Get the Desktop App for Battle.net Now
- All your games in 1 place
- Log in once
- Automatic game updates
I recently received the following email, it has all the usual hallmarks of a phishing site but I clicked on it anyways because I panicked and apparently my account had been recently locked (not sure what was behind this, but it was potentially my fault for trying to log in to a different computer.) I've managed to unlock my account since then but now need to make sure I am in no danger of being hacked or scammed.
I just want to be extra careful that nothing is wrong with my account or with my computer. Can someone verify that this truly is a fake email, and if it is what I can do to protect myself (I have already changed my Blizzard password and I am currently running a full system scan for key loggers or trojans or what have you.)
The email I received is as follows:
Thank you for your time.
Support Forum Agent
Yes, it's a phishing email.
I'd recommend changing the Battle.net account password again but I'd do it from another PC you've never connected to Battle.net from before. Ideally one that's been scanned already for malware/trojans.
You'll want to make sure you don't use the same password for the Battle.net account as you do for the email account too. I'd also strongly recommend obtaining an authenticator for the account.
On top of all that, I don't see that you even have Diablo III on this posting account? That right there should have been a major clue that the email was a fake assuming this is the account you're talking about.
That is a very very common phishing scam. Do NOT click on any links in there. You can forward the email, with headers intact, to email@example.com. That one is so common they use it as an example in the article on how to avoid phishing :) http://us.battle.net/en/security/theft#phishing
Also, you are right that the security system detected a new PC which was why you were locked earlier. That is normal though and shows the system is working properly.
If you are worried, you can do four things:
1. Scan your PC with Malwarebytes. Boot to safe mode and type gibberish into the login screen before running a FULL (not quick) scan. Repeat with a virus scan.
2. From your now clean PC - create a new email you use ONLY for battle.net. Do not give it out ever. That will help prevent all but the most generic of phishing scams from getting to you. Gmail is a good one because they offer a phone authentication system to help secure the email account.
3. Get an Authenticator if you don't have one on your own battle.net account
4. Consider using SMS Protect - it is NOT an authenticator, but it will alert you to changes in your account and help make some procedures easier.
If you have done all those things then sit back and relax :)
Ediit - Not fast enough to beat the Blue!
Edited by MissCheetah#1661 on 1/2/2013 1:17 PM PST
I did click on the link like an idiot and send in the info it asked for (which was just the username, which obviously they already had, and a password that I've since changed.)
You are right Omrakos, but I'm seeing this free to play thing on my account for Diablo III so I thought maybe that someone got a hold of my account and tried to sell it. A careless error, but I probably wasn't in the right state of mind to appreciate that at the time...bottom line is I'm hopelessly gullible!
On a lighter note, you would think that with all the effort they sink into creating a website that pretty much resembles Blizzard's, they would be able to spend roughly 10 minutes to check spelling and grammar on the e-mails.
Thanks so much for the help though, It's looking like I'm clean and I've definitely learned an important lesson (two or three, really) for the future!
Those sites often put keyloggers onto your PC so it is VERY important that you take the time to do a FULL Malware scan like I suggested and after that run a virus scan too! Malwarebytes is recommended for malware and is free. Microsoft Security Essentials/Windows Defender is free and not so bad for a virus scanner.
Change your password again from a clean PC as well. They likely already have your new one if you did not do the malware sweep first.
You are also going to want to check out the other security options such as an Authenticator.
Edited by MissCheetah#1661 on 1/2/2013 1:52 PM PST
I have Norton 360, is that ok? I ran a full system scan and came back with like 14 things (nothing major apparently, they were removed without incident). On their forums it seems to be that a few people are having trouble getting keyloggers on to their computer to monitor their children and the like. That seems to be good news for my scenario.
I have changed both passwords from a different, clean PC.
Edited by Superunknown on 1/2/2013 2:42 PM PST
Norton is well known for missing things. Malwarebytes is free and does not run in the background when not in use so will not bog down your PC. Most of us have seen Norton's miss too much to feel 100% safe. The Malwarebytes scan is still recommended. The free version will be good enough for what you want http://www.malwarebytes.org/products/malwarebytes_free/
In fact, doing a malwarebytes scan once a week is just plain good computer maintenance!
Threats of violence. We take these seriously and will alert the proper authorities.
Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.
Harassing or discriminatory language. This will not be tolerated.