entertainment

This is a common style of phishing mail which appeals to the player to stand up and be counted or face dire consequences to their account.

It is very important to remember that we have no plans to delete accounts and this type of scaremongering is designed purely to steal your account details.

Of course the language used and the spelling mistakes also highlight the fact that it is a fake e-mail. :)

Dear customer,

Due to suspicious activity, your Battle.net account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail Account

After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

Step 3: Restore access to Your account

We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: <fakelink>

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at <fakelink>

Sincerely,
The Battle.net Account Team
Online Privacy Policy

A professional looking mail and containing just the right information to make it look legit. Beware though as this is also a fake e-mail. If you mouse-over the links you can see that they are being re-directed to a different site.

Dear,

The status of your Customer Support ticket #******* has changed to “Resolved.”

You can view your ticket details by logging into World of Warcraft, or by clicking the link below:
eu.battle.net/support/ticket/thread/*******

If you can’t click the link above, copy and paste the entire URL to your browser.

This is the latest response from Customer Support:
Hello Rasmus,

Thank you for contacting Blizzard Support. Please can you contact our Payment Support team on the following email address:

wowpaymentsupporteu@blizzard.com

Should you have any further questions or concerns, please do not hesitate to contact us again.

This one is actually using a genuine template mail that we use in order to bolster its authenticity but it is actually fake. Be very careful if you receive one of these mails to check the links and to check the name on it. If it is not a name you recognise or you haven't contacted us, then there is a much higher chance that it is a fake e-mail.

As always if you are ever in doubt, please do not click the links and instead contact us directly.

Greetings!

When you take to the skies astride a blazing, eagle-winged lion, your comrades will know you mean business. Serious business. So saddle up, because this flying mount will travel as fast as your riding skill will take you, and it can even travel at 310% speed if you have at least one other 310% speed mount.

Once activated, this World of Warcraft in-game pet key applies to all present and future characters on a single World of Warcraft license.

we will be complimentary seat to the 5,000 players. You can log Web site application, we will be lucky players randomly.
Please click this link to apply

( link )

If your account passes the check successfully, we will send a code for the Winged Guardian flying mount to you in the form of e-mail.

The World of Warcraft Support Team
Blizzard Entertainment

A fairly standard method of phising for your account comes with ways of promising you new and exciting gifts either for free or by entering a prize draw. Obvious grammar mistakes aside, this is not something we are offering and this mail is a fake.

Greetings from Blizzard Entertainment!

We’re gearing up for the forthcoming launch of Diablo III and would like to extend you an invitation to participate in the beta test. If you are interested in participating, you need to have a Battle.net account, which you can create on our Battle.net website.

We will flag you for access to the Diablo III beta test when we begin admitting press. You do not need to go through the opt-in process.

To secure your place among the first of Sanctuary’s heroes,Please use the following template below to verify your account and information via email.

* Name:
* Battle.account name:
* Password:
* Country:
* E-mail Address:

Thanks and see you all in the Burning Hells!

Diablo III FREE for 90 Days - Offer Expires January 23
Eligibility: You must be 18 years or older, and October 18, 2011 or before registration of the "World of Warcraft" and you continuously use the full version of accumulated more than three months.
When you get Diablo III, and other exclusive offers, you can download the player as soon as possible. Tyrael's Charger will be available with Patch 4.3, and beta access will go live with the beta launch.
Click on the link below to verify your Battle.net account,you will get: Diablo III FREE for 90 Days.

To read our privacy policy visit: <link>
Blizzard Entertainment
P.O. Box 18979
Irvine, CA 92623
Account & Technical Services
(800) 592-5499
<link>

While these e-mails contain a lot of previous warning signs to show they are phishing mails, we've added them to the list due to the fact that a lot of players may start to receive these or similar mails in light of recent Diablo 3 events.

To quote an earlier post, we don't need your password – we have no use for it whatsoever. So if a mail asks for your password or to verify your account, it's not us!

Reserved for new examples – COMING SOON!

Good advice guys, thanks.

No, that’s not from us Psykko.

Thanks for all your reports (yes, they all look like lovely fakes) – it seems that the mythical ‘Game Master Dunarthra’ has been rather busy (trying to steal accounts!). >.<


Pylane, in answer to your query; no, these are not current, nor ex-, Blizzard employees.

If I may, I shall quote for you a small section from the start of this sticky thread;

Why am I getting these emails in the first place? I don’t remember giving my email address out to anyone.

Most commonly, ‘databases’ of potential player email addresses will have been compiled through the use of any unofficial World of Warcraft web pages (such as fan sites, wikis or guild websites), as well as social networking sites (like Facebook, Myspace or Bebo), so your email address will likely have been on display inadvertently without you ever specifically giving it out.

The most reliable way to stop receiving these types of mails, and also to provide an extra bit of security to your account, is to consider creating a new email address purely dedicated to World of Warcraft and Battle.net use.

During the creation process, do make sure that no part of the new address or password coincides with your previous email addresses, passwords, nicknames or profile information on any of the above sites, and that you avoid using this new email account for anything other than Battle.net in the future.


NOTE: As touched on above, with your Battle.net email address also functioning as your account name, using a dedicated, secret email account can actually help secure or increase the protection on your World of Warcraft account.

Woly, if you didn’t make any changes to the contact information on your Battle.net account yourself then I’m afraid you can assume that this email is likely a fake.

Looking at your account from here, I can see some changes but they appear to have been done since you made this post, and likely by yourself, so hopefully you don’t have to worry on that account.

If you did input your information into a potentially dodgy Battle.net imitation site, however, then you may definitely want to consider changing your password (just to be on the safer side). :)

Hello there Aerea,

While you’re obviously correct in many respects, a new email address created and used solely for Battle.net purposes would be far less likely to receive any kind of phishing mail attempts (as it wouldn’t have been made publically visible or available online in any form).

You’d obviously also hope that any old phish-happy addresses would then either be abandoned, or it would become far easier to identify that any mails received were of the fake sort. :)

I’ll definitely consider ways to make the wording in that section clearer though, and will bring it up in an upcoming non-panda meeting, so thanks very much!



Good evening Supermilf,

That looks rather like a genuine mail, as Aerea says, especially if it contains your actual name and payment information, so please don’t be too alarmed by the delay in it arriving at your end.

Another hopefully useful clue will be the fact that it doesn’t look like you’re being linked anywhere dodgy from the mail, which is obviously the whole point of phishing and scam mails, so if you’re still at all worried (and there are links in there that we’re not seeing due to the pasting process) then you can simply avoid visiting them directly and ensure that you continue to only ever manually navigate to your Battle.net Account Management pages using the basic URL. :)



Greetings Metero,

It looks like the mail your friend received was actually a genuine notification that someone else had changed the email address associated with their Battle.net account, as he’ll obviously likely be aware by now. :(

If he’s submitted our online webform then he’s already done the right thing, but I’m afraid he’ll have to be patient in the meantime as our Account and Payment Support team is still working through a significant backlog since the launch.

This isn’t perhaps the best place to report this kind of situation, but we do have a dedicated thread regarding compromised accounts so I’d recommend him to read it through and take the time to fully scan and secure his PC while awaiting a response to his webform – this will ensure that he’s in the best possible position for when his account is returned to him.

►► Account Hacked/Stolen? CLICK HERE! ◄◄
http://eu.battle.net/wow/en/forum/topic/900641512

[Guide] How to SCAN and SECURE your PC
http://eu.battle.net/wow/en/forum/topic/900641537

Edit: I see you found the thread! :)
My advice here still stands, however, so please ensure your friend reads it all through as soon as possible.

Hello there Jevnaker,

I certainly don’t see any changes to your Battle.net account and, considering that all the contact information in that mail seems to be US-based, I’d also assume that one to be a fake. :)

Sorry, G�lgamesh, we seem to have posted at very similar times so I unfortunately didn’t see your new post.

That is indeed a fake, and I’ve removed the URL from the mail for now, as it’s not always wise to leave a dangerous link like that visible (curious people may be tempted to visit it!).

Thanks very much for the report though! :)

Good afternoon Zeadens,

That one is as fake as a very fake thing in the month of Faketember – please do ignore it, and its horrible sentence structure and grammar. ;)

As Aerea says, any issues regarding compromised accounts should be posted in the following sticky;

>> Account Hacked/Stolen? CLICK HERE! <<
http://eu.battle.net/wow/en/forum/topic/900641512

And thanks for the post Aurok. =)

Psofakoufala, if your actual account is fine, then you know for certain that the mail you padted there is fake. =)

Volk�n, lol@dattle! I've snipped the screenshot for security reasons, but basically he was mousing over one of the legitimate looking links in the mail and it pointed to something clearly malicious.

