Spotlight on: Phishing

We thought we’d take this opportunity to update our Spotlight on Phishing scams and how it relates to your World of Warcraft and Battle.net account.

Traditionally “Phishing” is the attempt to acquire sensitive information, such as usernames, passwords, and other information, including credit card numbers, by pretending to be from a trustworthy source.

For World of Warcraft these phishing attempts often try to pretend to be Game Masters or other support representatives. They may also include attempts to impersonate guild members by using similarly named characters or claiming they are that person on an alternate character.

Phishing attempts may also mimic a special offer, like an invitation to participate in the beta phase for one of our games/expansions.

Below are the most common forms of phishing:

Phishing Emails - What to look out for

Misspelling, Typos, and Bad Grammar

  • While we are not immune to the occasional mistake, the majority of contacts you will receive from Blizzard will contain proper grammar and sentence structure and be mostly devoid of typos. The most common indication that you may have received a phishing email is if the grammar is off. If so, it might be a scam.

Bad or Misleading Links

  • Often the links included in a phishing email will appear to lead to a legitimate site and instead redirect you to a different “official looking” site entirely.

    If you see a link in a suspicious email message, be wary of clicking on it. If you hover your cursor over the link you should be able to see if the address the link goes to matches the link that appears in the message. They will usually try to include “Blizzard” in the URL to make it appear more legitimate, often misspelling Blizzard (i.e. Bizzard, Bilzzard, Bilzard, etc).

Threats & Account Information Requests

  • Many phishing emails, those that don’t offer some kind of reward to get you to click on their links, will ask for account specific information, such as your password or secret question answer. They will often reinforce that request by threatening to penalize or close the account if you do not comply. This is designed to scare you into reacting.

Suspicious Emails and Phishing

Phishing Filters for your Browser

What to do if you suspect you received a phishing email?

Most phishing emails will spoof the return address to make it look like it is coming from an official site. If you suspect you’ve received a phishing email you can check the email’s headers to see where it originated.

Where to look for the email’s headers depends on the provider. The following site shows you where to look: Message Headers

An email from us should come from an official domain, which is usually either Blizzard.com or Battle.net. If you have received a phishing email you can report it as spam to your provider to help them better deflect those contacts.
 

In-game Phishing – Whispers & In-Game Mail

Nearly all phishing attempts in-game consist of someone trying to impersonate a Game Master to get a player to give up their account information. This usually happens in one of two ways:

Reward

  • The contact will encourage you to visit a website and enter your account information by claiming that you were given a pet, mount, or other prizes.

Punishment

  • This type of contact will claim that you may have violated policy and to avoid punishment you need to visit a site and enter your information to prove who you are.

Regardless, if you are contacted through a whisper or in-game mail from a Blizzard Employee, it will always have a special indicator.

In-game mail

  • There will be a Blizzard logo in the upper left corner of the message.

image

image

In-game whisper

  • When contacted by a Game Master in-game, not only will the Game Master have a special blue Blizz tag next to their name, but any chat initiated by a Game Master will take place in a special chat box that will pop up when you are contacted. Those who try to impersonate a Game Master often use [GM] or Blizz/Blizzard as part of their name.

image

 

image

What to do if you receive an in-game phishing contact?

If you receive a phishing attempt through the in-game mail system you can report the message as spam by clicking on the “Report Player” option in the upper right corner of the open mail.

If you receive a whisper or other text chat you can right click on the chat line to bring up a menu.

  • Select the option - Report Player.
  • You’ll then select the reason - Inappropriate Communication
  • Then select - Spam
    • You may include additional text if you wish.
  • Then click Report.

Both methods will place the character on a temporary ignore and forward the report to our staff for review.

The best way to avoid becoming a victim of a phishing attempt is to exercise caution when receiving any kind of information purporting to come from Blizzard. If an email asks for your password, makes urgent appeals, sounds too good to be true, or links to “account management” sites outside of Blizzard’s sites, you are dealing with a phishing attempt.
 

Phishing through Social Media - Check the Tweets!

One of the more common forms of phishing we’ve started to see through social media are contacts that act as testimonials from “players” who claim to have lost their account through compromise (hacked) or account action (suspended/banned). The contact, often through Twitter or Facebook, makes a claim that the person or service they are referring to had been able to get their account back.

These contacts try to get you to use a third-party site to provide account and personal information.

Recovering an account, either after a compromise or by appealing an account action, can only be done through our site and only by the registered user on the account. No other person or entity would be able to recover an account or appeal an action.

Both Twitter and Facebook have the option to report these messages. Here you can find the instructions for each platform:

Twitter: https://help.twitter.com/en/safety-and-security/report-abusive-behavior

Facebook: https://www.facebook.com/help/report

 

12 Likes