Be aware that gold sellers are waiting around every corner of the internet to scam your password and steal all your virtual valuables.
I got the following phishing email [edit: I didn’t link their site, and I’d strongly recommend against manually entering the scam URL to check it out in case they have a browser hijack code installed]:
First thing: despite the fact that Blizzard cluelessly states in their loading tips that “all emails sent by Blizzard will be from the @blizzard.com domain” (or something to that effect), almost all emails that appear to be from @blizzard.com are in fact scams. I could send you an email that appeared to be from arthas@blizzard.com, and there would be no easy way for you to tell that it was a fake.
The most reliable way to tell if something is a scam is to look past what they’re promising, and see what they want. In this case, they want me to click on a link. Hover over this link, and you’ll see that while it claims to send you to blizzard.com, it actually sends you to blizzard.ZOMGSCAMMER.WTF.com.
Another hint that something is amiss: Blizzard is a massive publicly traded company, and can afford a spell check.
I’ve written before about how to keep your hunter safe and sound– read that post, and if you have any reason to suspect that you may have just logged into a scammy site instead of blizzard.com, then change your password immediately. Preferably not to something in the dictionary.
One final note- be aware that if you fall for a scam like this, your authenticator won’t help you in the slightest. The gold seller can use the code you send him on the fake login screen to access your account.
Blizzard could afford a grammar check too. “We are highly suggesting you to take it.” … oh phishers. -_-;
I got a phishing email once, and I’m surprised how this stuff is so easy to see if you’re looking for it, yet incredibly easy to overlook if you’re not. And that one is really convincing too.
Thanks for posting this!
It’s worth noting that, as far as I can tell, there’s nothing in that email that a spell-checker would catch. The grammar, however, is off in a number of places, and in ways that indicate that the text is composed by a non-native speaker of English.
Also, in this case, your authenticator will help you, as this particular survey doesn’t ask for it. (It will, in fact, accept pretty much anything as input for the username and password fields. The code behind this scam isn’t particularly sophisticated.)
I didn’t click through in case they have some sort of browser injection that could install a keylogger… but in general, an authenticator is not going to cover you if the scammer makes their site realistic.
Yeah, I did a virus/spyware scan right after I closed the browser. Came up clean, but you can never be too sure.
I’m compelled to point out that the grammar in the email is atrocious in places.
“When you will submit your survey…”
“…we are highly suggesting you to take it.”
@Stop – “atrocious” was the exact adjective I was going to use for their grammar. I’m a bit of a grammar and spelling stickler, so phishing emails like this are usually easy for me to detect.
But I can see how something like this might be dangerous if one isn’t as anal about grammar, or is just skimming the content.
I’m sure this won’t be the last, either.
I guess I should stop using the word “spell check” and “grammar check” interchangeably, what with all
youryou grammar sticklers out there.That’s “all you“, Euri.
;)
That one was just a typo :P. This one is just to annoy youse guys.
If this email didn’t appear to be typed by somebody who dropped out during 4th grade grammar class, it MIGHT pass as a good phishing attempt.
PHISH PHAIL.
Nice post, but you’re prone to overstating the case against authenticators. Keylogging is almost certainly the largest cause of account theft and the authenticator is airtight against that (in all but the most sophisticated theoretical attacks).
Agreed though that anyone who gives their entire catalogue of personal details to a phishing scam is going to get nailed.
Fair enough. I tend to have a gut reflex reaction that rejects any “I’ll just use X and be so safe I won’t need to practice good security any more” type devices, but it’s not like the authenticator makes people any less safe.
An error made by your own employee can result in a loss of assets and serious detriment to your company.
They can answer all your queries pertaining to tax returns,
tax investigation, accountancy and more. Scanned copies
of all bills and expenses need to be mailed to the external agency and these documents are then maintained by your outsourced accountant.