Adanar - Fake.
Менянет - As it's not in Russian, it's fake. =)

Hello there Tesca,

Having checked your Battle.net account, and considering that the mail wasn’t sent to your current Battle.net email address, I can confirm that this mail does indeed appear to be fake. :)

If you ever get a similar mail in the future, and are worried by it, it’s always worth visiting your Battle.net Account Management pages manually (i.e. without clicking on any links in any mails) just to check for yourself whether anything appears to have been changed.



Good afternoon Ol�via,

Unfortunately some of these mails can be extremely realistic, so even the most careful person can be taken in my them at times, but I’m really glad to hear that you didn’t provide any further details that those you mention. :)

Don’t forget that, as your Battle.net email address is also half your login details, it may be worthwhile selecting or creating a new email address to associate with your Battle.net account (just to ensure that none of your new details are known by these individuals).

Not only are the legitimate links US based Zerynthia, but the main verification link is not even a Blizzard owned domain!

Ubedeadsoon, some interesting ideas there, although I’m afraid I can’t really go into any that we either may already be doing, or may potentially be considering for the future.

This forum may perhaps not be the best possible place to provide suggestions on how to improve the game from a development side, however, so you’d be welcome to duplicate your thoughts over on our General discussion board;
http://eu.battle.net/wow/en/forum/872818/



Kasindre, please do not be tempted – your first instincts were correct, and I don’t see any email changes made or attempted on your Battle.net at all.

Don’t forget that, if a genuine change had been made, there wouldn’t be an email link option to prevent the change, and your Battle.net account would almost immediately become impossible to access from the email address you previously had attached.

Therefore, if you’re ever in doubt about a mail like this again, you can always manually navigate to Battle.net (without using any mail links!) in order to confirm you can still login without any issue. :)

Pantaghana, that email is very much a fake (as Tribble says), and you certainly shouldn’t worry about us ever contacting you in that manner and threatening to delete your characters or account.

You might also want to take some time to read through a few of the general indicators of fake emails, in the first posts of this topic, as they may be able to also help you identify these scam attempts. :)



Tribble, saturated WoW?! Quick, get the sponges!



Gismokvack, as you’ll have seen when you genuinely changed the email associated with your Battle.net account, this mail is actually a fake (and many other players in this thread have also been told by malicious parties masquerading as us that their email addresses have been changed to ‘k***@hotmail.com’).

I’m glad to hear that you didn’t click on the link itself, and would definitely recommend you have a read through the rest of this topic at some point if you’ve time. :)

Good evening Moofassa,

Quite right that it’s a fake, as you can also clearly see from the Sender information, but thanks for taking the time to post it nonetheless. :)

Fail indeed Neva�h.

Good work Takana.

It's a fake Glaciesira and I have removed the link from the post for you. :)

Tinytotem, Svindel and Boathed - In case you didn't know already, they are all fake.

Good evening Lightpenguin,

Thanks very much for taking the time to report this to us – I’m afraid I’ve had to remove the URL from your post, as occasionally curious forum goers can be tempted to visit those kind of sites (to see what they look like perhaps!), but you’re quite right in naming the URL as leading to a fake site, and in identifying that mail as fake also.

It’s great to hear that you’ve changed your email as well, as hopefully this means any fake mails will only continue to be sent to your old address (making them doubly easy to spot), but if you get any new examples at all then you’re welcome to post them in here. :)

It is a fake e-mail Shaenai so please do not click on the links. :)

I have also removed them for you.

As Wolfshape kindly points out, both the mail you linked Sactoro and the one linked by Goamick are fakes.

Please remember to remove any of the links if you are going to post a copy here. This is to help prevent anyone from following it and potentially putting their account at risk.

You are very welcome to pass any fake e-mails you receive Paldino onto our hacks@blizzard.com email address. :)

Should you feel that your registered e-mail address is compromised, then it is a good idea to change it as soon as possible. Creating a new address can help keep your account safe.

The reason we ask players to remove the links before posting them in here, is to help prevent anyone else being curious and following them "just to see what happens". This will then help stop them from becoming compromised.

By posting the complete mail here with links, makes it no better than if they received it themselves.

Please remember this if you wish to either a) warn us about it or b) confirm if a mail is genuine or not.

Thanks. :)

Foinikas – Fake, no beta any more.

Lusitanico – Thank goodness for your anti-virus software!

Jagertje – Also fake. The biggest clue is the dodgy URL which I have snipped out of your post.

I replied to your other post in the Compromise sticky Moeke. :)

While I appreciate you are worried Suvs, all posts in caps lock are frowned upon and I would suggest that you re-edit your post.

Once you have done that, you should take the time to read through these stickies as they contain information on how to keep your computer safe and secure.

►► Account Hacked/Stolen? CLICK HERE! ◄◄
http://eu.battle.net/wow/en/forum/topic/900641512

(Sticky)[Guide] How to SCAN and SECURE your PC
http://eu.battle.net/wow/en/forum/topic/900641537

If you are going to post again, please turn off the caps lock first. :)

Suvs, I do hope your account issues have long been sorted now, but if you have any further queries related to account security then please don’t hesitate to post them in the dedicated sticky topic Tailyda links above. :)



Stubboria, unfortunately some of these would-be scammers have indeed been spoofing their emails so that they appear to come from legitimate EU support email addresses (of which WoWAccountReviewEU@blizzard.com is one).

Thanks for taking the time to post this report, however, and do be wary of ‘Game Master Dunarthra’ – seems to have been a busy chap! >.<



Morstis, I believe I already replied to your dedicated thread on this subject, but I’ll link it here for anyone interested in the response. :)

Phishing scam
http://eu.battle.net/wow/en/forum/topic/1549436778

Zerohero, thanks very much for taking the time to report this one, but please make sure you remove the URLs from any mails you receive before reposting them on the forums – you can leave the genuine URLs in, if you like, but it’s generally safest to snippy them all. :)



Arcbeetle, your case is actually rather complex and I’m afraid it really doesn’t relate to this thread in any way at all. I shall answer for you here, in the hopes that you return to read it at some point, but you will need to take the matter up with our Account and Payment team in order to actually get things sorted out.

So it seems that, after the Paid Character Transfer you paid for in October 2009, there was a chargeback made which unfortunately caused the character to be locked until such time as you’re able to repay the sum owing. I can see that our Accounts team sent you a mail in February with the links you’ll need in order to perform the necessary steps, and that they also sent you a further mail in October containing some additional information, so I’m sorry to say that if you no longer have access to these mails then you’ll need to request that they be resent once more.

If you’d like to discuss the situation directly with one of our support agents, please do call our Accounts department using any of the numbers listed under the link below;

Account and Payment Support
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=23210

And if you’d prefer to email then you’re welcome to make use of our online webform instead;

Online Email Webform
https://eu.blizzard.com/support/webform.xml?locale=en_GB



Naturewrath, if you’re certain you didn’t alter the email address yourself and you’re still able to login using your Battle.net account without any issues , you should be fine to simply ignore the mail completely.

If you’re worried by the fact that you received one of these emails at all, however, then you could still consider changing the username associated with your Battle.net account so that you can be sure none of these malicious individuals have your new address on their lists anymore. :)

With regards to the disconnections, I admit I don’t see anything particularly odd regarding your account so I’d actually assume that these issues were perhaps caused by some technical or connection problems we or you may have been having at the time.

Sanoor, I can categorically assure you that we certainly haven’t been giving out player email addresses to the people responsible for this kind of mail. As I said to another player with a similar query not too long ago, increased numbers of phishing mails being sent out means an increased number of players getting their accounts compromised, and this in turn unfortunately means more incoming help requests from players suffering the after-effects as well as additional work for all of our support teams in recovering, securing, investigating and restoring the accounts in question.

Please do be aware that even social networking sites are necessarily 100% secure, that potentially having some dubious software on your system may mean that pernicious parties can glean your email address, and that keeping the same email address for a sustained period of time increases the chances over the months and years for the undesirable disseminations of this information.



