BEWARE OF KEYLOGGERS! Don't follow that link!

New Player Help and Guides
Prev 1 2 3 4 7 Next
why can't I edit the original posts? wth?

edit: I got it this time, I failed miserably at editing the first couple tries..../facepalm

edit 2: On second thought, if any moderators find their way in here....Please feel free to delete posts #41 and 42(this post and the one before it where I failed.....I need to get rid of the evidence!) to keep the thread clean. :-P
I have been getting Whispers from someone named Blizzart (or something of that nature) the first message was telling me i got a free mount, of course i ignored this because the username was not BLIZZARD, and then they messaged me again a few days later saying my account was in violation and will be close "link" go here to validate your information.
Blizzard will never whisper you in game telling you that your account is in violation and about to be banned. Also, Blizzard doesn't give away random "Prizes" like mounts and such unless it's for some special event like Blizzcon....but in that case EVERYONE will know about it as it will be posted all over the official website for weeks.

And even then....then absolutely do not whisper you in game telling you that you've won anything. They will give you a key code that you will have to go redeem at a NPC in game....he is a goblin, his name is "Landro Longshot," and he lives in Booty Bay....I think he's still there even after the Cataclysm.
No worries Baloo your only Tauren, err I mean Human, we all make mistakes. ^_^
Hey all. I will be brief, but this is my tale from yesterday.

Got an email from Blizzard team that says 403 attempts were made to log on my acct so they blocked it. I was instructed to clean my machine of any possible malicious stuff. I read the email at work, and using that computer I read this post in the forum. I changed my password and used housecall and other things to clean my system at home. Nothing was detected. All clean. I'm pretty good at maintenance. When I changed my passwrod I got an email from Blizzard telling me that it was changed and if I had not changed it then to contact them immediately. If not - ignore the email. Well, this email was identical in format to the account blocked one.
Going back to the account blocked one - I followed the instruction to reinstate my account by clicking the link. Well - my firewall goes ballistic to not proceed.
So I log into the game and play for two hours. Evidently I was not blocked. I guess the original email was fraud? Any thoughts?
Well, from the sound of it, the first email was a scam....that sounds like it was pretty well thought out. I know for a fact that when a change is made to your account, Blizzard will send you and email stating that "X change was made to your account." Essentially the second email was expected when you changed your password.

The first email sounds like it may have been a well written attempt at stealing your account information, and the fact that there was a link embedded in the email where you were supposed to "verify your account information/ownership," leads me to believe that this was indeed a scam to steal your account. Blizzard will almost always use a form letter when contacting subscribers about their accounts. That said, if the second email had any typos, misspellings, bad sentence structure and generally bad english, those are all more tell-tale signs of a scam.

Blizzard will not ever require you to "Click this link to verify your account ownership" or anything even remotely similar to that. In the event you get an email such as this, and you are not 100% sure if it is real or not, your absolute best course of action is to manually type in "www.battle.net" to your browser, log into your account there and manually navigate to your account information page to verify that all is well, if there is a problem it will be noted on your account info when you log on.

NEVER....EVER....EEEEVER click on any link contained in an email from "Blizzard", especially if it contains a direct pointed statement stating that your account will be banned if you don't do it. They don't make threats like that, plain and simple.

Remember that in the event your account is actually compromised and violates the TOS or TOU enough to warrant an account ban, Blizzard will NOT send you an email "warning" that this might happen unless some steps are taken. What they will do is ban your account, and leave it up to you to contact them to get things straightened out.

I know you said your firewall stopped the link from loading fully, however, I would do another scan on your computer to be double sure that nothing slipped through. I'm just really paranoid with this stuff so I routinely double and triple check my systems when things like this crop up, for peace of mind.

Today I got a whisper From a character named Biizard (with strange symbols over the name) telling me that "there are several complaints against my character and that I needed to varifiy my account at www.wowverification.com or something like that. Just for the heck of it I went to the website and punched in a fake email and password. It took it and then asked for some more info.
This web site was very well put together and had links to Bliz sites.
just for safety sake I went and changed my password immediately on Battle.net.
Today I got a whisper From a character named Biizard (with strange symbols over the name) telling me that "there are several complaints against my character and that I needed to varifiy my account at www.wowverification.com or something like that. Just for the heck of it I went to the website and punched in a fake email and password. It took it and then asked for some more info.
This web site was very well put together and had links to Bliz sites.
just for safety sake I went and changed my password immediately on Battle.net.


