Phishing E-mails
What do I need to know?
To quote the Wikipedia article on what Phishing is
In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging,[1] and often directs users to enter details at a website, although phone contact has also been used.
http://en.wikipedia.org/wiki/Phishing
We have seen an increase recently in the amount of phishing e-mails that appear to look like legitimate e-mails from Blizzard.
It is important to remember that no Blizzard employee will ever ask you for your password.
What can I do?
Checking e-mail headers
Another trick used in phishing e-mails is to replace the original source address with an email address that looks as though it came from Blizzard. In situations like this it is important to check the header information of the e-mail as this will reveal the true history of that e-mail:
Any e-mails sent from Blizzard will come from a @blizzard.com address, you may see additions such as @e-mail.blizzard.com or @enews.blizzard.com, but the address will always end with the blizzard.com domain.
Most email clients will allow you to view more details on the email than are normally shown that will identify the true origin of a mail. For example, Hotmail have instructions on how to do this in Microsoft’s first help article on the left here:
http://help.live.com/help.aspx?mkt=en-gb&project=MailFull&que...
Gmail have instructions on how to view the headers here:
http://mail.google.com/support/bin/answer.py?answer=22454#
Please check the support of your email provider or software client for information on how to view the header of mails you receive. A genuine header from Blizzard should contain the following lines:
X-SID-PRA: noreplyeu@blizzard.com
or
Return-Path: <noreplyeu@blizzard.com>
Received: from smtp01.eu.worldofwarcraft.com ([XX.XXX.XXX.XXX]) by…
Received: from … by smtp01.eu.worldofwarcraft.com …
for <Your Email Address>; Tue, 29 Jan 2008 10:46:05 GMT
From: noreplyeu@blizzard.com
To: Your Email Address
Although the mail may come from another address than noreplyeu@blizzard.com, it should always end with blizzard.com and the X-SID-PRA or Return-Path should always match the From address.
It should also always be Received: from a domain ending in worldofwarcraft.com, wow-europe.com or blizzard.com.
If you have any doubts whether an email that seems to be sent from Blizzard is genuine, please contact us first before replying or clicking any links contained in the mail.
Checking web-links
With the announcement of Wrath of the Lich King we have seen an increase in the number of mails sent to customers pretending to offer access to a non-existent closed Beta for the expansion or asking you to login to a fake account management page:
http://forums.wow-europe.com/thread.html?topicId=2111545640&s...
Through the use of HTML code these emails will provide you with links that may look genuine, but lead to fake websites. Whenever you follow a link from an email, you can see that actual address that it reaches in the Address bar at the top of your web browser. For example right now your address bar will show http://forums.wow-europe.com/thread.html... indicating that you are viewing a thread on the wow-europe forums. If you follow any link in an email make sure that it leads to a wow-europe.com, worldofwarcraft.com or blizzard.com address. If a link directs to any other website, or when you follow it, the address looks different from the one indicated in the email we would urge you to contact us before entering any information.
The correct page for European Account login is https://www.wow-europe.com/login/... any other address is most likely a fake designed to steal your account information.
More Reading
• http://en.wikipedia.org/wiki/Phishing
• http://www.microsoft.com/protect/yourself/phishing/identify.m...
• http://www.privacyrights.org/ar/phishing.htm
• http://www.banksafeonline.org.uk/phishing_examples.html
• http://articles.techrepublic.com.com/5100-10878_11-6056367.ht...