Nagaballs, if you’re asking whether you can send screenshots to our hacks@blizzard.com email then, while I’m sure they would accept them, do bear in mind that it may be of more use to simply have the body of the email forwarded (with the Header information pasted in as well).

As for posting screenshot URLs here, you’re welcome to do so as long as your own email address and any fake link destinations remain masked at all times. :)



Cellane, Meltdown, Bitem� and Shammoz, thanks for your posts – some good examples and some good tips and information as well. :)

Hello there Thanya,

This is indeed a fake mail (and I imagine that the URL link will either not be entirely correct, or may lead somewhere else entirely once you click on it to visit the site itself), so you can most definitely delete it without having to worry further. :)

As you’ll hopefully have seen from the posts at the start of this thread, we won’t ever threaten to suspend an account in this way (and certainly won’t request verification by logging into a website) – if an account was actually being sold, or was involved in online trading activities, it would most likely be locked first and a mail sent afterwards (and usually you’d then need to provide the required information via our official online webform).

Hello Jaerou,

We do indeed have an email address you can forward these kind of mails to, but it’s actually the same one for both the EU and the US – hacks@blizzard.com

It’s great to both hear and see that you’re remaining vigilant and appropriately suspicious when it comes to this kind of email though, and thanks in advance for any you report to us via the hacks address. :)

Fimwyn, most definitely a fake – the US contact information, as well as the dreadful English, are another good indication that it’s not a genuine mail.

Thanks for posting it up though, and for removing the URLs first. :)



Zentobra, if they’re going to your old address then you can already be certain they’re not genuine mails. :)

The US contact information is, however, obviously another good indicator so it’s nice to hear that you’ve been keeping your eyes out for tell-tale signs of this type of thing being a scam.

Boid Please contact our Account and Payment team about this matter if you have not already done so.

Information on how to contact them if you need it, can be found here.

Account and Payment Issues
http://eu.battle.net/wow/en/forum/topic/900641315#6

Caciattore Thank you for letting us know about this fake e-mail. Please remember to remove any links before posting though. :)

Kargun This appears to also be a bogus mail and I have removed the links accordingly.

Ministabator You are welcome to forward any of these mails to our US Hacks team using the e-mail address given on the first page of this sticky.

Good to see your mind is put at rest Zhonya. :)

Thank you for the heads-up Zchr!

I have gone through this sticky and added some of the more popular fake e-mails to the example list on the first page.

Have you received an e-mail from that address recently Deathblood?

If you have, you are welcome to post the mail header information and we can check it's validity for you. :)

Deathblood, thanks for returning and posting that Header information. As you can hopefully see, while the individuals or corporations sending this mail have done their best to make things look as official as possible, the two ‘Received: from’ lines have various tell-tale signs that can help you identify that the mail is fake and that the apparent sender information isn’t relevant;

Received: from email.blizzard.com ([203.116.173.180]) by SNT0-MC1-F44.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

Received: from ufjmuthmi ([192.168.1.116])

(envelope-sender <newsletter@email.blizzard.com>)

What Tailyda may perhaps not have mentioned above is that the Newsletter@email.blizzard.com address is actually still a valid address (assuming that the email being received has actually been sent from that address, rather than it having been ‘spoofed’ to appear that way), and if you’re subscribed to the Blizzard newsletter then you should actually find that upcoming editions also arrive from that address.



Cernas, you shouldn’t generally have to worry about opening and simply reading a mail that you suspect may be fake. As Deathblood says, most respectable email providers will tend to block the more dangerous email content unless you actively choose to override this safeguard, and in the majority of these type of phishing or scam mails you’ll usually find that the dangerous part is the destinations that the URL links in the mails will take you to – these are something I wouldn’t recommend taking a look at, no matter how curious you may be!

Hello Meavin,

While the ‘billing@blizzard.com’ address should normally be a genuine sender address, albeit a US based one, if you’re receiving this kind of email from such an address then you can be certain that the details have been ‘spoofed’ to appear as thought they originate from us;

So, this email comes from someone showing as @blizzard.com or @battle.net. That means it’s real, right?

Unfortunately, no. The appearance of an official email address as the sender is not enough to guarantee an email’s veracity, and you should still remain cautious. This is due to the fact that it is possible to alter the appearance of a sender address in the “From” field of an email, and this process (known as ‘spoofing’) may cause a malicious email to seem as if sent from Blizzard.

In order to verify the actual sender address of any email you receive, you will need to check the email header information.

What’s an email header? How do I find it, and what am I looking for?

Most email clients and providers will allow you to view more information about the email than is normally shown, including specific details about the sender, the path the email took in reaching your inbox, and any other redirections that the email may have been subject to prior to arriving in your mailbox.

For more information on how to check this data, including some specific details for some of the more common email providers, please see our Support site article;


How to Identify "Spoofed" Email Addresses
http://eu.blizzard.com/support/article.xml?locale=en_EN&articleId=43010

As for the content of the email itself, it’s very much fake – we don’t send mails threatening to take account action if players don’t log into a website to verify their information and, as you can likely see, your account hasn’t been suspended either.

Do please take the opportunity to read through all the posts at the start of this thread to further familiarise yourself with some of the best ways to determine whether an email like this is likely to be fake or not, and if you wish to post any further examples you’re unsure of then please do so in this thread (but with URLs removed beforehand). :)

It is always a good idea to change your registered e-mail address if you get sent fake e-mails to it. Creating a brand new e-mail address that is only used for logging into the game is recommended.

This Support Article may also be of interest.

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=42410

Sataanus if your account is constantly getting it's e-mail address changed without your knowledge then it may be worth contacting our Account and Payment team so they can take a further look.

Hello there Gildorc,

That doesn’t look like one of ours, as I’d imagine you must have an EU WoW account and the mail appears to be directing you to the US support department. I’ve also checked your account and can confirm I don’t see anything that could indicate a change like this having been made. :)

Incidentally, if you’re wanting to check on your account after receiving a mail that could potentially be fake in the future, please navigate directly to https://eu.battle.net/account/management/ rather than clicking on any links in the mail in question, and it should hopefully be obvious to you whether any details or information has been changed.

Hello there Adelee,

That’s about as fake as they come, so I’m glad if you’ve not been taken in by it. :)

Aside from the region discrepancy (sending you to the US when you’re in the EU), we’ll never ask players to login to their account in order to verify something. Our genuine mails requesting information will only ever direct someone to return to our official webform and provide the details that way, so that’s something to bear in mind if you get any more of these dodgy mails in the future.



Greetings Hennessy,

Have you considered trying out the advice given at the start of this sticky concerning creating a new email address for dedicated Battle.net use? If you don’t put that new address onto any other sites, or give it out to friends unnecessarily, it’s extremely unlikely it’ll receive any more phishing mails (and any sent to your old address will clearly be fake). :)

Shinnikva It is indeed good advice which is part of the hook to get you to click the link. Rest assured however that it is a fake e-mail designed to steal this account information that they're telling you to keep secure!

If you've clicked the link already then it would be worth making sure that your computer is secure and if this is your registered e-mail address I would strongly recommend that you update it to something else.

Tin�rion Thanks for the heads up. :)

Links can be spoofed to look almost identical but actually point to somewhere totally different. This is definitely worth looking out for to prevent getting caught out.

Thank you for the heads up Talidor and we have added this mail to our front page. :)

Boy is that a bad mail Treehugga. =(

Have you tried checking with your e-mail provider Q�laman?

Make sure that you are getting the correct mail header and if you are not sure how to do this, we have a Support Article here that may help. :)

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=38550

Nice tip Foxen.

18/02/2011 9:39 AMPosted by Xonicy

Not adding anything constructive here, but some of these mails make me facepalm. ^^

Me too...

Yes Xreaper, that one has caught a few people out, basically because it looks so visually convincing. But your tip of checking where the link goes before clicking on it is a very valuable one.

Thanks for the post Pelagius, that's a new one on me too.

Thanks for the report Ev�lslay. I have had to snip out the dodgy link in the middle, hope you don't mind. =)

Thanks for the reports guys, have a nice weekend. =)

Thanks for all of the reports guys.

They said (quote) ''If you can log in, then there shouldn't be a problem.''
Is this a good rule to go by?

If the email is accusing you of selling your account, being compromised, buying gold etc then yes, that is a good rule of thumb. But that is not the only tactic used by these nefarious companies.