You should go scan your computer for any virus or malicious software that may have been installed when you visited the website. Many of these sites will secretly download a virus or Keylogger program onto your computer in the background, without your knowledge, so they can capture your passwords or other account information that you may type on the computer, simply changing the password will not help if your computer is already infected. And simply visiting a malicious web site could be enough to infect your computer.
Hey I posted on this forum earlier and just have a question about a certain email I got. the email said my account had been requested for recovery, or something like that, multiple times. I know this is a phishing attempt as it was sent to an email that is no longer asociated with my WoW account.
My question is would Blizzard even send an email to someone if this happened? I don't think that they would if something like this actually happened. If you happen to know that would be great, really I'm just curious.
Hey I posted on this forum earlier and just have a question about a certain email I got. the email said my account had been requested for recovery, or something like that, multiple times. I know this is a phishing attempt as it was sent to an email that is no longer asociated with my WoW account.
My question is would Blizzard even send an email to someone if this happened? I don't think that they would if something like this actually happened. If you happen to know that would be great, really I'm just curious.


I'm not 100% sure, and the words "my account had been requested for recovery" could mean one of 2 different scenarios that I could see happening.

First one, would be trying to recover a deleted character, which I would guess is similar to how changing your account password is handled. (I've never had a deleted toon recovered so I'm not 100% sure how that process works as far as Blizzard correspondence goes.)

Basically you would log on to your wow account via us.battle.net and change your password through the account management page.

Then Blizzard will send you an email to the registered address informing you that the password was changed on your account.

I would assume that when you initiate the process to recover a deleted character, that they would send a similar email "summary" for your records.

The second scenario I could see happening is that someone is trying to gain access to the account in question by requesting a password reset via the "Forgot your password" process. Kind of like you would have to do if your account was hacked and your password changed. However, this would process would likely include direct dialogue with Blizzard Account Management via phone calls in order to verify account ownership before any actual changes were made to the account.


All that said....TLDR; If an "Account Recovery" of any form was initiated there would definitely be some communication about it from Blizzard to the "legal" owner of the account in question............but they would know which email address to send the letter to, and even more likely would require some phone communication as well.
Hey Baloo. thanks for the help. the plot thickens however....

*please re-read my post above to get up to date*

It turns out that the account blocked or messed with actually might not be mine, but connected to me. I play with a friend, and he doesnt have a credit card and I do. I pay his fees - he gives me cash.

Well - when he went to log in, his screen is blank. It happened about a week ago and he hasnt mentioned it for he has been busy. He has a different login and email than me. Is it possible blizzard would email me for a problem with him b/c I am the cc holder?
Hey Baloo. thanks for the help. the plot thickens however....

*please re-read my post above to get up to date*

It turns out that the account blocked or messed with actually might not be mine, but connected to me. I play with a friend, and he doesnt have a credit card and I do. I pay his fees - he gives me cash.

Well - when he went to log in, his screen is blank. It happened about a week ago and he hasnt mentioned it for he has been busy. He has a different login and email than me. Is it possible blizzard would email me for a problem with him b/c I am the cc holder?


Well, Blizzard will send the email to whatever address is registered to the account in question. So, if your email is used for his account, then yes, you will get the email from Blizzard.

Also, what do you mean by "When he logs in, his screen is blank"? Do you mean, you can see the background image but his characters aren't there? If this is the case it sounds like his account may have been compromised and his characters liquidated/deleted.

Now if you mean that his screen is simply black...with no image or anything at all showing on it, it could be a video card problem...however Blizzard wouldn't have any way of telling if you have a video card problem and wouldn't be sending emails about it.

Also, I would HIGHLY recommend that you stop paying for your friends account. He does not need a credit card to play this game. He can go to any local retailer like Target, Walmart, Best Buy, Gamestop, or any other place that sells WoW and he can buy prepaid game cards with cash. I think they offer them in 30 and 60 day options, and they work just like a credit card only when they expire, you just go buy a new one and put the new card number on your account to refresh the time. It works very similar to prepaid phone cards, and will remove your connection to his account, so if anything "bad" happens to his account you won't have to deal with it.
I don't live in the U.S. so the cards arent sold here. He says he is logged in and the screen is blank grey but he can hear the music. And the acct is using his email and passwrod. Not mine. I have given him the cleanup software.

Thanks for the advice!
I don't live in the U.S. so the cards arent sold here. He says he is logged in and the screen is blank grey but he can hear the music. And the acct is using his email and passwrod. Not mine. I have given him the cleanup software.

Thanks for the advice!


Does his screen work when he is just booting up his computer or surfing the internet, but when he opens wow it stops working? If so, can he log onto his account successfully from a completely different computer? (If he goes to your house and uses your computer to log on to his account will it work then?) If that works, it sounds like a video card or driver issue and the email was a coincidence.

I would still have your friend first update his Virus software and scan his computer for a virus or other malicious software that could be conflicting with his system drivers. Scan twice with 2 different scanners if you can, to be sure nothing was missed by the first one.

Change his password from a different computer, just to be safe

Be sure that his operating system is updated with all of the newest hotfixes ("Windows Update", if he's on a windows system).

Update his video card drivers and related software. Sometimes it's beneficial to completely uninstall his video card all together, restart the system and reinstall the card as if it were a new installation, then restart the system again when the install is completed.

