Last evening we started getting reports from players about emails they received concerning petitions apparently submitted on their WoW accounts that they know they did not generate.
These were specifically concerning 'removing authenticators'.
Your WoW account should not be in danger from this, since it appears all they were in possession of was an email list.
Now would be an excellent time to consider adding an authenticator of your own if you have not already done so.
Also, think about making an email account exclusively for use with Battle.net. Account names under Battle.net are easily changed by just changing the email address connected to the account.
It also never hurts to do scans of your system, and check to make certain that your email account itself is secure. I would also like to remind you it's NEVER a good idea to reuse passwords between games, websites, applications and your email.
Some of these articles may prove helpful.
Types of Account Thefts
I have a theory that they're doing this in order to test whether or not the e-mail has a valid account attached to it, and whether or not it has an authenticator.
If they find one, I'd bet they'll send e-mail spams in some way or try to troll you through social media.
I have no proof that it's definitely the case, but I did notice that I was suddenly 'followed' on an old twitter account that I created but never used by a "@WarcraftUpdate", which seems to be loaded with suspicious looking links. This seemed to occur within an extremely close window of that ticket being opened. I don't have a Facebook account or anything else like that so I couldn't tell if it could have been anywhere else as well.
If you find yourself suddenly receiving new e-mails or follows on social media from shifty looking parties, be wary of them and report them to the owners of that particular service.
Those are very good points Donn, and although I have no idea what their 'plan' might be for this, that's entirely plausible.
Every player always needs to be on the lookout for such things. Social engineering is indeed one of the chief ways they come into account information.
Let me just pop this link up for those that may not be entirely familiar with how to spot a fake email.
How to Identify Fake or Phishing Emails
Edited by Boxerone on 8/12/11 6:50 PM (PDT)
Here is one method that I use to figure out fake or phising emails:
Blizzard normally doesn't send emails with 'Hello'. They almost always used 'Dear xxx' or some more professional affiliation. Thats a first sign to catch. Blizzard doesn't use broken english. (well most of the time but you will know that email is legit)
Also, remember if its too good to be true then it probably is. I don't click any links, I personally go to the website by the means that I know to confirm state of things if I need to.
In any case, NEVER panic no matter how bad situation looks.