All of the emails posted since my last blue response are indeed fake. The clues can be found in the original posts of this thread. =)

Anarchist, thanks for the report! :)



Sanju, thanks also for taking the time to post about this particular mail. From the screenshot and the text content, it does actually look and sound fairly realistic, so well done for remaining vigilant and not falling into the trap. :)



Byggvir, hopefully you’ve had a chance to read the section at the start of this topic about email address “spoofing” and how it can be used to make any email seem like it’s come from a legitimate source without it actually have been so.

With regards to the specific email in question, even without having seen the specific text or the Header information, it sounds very likely to have been a fake. :)

Incidentally also, there’s no such thing as a PC-based ‘dynamic package of code protection system’ or ‘package of dynamic Battle.net Mobile Authenticator’, so please be very wary of any offers that may seem rather fantastical or somewhat against any information you’ve already heard about our security systems and products on offer.



Shadolus, you may also want to have a read through the section regarding email headers and “spoofing”, as this is a good thing to check if the contents of the mail look right but things still seem a little phishy.

Although no system is 100% foolproof, both the Mobile and physical Authenticator tokens are still the best means available to keep your account safe – this doesn’t mean you can click on fake links without worrying necessarily, but if a mail tells you the details on your account have been altered then there’s far less likelihood of this actually having happened.

Don’t forget that the best way to check whether your account has been suspended or actioned is to navigate to the Battle.net login page yourself and check there. We won’t warn you prior to suspending your account (unlike the majority of these mails threaten), so if you can still login then that’s a good sign! :)



Bloodylev, another mysterious ‘package of dynamic Battle.net Mobile Authenticator’ mail! Well spotted with the bad English, both spelling and grammar! :)

Brainpicker, some nice proof that going with a new email address can make it nice and easy to identify scam mails sent to the old address. ;)



Jezzem, likewise! We know when you’ve changed your registered email address, so we won’t carry on sending mails to the old one. That’s also quite a longstanding fake, and we don’t ask for ‘account ownership confirmation’ by clicking on a link like that. :)



Hardys, correct – it’s completely fake. If you ever receive a mail telling you your Battle.net account has been locked, the best thing to do is navigate to the Battle.net Account Management page manually (or simply open the game client) and try to login there… no message saying your account is locked? The email’s definitely a fake. :)

Thanks for the report Bubblelips and no Hordegirl, we do not send out mails in alien languages.

Kedevera don't forget that there are some legitimate promotional emails offering some customers 7 days of free game time. Be sure to check the advice in the original posts in order to verify whether or not these mails are fake copies or legitimate offers.

Advarius, thanks for the report. As mentioned previously, the easiest way to check the legitimacy of mails like that is to try logging in to your account(s). If they are not blocked then it is clearly a fake.

Teamie - I'm afraid I don't fully understand, but if you are worried about clicking links that say use the 'battle.net' domain (double-check it is spelled correctly), then you can always enter the URL manually. Sorry to hear that your account was compromised, please have a read of our special sticky on that subject:

>> Account Hacked/Stolen? CLICK HERE! <<
http://eu.battle.net/wow/en/forum/topic/900641512

Well, first of all, if you do not have a US account then any mail pointing you to the US version of Battle.net will almost certainly be fake and can be dismissed right away.

However, I'm not sure what we can 'add' to our mails as it will only be copied straight away anyway. However, the visual appearance/content should never be relied upon (although most of the time it can be a good indication). Rather, you should double-check headers and link destinations (including the spelling of those destinations - 'Batttle.net' can be a mischievous example if the email is scanned quickly). If you read the guide in the original posts and check each email received armed with that knowledge, you should have no issues identifying a fake email. And if you do have any trouble, then that is what this post is here for. =)

No Kedevera, while that appears to be from a Blizzard domain, it is not an email address that we use and is almost certainly masked in some way.

Thanks for the tip Advarius. =)

Thank you for the heads up Carabar and for passing the information on. :)

Thanks for the report Nexarion, although as Nephadne mentioned in her edit, we would appreciate it if all posters removed the dodgy URLs before posting such examples.

=)

Ooo nice slidey bar with no links. Aren't you posh! Thanks Cii. ;)

Hey there Rokan!

Thanks a lot for your post. To clear up any confusion, I have just sent you a genuine survey email. If you receive it OK then everything is fine, if you do not receive it within 24 hours, please let us know and we will take a closer look for you.

I sincerely think that the email you received is a fake but I obviously cannot 100% confirm that without physically seeing it myself, so please carefully read this guide and take every precaution not to fall for a fake, no matter how convincing.

It is indeed a fake Daevotx and as such I have removed the link from your post.

That is indeed a fake e-mail Nyaya. We are currently running an e-mail inviting players back with 7 days of free game time, but it doesn't look like that. :)

If you are ever in doubt, you can check your Battle.net Account Management page or speak with our Account and Payment team for confirmation.

Yes Scarlack it is indeed an attempt to steal your account details and the link should not be followed (which is why I have removed it from your post). You can however report this player to us via the in-game petition system.

Cordelia, as the mail in question seems to point you towards US support, I’d be very inclined to believe it to be fake.

Checking whether you’re being directed towards the appropriate regional links for your own location is often a good way to work out whether a mail like this is likely to be genuine or not, and if you’re still unsure then it’s best to visit your Battle.net Account Management page manually (without touching any links that might be in the mail) and see if things are the same as you left them. :)



Andronus, aside from the fact that the links seemingly point you towards the US sites (although I’d be almost certain they don’t actually lead there when clicked on!), we don’t ever send any mails of this kind.

If, for whatever reason, an account has been found to be participating in gold trade and actioned as such then we would always suspend first and then send a mail informing the account holder what had been done. So, a good check to perform if you ever get any kind of mail like this is to try logging into the game first – if you can then it’s likely a fake.

And in this case, it definitely is! :)

Amalisa, I’m afraid we’re not really in a position to speculate how this kind of information may have been obtained by these individuals, but do bear in mind that information such as an old WoW account name may have been obtained at some point in the past, or your email account could potentially have been compromised (or an auto-forward set up).

If these mails are bothering you, however, then please consider creating a brand new email account purely for Battle.net use – if kept private, this mail account should hopefully receive no fake or phishing emails whatsoever, and you’ll correspondingly be able to identify any mails sent to the old address as dangerous. :)



Morstis and Pandia, thanks for the posts. :)



Rokan and Pelagius, both nonsense and fakery indeed! Great to hear you’re keeping a beady eye on those URLs though, as well as looking for dodgy spelling and grammar. ;)



Extrovert, glad you found the thread useful, and hopefully you’ve already taken the time to read through the first few posts describing the practice of ‘spoofing’ email addresses (and how a mail can seem to come from us when it’s actually from someone entirely different).

Also, thanks very much for removing the URLs entirely – always a good idea to be on the safe side, and we’re able to see previous post edits anyway. :)

We have indeed sent out a survey to players Jorjina but it is important to check the headers of the e-mail to ensure that it is legit.

How to Identify Fake or Phishing Emails
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=38550

If you are ever unsure then do not click the link. :)

There's one easy to way to tell if such a mail is fake Bigredtroll; try logging in! If you can login fine, then it's obvious right away that the email is a fake. =)

Thanks for the reports guys.

Gunderina, not sure what they are up to either, but as you point out, the US reference and the fact that you could login to the game are solid evidence that the email was a fake.

@Andonna - Hehe.

@Sanguinius - It's a US mail, so unless you play on US realms, you can instantly dismiss it as a fake. =)

Have a read of the original post Zoxiene. Unfortunately there may never be a way to stop spam, but it does offer some suggestions on how you can go about limiting it.

Hi there Remsu,

Good to see you’re on the lookout for these dodgy mails, particularly as we do occasionally send out that type of mail to players will eligible inactive accounts. This certainly was not one of those genuine mails though, and I’ve removed the nasty URL info from your post accordingly. :)

Morstis, hehe, that sounds like a very important notice indeed! ;p



Heaw, that really depends – the newsletter@mail.blizzard.com email address is one that we use to send out certain information or promotional invitations, but it’s always best to remain vigilant when it comes to mails appearing to originate from this address, as we’ve seen a large number of fakes recently. :(



Khorz, great to hear you’re checking the Source or Header information from these mails – it’s usually pretty clear when one does that they’re as fake as fake can be. ;)



Namisha, as you don’t appear to have created your Battle.net account recently (nor changed the mail), I’d be almost certain this email’s a fake (like almost all the rest).

