Phishing (pronounced the same way as fishing) is the act of con artists and scammers to get you to reveal information that they can exploit. Here is a typical example of one I get several times daily:

Greetings:

Thank you for your attention in this matter regarding the compromised World of
Warcraft account you are using. Unfortunately, multiple parties have contacted
Blizzard Entertainment seeking restoration of the account in question. This message
contains an updated Account Retrieval process, which will enable the rightful user
of the account to resume their adventures in the World of Warcraft.

The investigation will be continued by Blizzard administration to determine the
action to be taken against your account. If your account is found violating the EULA
and Terms of Use, your account can, and will be suspended/closed/or terminated. In
order to keep this from occurring, you should immediately verify that you are the
original owner of the account.

To verify your identity please visit the following webpage:
http://us.battle.net/login/en/login.html?app=wam&ref=https://www.worldofwarcraft.com/account/&eor=&app=bam

Only Account Administration will be able to assist with account retrieval issues.

Please help us to avoid any further delays in restoring Account access by following
the instructions exactly and in their entirety. We will contact you again once all
information has been received and thank you in advance for your patience and
cooperation in resolving this account issue. Please be sure to provide all pertinent
data as soon as possible since Blizzard Entertainment is unable to offer any type of
reimbursement for the time an account is locked for verification and investigation
purposes. 

In the meantime, please make sure to scan the computer system you are using to
remove all viruses, Trojan files, and key loggers. For more computer/Internet
security tips, please visit 
http://www.blizzard.com/support/article.xml?articleId=20572.

In addition, World of Warcraft account passwords should be periodically changed by
visiting : 
 https://www.battle.net/login/login.xml?ref=https://www.worldofwarcraft.com/account/&app=wam&rhtml=true

Any inquiries concerning this account retrieval process can only be addressed by
Account Administration. To learn more about how Account Administration is able to
assist you, please visit us at : 
https://www.battle.net/login/login.xml?ref=http://www.wowarmory.com/character-sheet.xml?r=Duskwood&n=Muthahunda&app=armory&rhtml=true.
Thank you for your patience and anticipated cooperation in this matter. 

Sincerely,
Account AdministrationBlizzard 
Entertainment
 http://www.blizzard.com/support/wowaa

One of the first things you will notice, is the very poor grammar (denoted in red, and yes, this is an ACTUAL email I received). No legitimate company would let something like this slip out. Most have an army of people that must approve all mass communication. In addition, though I removed the links in this email, mousing over any link reveals a site that is not blizzard.com battle.net or worldofwarcraft.com.

How do I know if an email is legit or not?

The easiest way is to log into the site in question manually. NEVER CLICK ON ANY LINKS IN THE EMAIL. If you get an email that says your paypal account is compromised, open a new web browser, browse to paypal.com and login and see. The vast majority of the time, you’ll find that your account is fine.

Secondly, look message header. This is often times hidden and different email clients use different methods to display it, but here is the header from the message above:

Return-path: <ggqqv1nohx@ud.org>
Envelope-to: <removed>

Delivery-date: Tue, 08 Mar 2011 18:24:15 -0500
Received: from exprod6mx228.postini.com ([64.18.1.128] helo=psmtp.com)
     by cpanel3.broadst.frontline.net with smtp (Exim 4.69)
     (envelope-from ggqqv1nohx@ud.org)
     id 1Px6GE-0004Lb-P3
     for <removed>; Tue, 08 Mar 2011 18:24:15 -0500
Received: from source ([211.206.124.52]) by exprod6mx228.postini.com ([64.18.5.14]) with SMTP;
     Tue, 08 Mar 2011 18:24:10 EST
Reply-To: <wowaccountadmin@blizzard.com>
Sender: ggqqvnohx@ud.org
Message-ID: A99C2E5D82ABCB9900177B14016C35972@ud.org
From: =?utf-8?B?QmxpenphcmQgRW50ZXJ0YWlubeKAi2VudA==?= <wowaccountadmin@blizzard.com>
To: <removed>

Subject: world of warcraft – account
Date: Wed, 9 Mar 2011 07:24:08 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary=”—-=_NextPart_000_0ACD_018D5C05.12B87800″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.00179/87.40151 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 5 (2.0000:2.0000) s cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <wowaccountadmin@blizzard.com> forward (user good) [1797/71] 
        

Note the areas in red. The return email is gibberish. Even us here at Rocky Mountain Expert Computer Services would email you from support@rmecs.com not GHHEES@rmecs.com

The third way you can determine if an email is legit or not is to forward it to a companies fraud department. Each site usually has a mailbox set up for these kind of emails, all you do is hit forward, type in the fraud email address and then delete the original message. This will help them send out alerts to their users and possibly shut down phishing sites.

These phish are scaring me, how do I protect myself?

  1. Never click on a link in an email unless you were expecting it (ie: a site asks you to verify your email and YOU initiated it).
  2. Be a skeptic. If my warcraft account is locked, I shouldn’t be able to login to it.
  3. Be an english teacher. Most of these are carried out by people that English isn’t their first language. If things are worded funny, take notice

 

If you do accidentally click on a link in a phishing email, change your password on the web site immediately. Depending on what kind of website it is, you may also need to contact their support department, for example a bank. In the end, these attacks only work because people don’t think before they click

Leave a Reply