A few days ago I got this email which went straight to my spam folder due to Gmail being an awesome service that won’t allow itself to be fooled. I wanted to share it with you guys so you can see just how convincing these phishing emails can look.
from wowaccountadmin <email@example.com>
date Wed, Oct 20, 2010 at 07:18
subject World of Warcraft – Account Investigation
We have already noted that you are trying to sell your personal World of Warcraft account (s).
It will be ongoing for further investigation by Blizzard Entertainment’s employees.
If you wish to not get your account suspended you should immediately verify your account
ownership. You must complete the steps below to secure the account and your computer.STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS
Account compromises most often occur when a player shares login information with an unauthorized
third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend you read and
apply the following tips to protect yourself and the account.- Unauthorized Account Access Policy: http://us.blizzard.com/support/article/20460
– Computer Security: http://us.blizzard.com/support/article/21118
– Email Address Security: http://us.blizzard.com/support/article/28585
STEP 2: ACCOUNT INVESTIGATION
We now provide a secure website for you to verify that you have taken the appropriate steps to
secure the account, your computer, and your email address. Please go to this site and follow the instructions:
STEP 3: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission.
If you do not receive a reply within 48 hours of submitting this form, please resend
it from the address listed above.
Please be aware that if unauthorized access to this account, it may lead to further action against
Fare Thee Well,
Game Master Dunarthra
All the links, as they appear, in this email are safe and accurate. However, these aren’t the real addresses they point to. If you actually click the links you’ll be taken to a very different site with a deceivingly similar address and similar design to Blizzards site.
How can you tell that this is phising?
1. It wasn’t sent from Blizzard.com. It uses a @blizzard.com email address as a mask to cover up the actual from-address. Any decent email client today will be able to detect this and should warn you. You can see it in the raw code of the email like this:
google.com: domain of firstname.lastname@example.org does not designate 22.214.171.124 as permitted sender
The IP will be whatever the hacker is using to send the email out and as such will be random for pretty much every phishing email.
2. It looks like a standard text-only email, but it actually uses HTML code. Since there’s no HTML code used anywhere in the email other then the links, you assume that the email is text-only and the links are only clickable since your email client is making them clickable for you. Again, if you look at the raw code of the email, you’ll be able to spot the links as <a> tags.
3. Whenever you get an email that is supposedly from Blizzard, DON’T CLICK ANY LINK in the email. Don’t copy the links and go to them either. Go straight to http://us.battle.net or http://eu.battle.net and login to your account. If there’s no mention of anything that was in the email, then you can be sure that it was a fake.
I hope this has been helpful and educational to you, the reader. If you’re looking for more information you should check out Blizzards very own account security page.
Update: There’s a lot more examples of of phising emails on Battle.net.