Got this in the mail

85 Human Paladin
4805
Here the full header:
From noreply@blizzard.com Tue Dec 14 14:19:08 2010
X-Apparently-To: via 76.13.9.78; Tue, 14 Dec 2010 06:18:49 -0800
Return-Path: <removed>
X-YahooFilteredBulk: 222.233.52.80
Received-SPF: none (mta1002.mail.sk1.yahoo.com: domain of <removed> does not designate permitted sender hosts)
X-YMailISG: oQe4o_YcZAoxOZza_0fCm7y.oQv1PgAYY8Su931Ipxxa5lYM
SxNKweSCshcwW8xzHxqYwpteqZXX3iVwnJ56kfqSRZHODNWHOS8GSh_zwbv0
SbwjGuJms9cm0a4W0vb5JlDf8OnnWKbdSkbz8TzsIqy71j8dWMb9OE0cYnS3
4PpjA3uXGRl6TGiWlERSJ9NaW_YVydzvnAQzYd_kTUYAawGSJz_WGAj3rQUL
Ozc9.tNNDxM4x9pctlZEbdNh8OOJ6HXNcgJ.D3h90dIw0u8iylfj87HbBQaS
vQRltHBviy2xfA7I2wYM6yslZW6fSZm.phQAK44lDbNOqpn4vSdNQEOFTlND
dodsl0Z2WM6CLj.DiU2rsmvJc4znzv_YjfGQmJyso0eRaNzJ4pNye0s7qmj9
FyvWAeTXKFSIHrRzhRXzCuIhpoKpvRWiMqDyrnt2_QL3O8ml8.suzBLKI9Xg
onxRTD1zE7bIWuQikZcn5lWaPaZqrO6qaamvjGY2qL3TAtLcRg52urpbhzN3
rt9aZZzMFGF_4z__xBaeX8AErk.nL6Qcy6k4_W3spQ9RaaPZkLn8Ff99fjNp
rCxd9XW3vP7D6Pink6NBGI3QcbszNs8tCwzI3vU6GWlxkkddS.CnDzsKpewA
poMigKB9XM1cD7Vj8GFDHdAnBvy20jLr7tVq7mppRDjtbSq9QdpKiFCUYx3b
vFkRkwgUhWapgE1hWxiuuSHgr8CkIITCfsGUsLPC2svq1SKYkkAlAHlqtV0l
p1VdftqtmszIhexre8eMUO6laO85LCcHs.boOGIL3CrCo5WKjQrA8pi9kQ7x
_CJ8dOAsm7bzE9B5dtDI4tUl6RTxOdH5fJDPTjDR1hpnSKIae7Y2LsLFSY9R
zlRsUo0vivdj3vpGzQuk1MdlB_5nRJWtENoeAsoRzWumXpR76sZ0hpDsjUMh
TJKWAZJwApmlPJkENNlmawhhNhkqXzUmsfX2DUcTyrR4hnFWWylsMzmLHDJz
0X1VFeClJpZyW6TBpHYrFSLUrnb9UZLvJgdjm4cymSa0Da1jp4UHUSDWz2lG
0hq58v73hsGOXqVGVq3Yo_g1xX5b3RoB8nqu5B6iTkvAn0h88QD1Che8coil
ktg3RyujappEpfh7uIE0LYUz09PlgSY_2M70uap0hnykXomWTQAYqlv0M_IR
gklkSHR90nTNNbqEjhUp41lpXzMz53wxeQlRcL8tNlOH5yPE9LICNvbA9qPp
bGYQIAVegJR5qouSj9yqCr9tPRqZa8fElan06MBpMimn8KGdOyZZkvnocnqA
O6CHF80KTWdFxhbDDrojf8vR7S9TXHEk
X-Originating-IP: [222.233.52.80]
Authentication-Results: mta1002.mail.sk1.yahoo.com from=blizzard.com; domainkeys=neutral (no sig); from=blizzard.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO zrvwjn.com) (222.233.52.80)
by mta1002.mail.sk1.yahoo.com with SMTP; Tue, 14 Dec 2010 06:18:49 -0800
Message-ID: <8B6AF790379E9B6E5ACA5B8F057EAD11@zrvwjn.com>
From: "noreply@blizzard.com" <noreply@blizzard.com>
To:
Subject: Battle.net Account - Account security
Date: Tue, 14 Dec 2010 22:19:08 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0994_01E48F1D.10E5B040"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Content-Length: 5547

Here the message:

Hello,

This is an automated notification regarding your Battle.net account. Some or all of your contact information was recently modified through the Account Management website.