Also, if he has recently installed any other hardware or software since the last time he logged on, that could be causing a conflict as well.

"Kaspersky Internet Security Suite," as it is very powerful software and is Updated by Kaspersky


HIGHLY recommended antivirus program i also use. Its expensive in my opinion. Years of experience and testing different antivirus programs from Avas to Microsofts free antivirus program.

Kaspersky has stopped issues before they happen several times. From Email Viruses to website viruses.

I have had problems on occasion where Kaspersky would block blizzards downloader and was not messaged by kaspersky that it was blocking the downloader and had to simply right click the Kaspersky icon to temperaraly pause the protection until the downloader had completed.
Hi Baloo,

another update. His account was hacked. He had to lose his toons and start fresh after a complete computer clean-up.

Me - still fine, but I got the same original email from Blizzard again. I am going to share it. I hope that is ok.

DO NOT USE ANY OF THESE LINKS PEOPLE!

Dear customer,

Due to suspicious activity, your Battle.net account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail Account

After you have secured your computer, check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit our Support page.

Step 3: Restore access to Your account

We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account

If you still have questions or concerns after following the steps above, feel free to contact Customer Support
Sincerely,
The Battle.net Account Team
Online Privacy Policy

Now this part below in bold was hidden at the bottom and only became visible when I highlighted over it to copy and paste.

Message ID qk4fduehc0liko5i7mpvka2wegnnusbcjs6ldcc0idia
Identity ID pffratbl9pbjcre5m6limatcvfec1uerimcfrt0javiw


Looks legit eh?
Allibibak, Please remove the links ASAP, we don't want to perpetuate the problem here....I will read over your post and get back to you soon...but remove those links now.

edit: just erase them completely and put something like this in their place <"BAD LINK HERE"> to show where they were in the email.


03/11/2011 6:55 AMPosted by Allbibak
Looks legit eh?


To the untrained eye I could see how it looks legit, but if you know what you are looking for, this is an obvious fake. Let me explain: The quotes below are the tell tale signs that this is a phishing attempt to steal your account information.

03/11/2011 6:55 AMPosted by Allbibak
Due to suspicious activity, your Battle.net account has been locked. You tried to login your account too many times (403). We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you follow these steps:


The above quote is essentially saying that your account was "locked" because of too many login attempts. But the way they say it is more of an accusation trying to capitalize on scaring you into thinking this is true. A real letter from Blizzard will NEVER have any paragraphs that "Accuse you" of doing something, and they most certainly will NEVER send you an email "Warning you" of anything, rather they will send you an email stating the details of why your account was banned outright.

Furthermore, Blizzard also will never send you an email saying that "They are concerned about whether your account has been stolen." Bottom line is they are NOT concerned about it....if your account is stolen and violates the TOS or TOU, your account will be banned outright with no questions asked, and it will be entirely up to you to contact Account management in order to get your account back. This process will require direct communication with Blizzard most likely via a phone call to the Accounting department, and can take several hours up to several days before your account is recovered while an investigation is initiated.

03/11/2011 6:55 AMPosted by Allbibak
We now provide a secure link for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account:


On to this quote now, First thing to know is that a "secure link" will use the "https://" protocol...this link uses the normal unsecured "http://" protocol....this link is an obvious fake just by looking at that. Also, Blizzard can't tell whether or not you have actually "secured your computer, and your email address."

In the event your account IS actually compromised, you likely will not find out until you try to log in and can't, you won't get an email about it, and you absolutely will NEVER EVER be told to "
03/11/2011 6:55 AMPosted by Allbibak
Please follow this site to restore the access to your account:
.....(that doesn't even sound like English when you read it closely.) Any time your account is compromised YOU will be required to physically initiate the account recovery process, and that can be done by actually calling the Blizzard Accounting Dept so they can verify ownership of the account over the phone.

There is an "account recovery website" that is official, but I would HIGHLY recommend not using this method unless you are using a different computer that is known to be virus free and uncompromised.

Here is the OFFICIAL Account Recovery Website below.....Notice the "https://" secure protocol is used:
https://us.battle.net/account/support/account-recovery.html

If you do decide to use the online recovery form, then you need understand that you should NOT EVER follow any links that are provided in an email to get there. Rather, physically type in the top level domain "us.battle.net" into your browser to ensure you are going to the right place and manually navigate through the website to the account recovery page, do not assume a link provided in an email will take you to the website you think it goes to. Always assume email links are bad, manual navigation is much safer. Plus if you can't find the website using this method, then you'll also know it's a fake. Remember that this should always be handled on a separate computer from the one that is compromised.

Forward all of these suspicious emails to hacks@blizzard.com.
links deleted. Emails forwarded. It looked legit to me, but still made me come here. I appreciate the advice.
What fooled me into reading more was when I changed my password and the email I received from Blizzard notifying me of the change looked exactly the same to my eye.

Now I know better.

Join the Conversation

Return to Forum