It’s always worth either checking the Header details, or finding out where the embedded links lead to (without clicking on them, of course!), as this can be an excellent and reliable indicator as to the veracity of the mails. :)

Hello there Ashima,

I’ve done a tiny bit of snippy in your post, but thanks very much for taking the time to pop that mail into the thread – it’s definitely a fake (even more so with the strange email address at the start!). :)

Good evening Ariala,

Totally fake (and thanks very much for already removing the URLs). :)

For a start, the quality of language used is pretty bad, and also I’d imagine that you probably have been using your account, so it wouldn’t make sense that we’d close it for inactivity (not that we do this either, mind you!).

Crazystar, thanks very much for the post, and the snippage looks just fine already! :)



Sidhuriel and Maideyi, thanks also for taking the time to post these up. :)

Please make sure you remove any and all URLs or links from the mail bodies beforehand in future though – we don’t want to take any chances with anyone else’s account either.

Squigol You should contact our Technical Support team about this matter. Information on how to contact them can be found here.

http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=22330

Sliverblade Thank you for the tip. :)

That would indeed be a fake e-mail Pinkygrub. :)

Good advice there Ikthaleron but make sure you don't accidentally click the links when you mouse-over!

If you have a junk mail filter in your e-mail it may be worth ensuring that they get sent there. Many e-mail providers collate information from junk e-mails and it might be worth contacting them to see if there are any actions you can take to help reduce the spam.

Thanks very much, Maideyi, both for posting and for the updated screenshot. ^.^

It’s great for others to see quite how good these fake mails can look, but obviously it’s not so often we get safely postable versions for the forums. :)

Hello there Bubblenia,

That one is totally fake (and if you have a look at the URL I’ve snipped out, you can see it doesn’t lead to one of our websites at all), so you’re welcome to just ignore and delete it without worrying any further. :)

As for the email appearing to originate from an @blizzard.com address, hopefully you’ve already seen the following section at the start of this very topic;

So, this email comes from someone showing as @blizzard.com or @battle.net. That means it’s real, right?

Unfortunately, no. The appearance of an official email address as the sender is not enough to guarantee an email’s veracity, and you should still remain cautious. This is due to the fact that it is possible to alter the appearance of a sender address in the “From” field of an email, and this process (known as ‘spoofing’) may cause a malicious email to seem as if sent from Blizzard.

In order to verify the actual sender address of any email you receive, you will need to check the email header information.

What’s an email header? How do I find it, and what am I looking for?

Most email clients and providers will allow you to view more information about the email than is normally shown, including specific details about the sender, the path the email took in reaching your inbox, and any other redirections that the email may have been subject to prior to arriving in your mailbox.

For more information on how to check this data, including some specific details for some of the more common email providers, please see our Support site article;


How to Identify "Spoofed" Email Addresses
http://eu.blizzard.com/support/article.xml?locale=en_EN&articleId=43010

15/05/2011 19:10Posted by Fairyelf

Edit: I’m afraid I’ve had to remove the URL information from your post, as it’s never a good idea to post links to dangerous sites on the forums in case curious readers are tempted to visit and take a look.

Definitely correct there.

No problem Penanna, thanks for the report!

Then don't advertise it even further Holyspecc! =D

I have to reiterate that, although it is possible for us to tell you that a specific email is fake, it is not always possible to remotely determine the actual legitimacy of an email.

However, I can tell you that the text you pasted into your post Ydris is indeed from a legitimate satisfaction survey that we send to some players from time to time. Ensure that the link points you to a blizzard.com domain and you should be good to go.

Yes that is fine, Taikonaut as that is the company handling the surveys for us. However, the actual link in the email should link you to an email.blizzard.com domain and then redirect from there.

Thanks very much for the posts (and for the advance snippage!), Maideyi and Furymouse – two of my current favourite phishes! ;)

If you've not had the chance to read it yet Blackskipper, may I suggest you take a look at this handy player written guide on what to do should you get an in-game whisper like this. :)

I have also removed the link from your post to prevent any curious people from visiting a dodgy site.

[Guide] 'Phishing' whispers
http://eu.battle.net/wow/en/forum/topic/2037893894

Hello there Morstis,

If you haven’t made any changes yourself, and you can’t spot any when you log into Battle.net by navigating there safely yourself, the mails are probably indeed just fakes. :)

I don’t see any changes marked on your account here either, so that’s a good sign, but a quick check yourself is always the best way to confirm any suspicious mails of that type.

Sh�mbl�s, if you don't have a US account then this is a fake. It's one of the most straightforward identifying factors in any legitimate-looking emails.

Morstis and Paspas both these e-mails are fakes. Thanks for letting us know. :)

Hello there Eluta,

Glad to hear you’re unsure about that particular mail, and hopefully you haven’t followed the link within or provided any of your details to these people.

It is, as you’ve hopefully realised, a complete fake, and this can be seen from both the content of the mail (we never contact players saying we think they may have done something wrong – if we have evidence then we’ll usually suspend the account first and inform afterwards) and the URL itself that contained some very suspicious looking typographical errors! ;)

Good afternoon Levines,

If it starts ‘Dear Players’, it’s already a really bad sign – we have been sending out genuine promotional mails to inactive WoW accounts inviting them back to try out the game again now that Cataclysm has been launched, but real versions of this mail should really be addressed to the First Name given to us at the time of account creation.

The fact that you received this to a different email address is obviously another clue, unless you had an old forgotten account of some kind attached to that address, so all in all I’d be almost certain it’s a fake. :)

Don’t forget that, for things like these promotions, it’s often possible to see if you really are eligible by logging into the Battle.net account in question and seeing if any offers are present or pending on the account selection screen (not this time, of course, but in general terms!).

Well, let's not get ahead of ourselves here Sh�mbl�s. While your particular mail may be fake, we do send out legitimate offers of this kind from time to time.

If you have an in-active account Lightguided then you may indeed get an e-mail from us inviting you back. It may be worth checking your junk mail folder in-case you missed it.

More information about making sure you get genuine e-mails from us can be found here.

How to make sure you can receive e-mail from Blizzard
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=30471

As for fake e-mails, if you have one that isn't on the first page of this sticky then you are welcome to post it and we can add it to the list. :)

Greetings Darkm�st,

I can see you’ve since deleted your post, so hopefully you managed to get in touch with our support team via another means but, having looked a the email contents as well as the Header information from the example you provide, I’d actually say that looks relatively likely to be one of our genuine survey emails recently sent out to randomly selected players.

The one point of discrepancy would be the fact that the mail you’ve pasted us doesn’t seem to include your real name information at the start (which our genuine mails usually would). However, if the links lead to the same location that they appear to point to then you’re welcome to take the opportunity to fill in this survey and let us know what you think of the company as a whole. :)



Hello there Sharky,

Quite right to be wary of this one, and it’s obviously a fake so you shouldn’t need to worry about your account safety or security.

Thanks also for removing the URLs/links prior to posting! ;)

Good afternoon Ilja,

That’s a rather unusual example you’ve got there, so thanks very much for taking the time to post it here. :)

Interestingly enough, that’s very similar to some of the mail templates our French support teams use (and I’ve already checked to see if there may have been any reason for us to send you something like this, even accidentally) so, assuming the link contained within leads somewhere rather nasty, you might want to consider forwarding this one to our hacks@blizzard.com email address with the Header information pasted into the body of the mail prior to sending.

A interesting theory Kailana but for every name that you block that sounds like Blizzard I bet someone can think of one more. :)

If you are worried about blocked mails getting through, then it is worth checking with your e-mail provider and seeing what they're doing in terms of preventing fake mails from getting through.

You would be correct in thinking this was a fake e-mail Alixstar. :)

Thank you for posting it here and for removing the offending link.

That one is a very common one Alixstar and is in-fact the first of our examples on the front page of this sticky. :)

Good evening Ultimaz,

The quick answer to that would be yes!

This is actually quite a good way to cut down on the likelihood of falling for one of these scam mails, and indeed if you keep your new address for purely Battle.net use then you shouldn’t find that you receive any phishing or scam mails to it at all (although it always pays to be wary nonetheless!). :)

Thanks for letting us know Hoggaforfan. :)

Fake indeed, Arturin. Thanks very much for taking the time to post! :)

Thanks for the report, Bistabil. That looks like a bit of a variation on some of the other similar ‘your details have been modified’ mails we see, but it’s always a good idea to take careful note of where the contact details appear to refer to – in this case, US support numbers are seldom (if ever!) sent to players in Europe, so that’s usually a good sign that something nasty is afoot.