*** If you made recent account changes, please disregard this automatic notification.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Restore access to Your account

We now provide a secure website for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: <removed>

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

Sincerely,
The Battle.net Account Team
Online Privacy Policy
Edited by Harlsoco on 12/14/2010 8:40 AM PST
85 Blood Elf Priest
7570
Received-SPF: none (mta1002.mail.sk1.yahoo.com: domain of <removed> does not designate permitted sender hosts)
Bolded part for clarification. FAKE.
Edited by Harlsoco on 12/14/2010 8:41 AM PST
Support Forum Agent
Yes, the email is indeed a phishing attempt, Alanthor. Thank you for posting the email headers as well!

You are more than welcome to forward this email, along with the header information if you have not done so already to our Hacks team: hacks@blizzard.com.

Did you click on any of the links in the email, by chance?
83 Gnome Rogue
910
I know I'm not the one you're asking, but I wanted to ask. My friend clicked on one of the links (Since he also got the email in question) but the Firefox warning page of 'This page isn't safe' popped up with a link to continue. He didn't. Would he still be safe since he didn't go to the actual page?
Edited by Equenoxil on 12/14/2010 8:47 AM PST
85 Blood Elf Paladin
4920
He will most likely be safe as the browser didnt go to that site yet. But it never hurts to use a virus scan.
83 Gnome Rogue
910
Thank you, I'll tell him to do so.
83 Tauren Shaman
1865
Usually, if you hover over links in emails, the site it will send you to if you click the link is displayed. In these fake emails, the displayed URL (site) will not be a battle.net address, thus showing you it's a scam email.

The way I tell my less tech-savvy friends to keep from getting hacked, is that if you get an email that appears to be from Blizzard, open a web browser, go to worldofwarcraft.com and check your account settings. If something seems amiss there, you have a problem, if not, you were getting phished.
85 Human Paladin
4805
12/14/2010 8:42 AMPosted by Harlsoco
Yes, the email is indeed a phishing attempt, Alanthor. Thank you for posting the email headers as well!

You are more than welcome to forward this email, along with the header information if you have not done so already to our Hacks team: hacks@blizzard.com.

Did you click on any of the links in the email, by chance?


No I didn't click on any of this links. :)
Support Forum Agent
I am glad to hear it, Alanthor. Thanks for the update! :)
29 Worgen Warrior
150
I too got a chain of 3 e-mails that lead up to this one. The first one was about the real news website hacks with their commenting system. The second was an informational one spoofed as Blizzard saying I'd been reset, and the third one you see as posted by the OP saying what to go do.

Worth reporting that I could forward the first 2 to the hacks@blizzard e-mail but for some reason the 3rd one would just auto send without me being able to designate who or put something in the body (it was strange).

So just to those out there who think this is more legit because its in multiple parts it is NOT. Still phishing and you probably should verify on your account manually (NOT clicking the links in the e-mail), reset your password on your own (NOT clicking the links in the e-mail) just for good measure, and report what you can to Blizz (NOT clicking on any of the links in the e-mail).

If you did click on any of the links in the e-mail report it immediately.

Thanks,
~J
Edited by Tormas on 12/14/2010 11:28 AM PST
I was recently also hit with a similar email. In addition to that, someone attempted to reset my account password, though they appear to be unsuccessful.

