It’s Phishing Season!
Everyday that you log in you are greeted by the following message:
Phising Warning
Most of us miss this because it scrolls by so fast all we see is a blur of yellow. It seems that Blizzard may be trying to take this security thing seriously eh? With the Authenticator and all the messages on their site, account security is a major concern.
My question here is not that if they care about security, my question is how the phisherman get our info in the first place. We all know about the bad web sites, the bad addons and the now compromised authenticator but where are the email lists coming from? Wo is generating these lists?
The reason I ask is because I want to share something with you. I have an email account that was once attached to one of my WoW accounts. It is no longer associated with an account due to me creating a Battle.Net account, but it was at one time. Here is a picture of the spam box on that account. All of the spam listed is from March 29th – April 30th of this year.
As you can see there are 141 “conversations” in that time. Now there are more that that many emails because there are some address’ that have sent more than one.
If this email address was attached to a WoW account it would seems as Blizzard was desperately trying to contact me! What is really scary is the fact that some of these are really good fakes.
Now some of them are crap and they are easy to spot. But it is easy to see why so many people fall for these scams. If you add in the ones announcing that you have won something things get even worse for the clueless.
One of the more amazing things about these attempts is the advertising that comes with them. Gmail is littered with targeted ads. You can’t imagine how many gold seller ads are targeted to this account.
Someone somewhere has sold my information to the bad guys. I don’t know who but it is a bad deal all the way around. Some how I ended up on a phishing list AND Google is selling my info to Gold Sellers. It sucks anyway you look at it.
I know I am not the only one getting hit this hard and this is a warning to those who haven’t made the list. Be careful because someone we trust is selling our information. I am not sure who it is but it is happening. Once they make a connection between your email account and WoW this is what happens.
Out of the many I get, one in maybe 25 is an actual good phishing attempt. Most are poorly worded, have terrible grammar, are in engerish… only the messages that actually receive a label in my account are even looked at because I know the rest are poor excuses of a phishing scam.
The best way to ensure you don’t get phished is to go directly to us.battle.net (perhaps the Euro one is eu.battle.net? Would make sense to me) on a computer you don’t play WoW, or any other MMO for that matter, when it’s necessary to modify any account information.
Also, get an authenticator. I got mine the second time they became available. When I leave for a weekend away, it comes with me.
G-mail is free, so I made a dedicated Battlenet e-mail account back when Battlenet change went live. It is not used for anything else, no exceptions. So far, so good – no Warcraft-related phishing mail and absolutely zero spam just in general.
My old account – the one used for Warcraft as well as for some F2P games and e-mail lists – is getting a ton of spam. Doubt Google or Blizzard have anything to do with it though. It is much more likely I wasn’t careful and left my e-mail address on some gamer forum to be sniffed out, or somebody had their computer compromised and I made the list by being their contact.
@ Dan – Some of them are really poor attempts but a few of them are really well done. Someone has to be falling for them or else they wouldn’t bother sending them out.
@ Msp – I did the exact same thing for my battle.net account. So far so good on that one.
[...] GTFOOFT had a post yesterday about all the fishing attempts people are getting. I did the same check on my mail box and I have to thank Google for doing a good job of catching them for me. In the last 30 days, I had 39 fake messages from Blizzard. If I didn’t know any better, I would think that someone was hacking my Warcraft account. [...]