As for how your email address could have fallen into such hands, it’s often possible for it to be obtained through other varied use of the address elsewhere online, or perhaps even through you having provided it to friends through some form of social media. Something that’s often good to check is quickly popping your full email address into a popular search engine, and seeing if any hits come up!

It's fine Tohrmal, this is the right place.

Although it's difficult for me to answer without more information, and in the end only you yourself can 100% verify the fakeness/legitimacy of any emails that you have been sent.

I can tell you the ones accusing you of trying selling your account are certainly fake. As for the others, well have a read through the original guide as it should help you to spot phishing mails (especially the parts regarding fake links and headers).

You are also free to copy/paste the text content of the mails and we can give you some pointers. If you decide to do this, don't forget to edit out any personal information or potentially malicious URLs.

Thanks for the information Uphirr. And you are right, some fake mails can look almost identical to legitimate ones, meaning that everyone needs to be extra careful when receiving them.

I can categorically state that that was a fake whisper Vengaal. Hopefully, no harm will come of it, but I would highly recommend checking your computer thoroughly for malicious software. This might be of some use to you in this regard:

[Guide] How to SCAN and SECURE your PC - Part II
http://eu.battle.net/wow/en/forum/topic/1820913657

Greetings Morthrinn,

We’ve had a number of players reporting similar mails just recently, all addressed to the same mysterious ‘Zhang’ character, so there’s a fairly strong likelihood that these will all have been fake mails (although the fact that they appear to link to genuine Battle.net sites seems to somewhat confuse the situation).

I’m going to assume that you’re posting from an account attached to the same email address you received the mail on, and if that’s the case then I can assure you that there aren’t any other Battle.net accounts using this email in any of the regions we support, so you don’t have to worry in that regard! :)

Nonetheless, with regards to your query about illegal activity on such a hypothetical account, again this wouldn’t be something to be concerned with – actions will generally occur on an individual account-level, and we can always see which WoW account perpetrated such violations, so there wouldn’t be any spill over.

Hehe no, that is not the case Boartran. As we state in the original guide, there is no way for us to tell you where the emails you receive come from or how the sender managed to get your email address. Only the individual receiving the mails can answer/discover that.

All we can do is educate on how to avoid being damaged by one.

Totally fake Taliz. :)

If you get a whisper from a player in-game such as this Galladriel please report it via in-game petition rather than posting it on the forums. :)

Good evening Williamo,

Your firewall is quite right this time, and that’s a very bad example of a fake mail. :)

If you take a read through of the first few posts in this topic, you should be able to notice some major errors in the contents of this mail (such as terrible spelling and grammar, being threatened with account action unless you do something, etc.), and if you were also to check the Header information I’d imagine you’ll find it’s not from anyone affiliated with Blizzard at all.

It’s good to see that you’re remaining vigilant and wary regarding these kind of mails, however, and you’re welcome to keep checking any with us that you’re unsure about.

Benzo, Totally fake – “Game Master Dunarthra” strikes again!

As for the second example, it’s a slightly trickier one simply due to the fact that it’s based off a real template. Glad to hear your browser’s on the ball though, and hopefully combined with your own vigilance you should be able to keep everything secure. :)

Regarding how your email address may have fallen into third-party hands, it’s probably worth considering whether you use the address for any other websites (particularly any that may be associated with the game in some way, such as fansites or guild pages and forums), as well as whether it may be a slightly more ‘common’ or guessable address – some of these companies will send mails to very long lists of generated email addresses, and obviously some of these will happen to be real WoW players after all.



Nirwenn, Glad to hear you weren’t taken in by it for a second, and don’t forget to quickly right-click and ‘Report Spam’ whenever you get a whisper like that – it immediately passes on the details to us, with minimal fuss for you. :)



Hitmonchen and Iala, Thanks for the tips, guys! :)

Alixstar, thanks for the two reports!

Good spot on the ‘Players’ part at the start of the 7 days gametime mail, and don’t forget that any genuine offers of this kind would be accompanied by the appropriate notification visible within Battle.net itself. :)

As for the Winged Guardian mail, it all goes so well up until the second paragraph! I would also imagine that the “apparent” Battle.net URL was a US one? This is often a good second indicator of fakery.



Greetings Tiper,

Thanks for taking the time to post here, but I’m afraid it’s actually much better to immediately report players like this in-game (by right-clicking their names and selecting the ‘Report Spam’ option). This passes the details on to us directly, places their entire account on a temporary ignore list, and also helps contribute to their account being silenced if enough reports are received – so it’s win-win! :)

Leorell, if you’ve already forwarded the mail to our Hacks team email address then that’s precisely the right thing to have done – they’ll be able to make the best use of the information, and hopefully take preventative measures as a result. :)

Thanks for taking time to make a post here also, however, as that’s not actually one I’ve seen before!



Tanktastick, it’s always a good idea to change your password regularly, whether you’ve had a fake mail recently or not! Glad to hear that you weren’t falling for this particular attempt though. :)



Takao, not a bad tip but don’t forget that we’ll obviously still send mails regarding account actions, and that would probably something players won’t be expecting in advance (or at least I hope not!).

The best thing to do if you ever receive one of these is to see whether it says you will be suspended/banned or if the action has already been applied – we operate first and inform afterwards, so you can always double-check by navigating to Battle.net Account Management manually and then logging in to check. :)

As you can see Hatsune, the link that mail actually sends to you is not a Blizzard domain and is clearly designed to try to steal away your account details.

Thanks for snipping the links Alixstar. I guess the spelling and grammar are the biggest give-aways in that particular mail.

26/07/2011 07:50Posted by Typh

(sorry, life's too short to check 22 pages)

I agree with that Typh, but it's actually the same one as was posted just before yours. :'(

Thanks though. =)

Same.

I myself received this mail this morning on one of my email addresses and no, they are not coming from us J�tten.

It's actually very easy, however I'm obviously not going to explain how to do it here. :P

Thanks Lakey, you might want to check out this thread for more information and advice:

Guide: 'Phishing' Whispers
http://eu.battle.net/wow/en/forum/topic/2037893894

Thank you for the feedback Gorrka and Talvinen. :)

They can be completely random for sure Gig.

The biggest give-away though Fubumaximus, is that we would not warn you in advance of suspending your account. If we really did have evidence that you were trying to sell your account, we would simply lock it down and then inform you as to why your account was locked.

Thanks Datro, we appreciate the advice.

There is actually a pretty good guide that I often refer people to in such situations here:

Guide: 'Phishing' Whispers
http://eu.battle.net/wow/en/forum/topic/2037893894

The link is legit (well, kind of), but the mail is completely fake, which makes me believe that this is a 'masked link' that will take you somewhere dodgy if you click on it.

Just like the one on the first page Lypsy? :)

It is a fake Elfid. :)

Well done for not falling for it!

Great tip there Shenso and definitely worth doing. :)

It's fake Titatotemaar. :)

Always keep in mind that if an action is taken against your account, we will contact you after it has happened.

http://eu.battle.net/wow/en/forum/topic/900641151?page=1#18

No it is not legit Oakier. :)

Usually a phishing mail will try to emulate an official template e-mail in the attempts people will skip over the information contained and click on the link fooled into thinking it is a genuine e-mail simply because it looks like one.

As to why they do it Pjparsons, they're after your account. Once they get hold of it they'll use it to either whisper more players and get more account details or acquire gold with which they can sell to make money.

So by being aware and not falling for such scams, not only are you keeping your account safe, but helping to prevent other players from being compromised too. :)

I have no idea Iorias, perhaps it is masked and leads to a phishing site that looks very similar to ours? Who knows. But obviously it is a fake and should be ignored completely.

Thanks for the posts guys. Don't forget to remove any private information from your copy/pastes!

Seems like the most popular scam attempts right now are the Winged Guardian e-mail and the fake Diablo III beta invitation.

Twotooth Try contacting your mail provider and see if they have information on how to prevent this from happening.

Fallennzall This Support Article helps explain how to ensure to get mails from us.