I'm a little concerned, to be honest, but at least they weren't successful.
85 Blood Elf Rogue
6775
I do have to admit my surprise at the fact Gmail did not flag this as spam or as a suspicious email. Every single Blizz phishing email I have gotten over the years it has flagged as one or the other (or both). To be honest I was down right impressed at its accuracy of flagging them, and letting legit Blizz emails through. The fact this one made it by that actually almost caught me off guard, but as a former IT Security specialist I am never too careful! (and this was a polite reminder why!)
83 Draenei Death Knight
2110
Yeah, I got the same email chain. First Gawker Network asking for password resets, then from noreply@Blizzard. I didn't click the link they gave, but I did go to my account and changed my password. I also ran several different scans to make sure. Still paranoid, will do scans again when i get home.
100 Tauren Warrior
8780
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtTQ0w9Mw==
X-Message-Status: n
X-SID-PRA: noreply@blizzard.com
X-DKIM-Result: Pass
X-AUTH-Result: PASS
X-Message-Info: JGTYoYF78jGBcAljEIdFxw2weibjLpaI5fD1DoWeGkppMzGG9/8Ri9zUK/k3TrkjSU8+5az9EQjwGGsJ021JWEjxAJ7yxZr4KznYvH4lcyshzjbjJtVXXw==
Received: from mx2.blizzard.com ([12.130.201.10]) by BAY0-MC4-F33.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 13 Dec 2010 21:06:40 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=blizzard.com; i=noreply@blizzard.com; q=dns/txt;
s=mail; t=1292303200; x=1323839200;
h=from:to:cc:subject:date:message-id:mime-version:
content-transfer-encoding;
z=From:=20<noreply@blizzard.com>|To:=20<REDACTED>|CC:|Subject:=20Account=20Security=20Alert:=20
Password=20Reset|Date:=20Mon,=2013=20Dec=202010=2021:04:3
7=20-0800|Message-ID:=20<29bfda01cb9b4c$67f65dd0$3d012c0a
@yourjvrgp4jtdb>|MIME-Version:=201.0
|Content-Transfer-Encoding:=20quoted-printable;
bh=8tvuBFmWGD0nzDbKsRftA8POZnhM2VwuEp2rQeIhrKA=;
b=aGmwm7eOb3wCQUkr71S7q/qTB4Lm8QHap9qJ+B6UtS11JOcNKe9n/6RR
3puqXhPy+AP4i80nzFwhKFhHlk2trDwMLXUK+R9mQi1X88w6FzdQJQQN1
YCvme5RjRRkmCxa1nN86kZLjSns5zyLsxhAzzQcq4DK9D65IztXm6CIht
0=;
X-IronPort-AV: E=Sophos;i="4.59,340,1288594800";
d="scan'208";a="28163508"
Received: from irvex203.corp.blizzard.net ([10.130.14.23])
by mx2.blizzard.com with ESMTP; 13 Dec 2010 21:06:40 -0800
Received: from IRVEX012.corp.blizzard.net (10.130.0.217) by
IRVEX203.corp.blizzard.net (10.130.14.23) with Microsoft SMTP Server (TLS) id
8.2.254.0; Mon, 13 Dec 2010 21:06:40 -0800
Received: from yourjvrgp4jtdb (10.44.1.61) by Smtp.blizzard.com (10.130.0.214)
with Microsoft SMTP Server id 8.2.254.0; Mon, 13 Dec 2010 21:06:40 -0800
thread-index: AcubTGf2lvZtFSuGQqe9ZH3kgm91Yg==
Thread-Topic: Account Security Alert: Password Reset
From: <noreply@blizzard.com>
To: <Redacted>
CC:
BCC:
Subject: Account Security Alert: Password Reset
Date: Mon, 13 Dec 2010 21:04:37 -0800
Message-ID: <29bfda01cb9b4c$67f65dd0$3d012c0a@yourjvrgp4jtdb>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Return-Path: noreply@blizzard.com
X-OriginalArrivalTime: 14 Dec 2010 05:06:40.0607 (UTC) FILETIME=[B1630EF0:01CB9B4C]



Greetings!

We’ve recently been informed that several Gawker Media websites have been compromised. These websites include Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, Deadspin, and Fleshbot. To help minimize the effects of this compromise and help keep your Battle.net account safe and secure, we’ve reset your account password. To complete the password reset, please log into Battle.net Account Management (https://us.battle.net/account/management) and follow the provided instructions.

If you are a registered commenter for any of these sites and used your Battle.net email address to sign up with Gawker Media, we also recommend that you update your Battle.net address as soon as possible via Account Management. If you are unable to complete this step or the password reset on your own and believe your account may be compromised, please contact our customer support staff by using the Account Recovery form (https://us.battle.net/account/support/account-recovery.html) and be sure to check out our Account Security Awareness guide (http://us.battle.net/en/security/) for additional security tips and suggestions.

For more information about this situation, please visit Gawker Media’s official announcement (http://gawker.com/5713056/gawker-security-breach-were-here-to-help) or Lifehacker’s comprehensive FAQ (http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media).


Regards,
Blizzard Entertainment


Posting email to confirm validity.
29 Goblin Rogue
90
Yeah, that's the one i got, talking about Gawker and saying my pass was already reset. I'd really like to know if it was also a scam or not.
90 Blood Elf Paladin
8155
I also received the same message that Kibaookami received as well as one that stated that there had been a password reset request made, and would like to know if both are just junk.
22 Night Elf Hunter
0
Here's my question though--

I tried to log in last night from my hotel in Sapporo, and wow told me that my account had been locked 'due to suspicious activity'. I then got an email from noreply@Blizzard saying I should change my password.

I'm assuming this was legit, since changing my battle.net password with the link allowed me to log in to wow once again. I'm running a full virus scan just in case, but I really don't want to change my passwords a second time after gawker.
90 Gnome Mage
13445
I just make it a policy to never, ever click any link in the emails. Legit or not, if for some reason I need to change my password, or I think an email may be real, I manually go to the battle.net page in a new tab and do it myself.

I also got the Gawker Media thing and am curious if that's legit or not, because I fear a number of my friends did click on it.
82 Human Hunter
1325
Easiest way is to log into battle.net (https://us.battle.net/account/management) and see if any changes were made (don't click the links in the email - even if it is legit)
This topic has expired. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]