Forum:Account phishing using wowpedia email address

I don't play WoW, I don't even have a WoW account. I do have an account here, and my preferences list an email address I don't use anywhere else (replaced with xxx@xxx.xxx below). I got an email to this address which purported to be from Blizzard, but actually originated from a Computer in china; it asked me to log into a site that appears to be worldofwarcraft.com, but is really a subdomain of account-manage.net. Firefox blocks the site, and it appears to be taken down now (not sure about that), but there are two important issues: --◄mendel► (talk) 22:19, 28 May 2011 (UTC)
 * If you received this email, went to the site, and entered information such as your WoW password there, you need to change your real password ASAP. If you entered financial information (e.g. credit card info), ask your bank for advice.
 * How did the phisher gain access to my email address stored only on this site? What can be done to prevent a reoccurrence?

 Return-Path:  Received: from blizzard.com ([61.241.210.0]) by mymailserver.yyy.yy (8.14.1/8.14.1) with ESMTP id p4SCxjsQ021490 for ; Sat, 28 May 2011 14:59:48 +0200 Message-Id: <201105281259.p4SCxjsQ021490@mymailserver.yyy.yy> From: "Blizzard Entertainment"  Subject: World of Warcraft -- Account Notification To: xxx@xxx.xxx Content-Type: text/plain;charset="GB2312" Content-Transfer-Encoding: 8bit Date: Sat, 28 May 2011 20:59:46 +0800 X-Priority: 3 X-Mailer: FoxMail 3.11 Release [cn] Status: O X-PM-PLACEHOLDER:.

Your account is being risk because one or more characters were identified using an unauthorized cheat program, also known as a "hack." These programs provide character benefits normally not achievable in the World of Warcraft. Such benefits include, but are not limited to, increased speed, teleportation, or running through walls/boundaries. Use of these unauthorized programs harms the game environment because they offer an unfair advantage over other players and supersede the intended limits of the game.

Even if this behavior is the result of a third party accessing the account instead of the registered user (for example, a friend, family member, or leveling service) then the account can still be held responsible for the penalty because of the impact it had on the game environment.

We've found the above behavior is many times directly related to groups responsible for compromising World of Warcraft accounts; we take these issues very seriously. To better understand our position against exploitative activity and the risks involved, Please visit the account verification platform to comfirm it at£ºhttp://www.worldofwarcraft.com.account-manage.net

The exploitative activity that took place on this account violates the World of Warcraft Terms of Use. We ask you take a moment to review these terms at http://www.worldofwarcraft.account-manage.net. Note that additional Terms of Use violations may result in more severe actions against this account, up to and including permanent closure.

Regards,

Customer Services Blizzard Entertainment


 * I've gotten these messages on accounts that have nothing to do with WoW or WoWpedia, so it's probably just sent out en masse. Linke (talk) 09:45, 31 May 2011 (UTC)

Another phishing message
Remember I have only ever used this email address here on this wiki. Return-Path:  Received: from blizzard.com ([61.241.208.22]) by mymailserver.yyy.yy (8.14.1/8.14.1) with ESMTP id p54Ewgv2020389 for ; Sat, 4 Jun 2011 16:58:43 +0200 Message-Id: <201106041458.p54Ewgv2020389@mymailserver.yyy.yy> From: "Blizzard Entertainment"  Subject: Battle.net Account-Notice To: xxx@xxx.xxx Content-Type: text/plain;charset="GB2312" Content-Transfer-Encoding: 8bit Date: Sat, 4 Jun 2011 22:58:41 +0800 X-Priority: 3 X-Mailer: Foxmail 4.2 [cn] Status: X-PM-PLACEHOLDER:.

Greetings!

It has come to our attention that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees. If you wish to not get your account suspended you should immediately verify your account ownership.

You can confirm that you are the original owner of the account to this secure website with: http://www.worldbattle-account.com/login/en/index.asp?ref=https%3A%2F%2Fus.battle.net%2Faccount%2Fmanagement%2Findex.xml&app=bam

Login to your account, In accordance following template to verify your account.

Show * Please enter the correct information
 * E-mail Address
 * E-mail password
 * Secret Question and Answer

If you ignore this mail your account can and will be closed permanently. Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team World of Warcraft, Blizzard Entertainment 2011 If you enter your account information, some Chinese will own your account. --◄mendel► (talk) 16:38, 4 June 2011 (UTC)


 * To be blunt: What's your point? Anyone with more than four brain cells and has played WoW for longer than ten minutes would know these E-mails are bull. --[[Image:IconSmall_Deathwing.gif]] Joshmaul, Loremaster of Chaos (Leave a Message) 15:52, 9 June 2011 (UTC)


 * The point is that it may be a Curse-based leak. I don't know if it is or not. Forum:Account phishing spam to my Wowpedia email? shows that this has happened before.-- 17:31, 9 June 2011 (UTC)

12/2012: Phishing for Diablo III
Hard to tell if someone kept the previously leaked database, or if there's been a new leak, but after over a year of silence, I received another phishing message to my wowpedia address a few hours ago. Here's the start of the email header: Return-Path:  Received: from WWW-9763E06E580.net ([110.103.66.186]) by xxx.xxx.xx (8.14.1/8.14.1) with ESMTP id qBB4MQ6G002378 for ; Tue, 11 Dec 2012 05:22:28 +0100 Message-ID: <2571A379D2A0940999590934694D272B@WWW-9763E06E580.net> From: "Diablo III"  To:  Subject: [EN]Diablo III Account Locked - Action Required Date: Tue, 11 Dec 2012 12:22:18 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 It contains an link purporting to lead to www.battle.net/account/d3/login-support.html, but if I clicked it, I'd get to a server in India where presumably bad things would happen to me. I know there's not much anyone can do, but I thought it couldn't hurt to give y'all a heads-up. --◄mendel► (talk) 09:56, 11 December 2012 (UTC)