How to make sure you can receive e-mail from Blizzard
http://eu.blizzard.com/support/article.xml?locale=en_GB&articleId=30471

You should be safe to add any addresses that do not come from us to your blacklist. :)

We've updated our first page with a new template that some of you may be seeing.

http://eu.battle.net/wow/en/forum/topic/900641151?page=1#19

Remember that this is a fake! :)

A handy guide about what to do if you get these whispers can be found here Jaacee. :)

[Guide] 'Phishing' whispers
http://eu.battle.net/wow/en/forum/topic/2037893894

We certainly investigate these reports and then take the appropriate actions.

I have had to remove the link due to the fact that it shows a fake e-mail link, but thank you for the advice!

Greetings Puppetmastr,

While I can obviously understand your confusion that these malicious third parties have knowledge of your email address, you’d be surprised at how easily these individuals and corporations are able to gather such data from various online activities players engage in.

If you’re interested in seeing whether your own email address may be publicly available, it’s often worth trying a few searches using popular search engines to see if you get any exact matches – if you do, this could well be one of the ways in which your address has been obtained.

Additionally, please don’t forget that WoW-based phishing mails may well be sent out to hundreds or thousands of email addresses, without any guarantee that the holders of these addresses play WoW at all – those that don’t play will obviously just ignore the mails, but if any of the recipients do then there’s a chance they’ll be taken in by the scam. :(

Seeing how it has been written and the fact that it is on the first page in the list of fake e-mails to watch out for, I would say that it is a phishing mail Aeolian. :)

http://eu.battle.net/wow/en/forum/topic/900641151?page=1#12

Yes, the grammar is pretty bad there Azgarth, and we don't have such a promotion running (if we did, we would announce it publicly).

Greetings Fairyelf,

As you rightly suspect, this one’s another example of a fake-as-fake-can-be mail (there’s even a very similar version of it listed in our common examples at the start of this topic), and you’re quite safe to ignore and delete it!

Good to hear you’re remaining sceptical about these threats anyhow. :)

Yes, that is a fairly common one Xelviar, but it's always worth reminding everyone that we will never accuse our players of doing something wrong unless we have definitive proof, in which case we will simply take action on the account rather than warning the account-holder in advance and asking them to confirm their account details.

Good advice there Arxroth and the mail you link is a fake one.

Michella please take a read through the first page of this sticky as the information you need can be found there.

http://eu.battle.net/wow/en/forum/topic/900641151?page=1#3

Good evening Gvuud,

While there have been some genuine promotions of that kind, it certainly does sound a little phishy if there’s a massive discrepancy in the dates like that… >.<

There are another couple of things to check with mails promising free gametime, however, so these might be things to also look at;

• Firstly, genuine mails for free gametime will begin with your real name (the one registered on your Battle.net account). If it begins ‘Dear players’, it’s a fake!
• Secondly, if there is a real offer of some free gametime on your account, it will actually be redeemable within your Account Management page so, if there’s nothing visible when you navigate to Battle.net yourself and check, it’s also likely a fake.

Glad to hear you’re staying sceptical about these kinds of mails though – it’s always better to be safe than sorry! :)

Thanks for the report Starflare, I've just removed the dodgy link from your post in case someone decides to try it out.

This is a fake e-mail Evilelf. Thank you for removing the link and well done for not falling for it. :)

Indeed it is fake Azar�a and thank you for bringing it to our attention. :)

Very fake Loussi and I have removed the link from your post. :)

03/10/2011 17:01Posted by W�llstreet

Hello I just wonder if this is real?

Nope, it is fake.

Correct.

Yes, that one is most likely a real survey e-mail Nin, so long as the 'Click here' part is not linking to a suspicious masked URL.

Yes Archchaos, that is definitely a fake. Thank you for editing the links out. =)

It's a fake J�tten. :)

Hello there Faylane,

Thanks for the post – as I’m sure you’re already aware, that’s definitely a fake and anything promising free items, mounts or gifts should be treated with extreme caution! :)

It is indeed fake Drakkari but you do not need to post it twice. :)

If you are uncertain about an e-mail even after reading the first page, just post it here and either a regular or one of the blues will let you know whether it is real or not, you don't need to bump the thread. :)

Thanks for the assists there Gliondir. I have removed the URL from your post Zinthraze just to be on the safe side.

D�mia - That's a fake.

Tormentor/Jesysta - Although that one is obviously fake (passwordlol), don't forget that the safest way to verify the legitimacy of any Diablo III beta invite e-mails is to manually log-on to your Battle.net account to see if the client is available for download.

Shynryu - Sounds like a fake to me, but make sure you read through the guide thoroughly so that you are well-armed against such attacks.

While you may have posted this in the wrong thread Imploded, it is a new feature for 4.3 that characters cannot be deleted if they have heirlooms on them. With regards to always being able to input an authenticator number, it is being looked into to give players the option to have this enabled.

08/11/2011 15:56Posted by Faylane

* Account password

Nice try, at least they were obviously watching BlizzCon intently!

There is definitely a sale going on Enaesimus and if there are no dangerous links in the mail then the e-mail you have received may indeed be genuine.

If you can post the e-mail header information we will be able to double-check for you. :)

That one is indeed real Erdrin. :)

Yup, that is a fake Zylyan.

Hello Nelane,

It’s good to see that Gliondir’s already taken a moment to respond to your post and confirm for you that the mail in question is indeed a fake. In fact, it’s an almost exact copy of the example in post #6 of this thread, which shows you how long the malicious people responsible have been sending this particular template!

Hopefully you didn’t enter any of your details into the website you were redirected to by the link in the mail, but if you have done then please take a look at the early sections of this sticky and get in touch with our Account and Payment team for additional help if you need to alter your Secret Question data. :)

Hello there Julmust,

Thanks for taking the time to post this particular example – scam ‘promotions’ like this one seem to be becoming more and more popular of late, likely to tie in with our legitimate WoW Annual Pass offer, but it’s great to see that you didn’t fall for it and that you’re remaining vigilant. :)

Definitely a scam Ini, yes.

Definitely fake Onlydead. There are several indicators, but the thing that really struck me is that they didn't mention anything about Diablo III!

Well, that link is fine Netherine, but that is not necessarily a testament to the legitimacy of the actual e-mail. I guess the safest course of action would be to copy and paste the link into a browser (as opposed to directly clicking on a potentially masked URL) and follow the instructions to see if you are eligible for the promotional offer.

While there have been mails sent out to players Revya it is good to double-check to make sure that you don't have a fake mail. :)

The best thing to do would be to either check your battle.net account management page or to speak to our Account and Payment team and they will be able to let you know.

Greetings Tocutetodie,

As with Revya above, the best way to check a possible promotion of this kind is to simply log into Battle.net Account Management, manually navigating there yourself, and check to see if there’s an option to redeem free gametime on any of your accounts – if it’s listed in Account Management, it was a genuine offer. :)



Hello also Zafirus,

Fake indeed – thanks for the report! :)

Hello Tisano,

Thanks very much for the report, but unfortunately these forums aren’t the best place to notify our support teams about any individuals pretending to be Blizzard employees in this way. If possible, you should always immediately make use of the ‘Report player’ option to pass an automated report directly to us. :)

Additionally, there’s some helpful information regarding these kinds of fake whispers in this great player-made guide;

[Guide] 'Phishing' whispers
http://eu.battle.net/wow/en/forum/topic/2037893894

Greetings Salixy,

As you’re hopefully aware from the very nasty-looking Header information, both of those emails are indeed fake!

They not only contain threats about your account, which is something we wouldn’t ever send (we would usually ban or suspend a suspicious accounts, and then send an email afterwards), but also some very dangerous links – the first mail example you’ve provided contained masked links (so, on first glance, they wouldn’t have led to a fake website, but had you actually clicked on them you wouldn’t have ended up on our genuine sites at all), and the second one hadn’t even masked the very dodgy URL right in the middle.

I do hope you’ve simply ignored both of the mails in question, and it’s great to see that you’re remaining cautious all the same. :)

It's a fake Stricht. :)

Thanks for the report Jusinaskas. You are right, this is a fairly uncommon attempt, but the principles in the original guide still apply. I'm guessing the link was dodgy, grammatical errors are plentiful and a good way of verifying the legitimacy of automated security e-mails is to try logging into the game.

If we were concerned enough to send you a real e-mail, we would temporarily 'soft-lock' the account to ensure that no damage was caused. So, if there actually is a problem with the security of your account, you won't be able to log-in to it, and conversely if you can log-in perfectly fine then the e-mail is almost certainly a fake.

Greetings Adsn,

Thanks for taking the time to post this example of a clearing phishing mail – I’ve removed the URL from your post, but this is definitely one of the kinds of mail we’re likely to start seeing more of as time progresses and the next expansion draws nearer, so we may well use this as one of our examples. :)

Greetings Baz�k,

I’m afraid I’m slightly confused as to why you’ve chosen to post in this particular sticky, as it’s primarily concerned with helping players identify fake mails or secure their accounts after having received and followed a phishing mail.

If you’ve received a phishing mail, or a potential phishing mail, about Diablo 3 then you’re obviously very welcome to return and post it here (with links removed in advance, if possible) so that we can check it for you.

Otherwise, if you’re simply looking for a link to download Diablo 3, or the Beta client, I’m sorry to say that it’ll not be possible unless you’ve already been invited into the Diablo 3 Beta, and therefore have a Beta account attached to your Battle.net account.

In any case, if you’re still experiencing any issues I’ve not covered in my response above, do post again and explain further so that we can try our best to help. :)

Thanks very much for the post, Falanari, and for the snippage (much appreciated!).

We’re starting to see more and more of these, it seems, but it’s great to hear that you’re still remaining cautious… and hopefully others will too! :)

They look fine to me Hamul, but if you want to be on the safe side, these are the offers that the mails refer to for your reference:

World of WarCraft Annual Pass
http://eu.media.blizzard.com/wow/promotion/wap/en-gb.html

Blizzard Holiday Sale
http://eu.battle.net/sc2/en/blog/3389808

Note that the second promotion has now expired, but at the beginning of the year, StarCraft II saw a permanent price cut:

New Year, New Permanent Price Cuts!
http://eu.battle.net/sc2/en/blog/3545466

There, now you shouldn't even need the mails... =D

Thanks for the warning Samwhich, I've edited the URL out just in case.

Romularan, I'm afraid that is real, yes. 5 characters were transferred on your account on February 20th. If you did not make these transfers yourself, then I should refer you to our other important security sticky thread here:

>> Account Hacked/Stolen? CLICK HERE! <<
http://eu.battle.net/wow/en/forum/topic/2226268467

Most definitely fake Gwonam, burn with fire.

That one looks legitimate to me Dumpling, however you may want to pay close attention to the headers section of the original guide (post #2).

That is definitely worth doing Tiborian if you are unsure and I'm pleased to see that you avoided falling for a phishing mail. :)

Fakety fake.

Thanks very much for taking the time to post, and for the report, Delorya.

It’s really great to hear that you’re taking your account security so seriously now, and that you’ve got an Authenticator, but if you’d like to provide us with any nasty site link information in the future then you’re very welcome to include it with your post and then edit it out straight away – we can still see any previous edits, and it stops anyone else trying to check out the website in question. :)

"The Anger of Azeroth!"

Heheh. Thanks for the report Ayarea. =)

Both of the above are fake, yes. =)

The above mails are indeed fake Pokecheats and Narkoza. :)

Thanks for letting us know!

I understand Narkoza, although the fact that it's directing you to a US site is an instant cause for concern, and people should always check for masked URLs, they're a dead give-away.

Trknuta, it's a fairly close approximation to a real e-mail apart from this section:

You can confirm that you are the original owner of the account to this secure website with:

If it really does say that, then it's not from us. If you would like to double-check, you can log-in to Battle.net Account Management and see if anyone has invited you through the 'Referrals & Rewards' tab.

Thanks for the tip, Saeyn. :)


P.S. I love the example! ^.^

22/03/2012 12:07Posted by Galvatron

If this proves to be true,

This is the give-away part really Galvatron. As we have said before, we won't notify you of an investigation like this, we will simply gather evidence, take action and then inform you.

Thanks very much, Thing�ne. ^.^

It’s been around a good few years now, both on these forums and previously on our old forums, but hopefully it still proves helpful to players that read it! :)

Good day Seffi,

That’s certainly an interesting example, and I’ll admit that I’ve actually never seen a phishing mail quite like that before! You state that it arrived today, so I imagine you mean via email?

If you were able to forward this particular one to our hacks@blizzard.com address, it would be much appreciated. :)

Seffi, thanks very much. :)
�
�
Missmeow, apologies for the delay in responding – we don’t always check this thread daily, as it usually just consists of specific phishing examples without too much elaboration required on our part. >.<

To answer your query about the hacks@blizzard.com email address, I’m sorry to say that they don’t really respond to emails forwarded (it’s more of a reporting address, rather than one for seeking support).

Let me state, however, that there’s literally no chance that a mail stating you’d been trying to sell your account could be linked to your current issues – these mails are always fake, and we never send players any correspondence threatening account action.

So, trying to read between the lines, it sounds like you might have reinstalled a Mobile Authenticator onto your new iPhone? This will obviously mean that, unless you used the Restore Code to do it, you now have a different Authenticator serial number on your phone than the one attached to your account.

Should that be the case, you’ll need to get in touch with our Account and Payment team to request a removal of your previous Authenticator so that you can attach the new one properly – for this you can either call us directly (using the contact details provided below), or you can make use of our Authenticator Removal Webform (also below);

Account and Payment Support
http://eu.battle.net/support/en/article/account-and-payment-support

[Guide] How to call Blizzard
http://eu.battle.net/wow/en/forum/topic/900641450

Authenticator Removal Webform
https://eu.battle.net/account/support/remove-authenticator.html

Finally, if you did transfer the specific Authenticator across using the Restore Code, you might want to try a Resync if you haven’t already – just in case. Do let us know if none of that helps! :)
�
�
Пурурумко, thanks for the report – we’ve been seeing that one for a while, unfortunately, but all examples are always welcome at the hacks@blizzard.com email address. :)
�
�
Gwonam, thanks for your additional second post – I wouldn’t even have spotted the Yahoo! Discrepancy there otherwise, as that obviously looks just like a real Scroll of Resurrection invitation.

Пурурумко is quite right about the promotion itself though… so I’m afraid it’s not the content itself that’s suspicious! >.<
�
�
Shexi, I’m afraid the only way to really be sure if a supposed Beta invitation mail is real would be to check your Battle.net account itself (to see if a Mists of Pandaria PTR license has been added or not). Unfortunately I don’t see one on your account at the moment, so there’s a possibility the mail could well have been fake.

Don’t forget that the address the mail appears to come from isn’t an indication of whether it’s real or not, as it’s now possible for these malicious types to make mails look like they could have come from anyone at all. :(

Thanks Seffi, these beta ones are certainly very prolific recently.

Technically it should be pretty much instantaneous Kronous, if anything, the mail should come AFTER the account has been flagged. I guess there could theoretically be a slight delay for some people, or perhaps a browser issue may cause a display problem in Battle.net Account Management. Or maybe the mail is referring to another account? I’m clutching at straws I know, but apart from those scenarios, the only other option is fake e-mail. Sorry.

It may be worth performing some security checks on your computer this weekend Geelgamesh, this guide should help:

[Guide] How to SCAN and SECURE your PC - Part II
http://eu.battle.net/wow/en/forum/topic/1820913657

Thank you for the heads-up Pibad but I have taken the liberty in removing the link just in-case someone curious tries to follow it. :)

26/04/2012 10:09Posted by Kekspek

You'll find your beautifully translucent reward mount

o.O

This e-mail is sent out when a transfer is performed Twannetje. If you haven't played on the account for the last couple of months, have you given your account details to someone else?

I would suggest ensuring that you have secured your account and if you are concerned that your account has been compromised, to take a look at this sticky.

►► Account Hacked/Stolen? CLICK HERE! ◄◄
http://eu.battle.net/wow/en/forum/topic/2226268467

That is indeed a fake e-mail Ceos but if in doubt the best thing to do would be to check your Battle.net Account Management page and see if you have the beta there. :)

It is indeed fake Impatus so well done on not clicking the button. :)

I have removed the link from your post to prevent curious players from following it ^^

It's fake Theomega. :)

If you think you've got into the beta, the best thing to do is check your Battle.net Account Management page. :)

Good catch Kilman. It is very convincing indeed but the most important thing to remember here is that real beta invitation e-mails are merely for notification purposes only. You don't require a code or a link or anything else from the actual invite mails, it's just a way of telling you that you now have access to the beta in your Battle.net account management page (or at the very least soon will have).

So if you login manually and see that you don't yet have access, then it is almost certainly a fake.