Got this in the mail

Customer Support
Here the full header:
From Tue Dec 14 14:19:08 2010
X-Apparently-To: via; Tue, 14 Dec 2010 06:18:49 -0800
Return-Path: <removed>
Received-SPF: none ( domain of <removed> does not designate permitted sender hosts)
X-YMailISG: oQe4o_YcZAoxOZza_0fCm7y.oQv1PgAYY8Su931Ipxxa5lYM
X-Originating-IP: []
Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
Received: from (EHLO (
by with SMTP; Tue, 14 Dec 2010 06:18:49 -0800
Message-ID: <>
From: "" <>
Subject: Account - Account security
Date: Tue, 14 Dec 2010 22:19:08 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Content-Length: 5547

Here the message:


This is an automated notification regarding your account. Some or all of your contact information was recently modified through the Account Management website.

*** If you made recent account changes, please disregard this automatic notification.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play. In order to guarantee the legitimacy of your account, we need you follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Restore access to Your account

We now provide a secure website for you to verify whether you have taken the appropriate steps to secure the account, your computer, and your email address. Please follow this site to restore the access to your account: <removed>

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

The Account Team
Online Privacy Policy
Received-SPF: none ( domain of <removed> does not designate permitted sender hosts)
Bolded part for clarification. FAKE.
Yes, the email is indeed a phishing attempt, Alanthor. Thank you for posting the email headers as well!

You are more than welcome to forward this email, along with the header information if you have not done so already to our Hacks team:

Did you click on any of the links in the email, by chance?
I know I'm not the one you're asking, but I wanted to ask. My friend clicked on one of the links (Since he also got the email in question) but the Firefox warning page of 'This page isn't safe' popped up with a link to continue. He didn't. Would he still be safe since he didn't go to the actual page?
He will most likely be safe as the browser didnt go to that site yet. But it never hurts to use a virus scan.
Thank you, I'll tell him to do so.
Usually, if you hover over links in emails, the site it will send you to if you click the link is displayed. In these fake emails, the displayed URL (site) will not be a address, thus showing you it's a scam email.

The way I tell my less tech-savvy friends to keep from getting hacked, is that if you get an email that appears to be from Blizzard, open a web browser, go to and check your account settings. If something seems amiss there, you have a problem, if not, you were getting phished.
12/14/2010 8:42 AMPosted by Harlsoco
Yes, the email is indeed a phishing attempt, Alanthor. Thank you for posting the email headers as well!

You are more than welcome to forward this email, along with the header information if you have not done so already to our Hacks team:

Did you click on any of the links in the email, by chance?

No I didn't click on any of this links. :)
I am glad to hear it, Alanthor. Thanks for the update! :)
I too got a chain of 3 e-mails that lead up to this one. The first one was about the real news website hacks with their commenting system. The second was an informational one spoofed as Blizzard saying I'd been reset, and the third one you see as posted by the OP saying what to go do.

Worth reporting that I could forward the first 2 to the hacks@blizzard e-mail but for some reason the 3rd one would just auto send without me being able to designate who or put something in the body (it was strange).

So just to those out there who think this is more legit because its in multiple parts it is NOT. Still phishing and you probably should verify on your account manually (NOT clicking the links in the e-mail), reset your password on your own (NOT clicking the links in the e-mail) just for good measure, and report what you can to Blizz (NOT clicking on any of the links in the e-mail).

If you did click on any of the links in the e-mail report it immediately.

I was recently also hit with a similar email. In addition to that, someone attempted to reset my account password, though they appear to be unsuccessful.

I'm a little concerned, to be honest, but at least they weren't successful.
I do have to admit my surprise at the fact Gmail did not flag this as spam or as a suspicious email. Every single Blizz phishing email I have gotten over the years it has flagged as one or the other (or both). To be honest I was down right impressed at its accuracy of flagging them, and letting legit Blizz emails through. The fact this one made it by that actually almost caught me off guard, but as a former IT Security specialist I am never too careful! (and this was a polite reminder why!)
Yeah, I got the same email chain. First Gawker Network asking for password resets, then from noreply@Blizzard. I didn't click the link they gave, but I did go to my account and changed my password. I also ran several different scans to make sure. Still paranoid, will do scans again when i get home.
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtTQ0w9Mw==
X-Message-Status: n
X-DKIM-Result: Pass
X-Message-Info: JGTYoYF78jGBcAljEIdFxw2weibjLpaI5fD1DoWeGkppMzGG9/8Ri9zUK/k3TrkjSU8+5az9EQjwGGsJ021JWEjxAJ7yxZr4KznYvH4lcyshzjbjJtVXXw==
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 13 Dec 2010 21:06:40 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt;
s=mail; t=1292303200; x=1323839200;
X-IronPort-AV: E=Sophos;i="4.59,340,1288594800";
Received: from ([])
by with ESMTP; 13 Dec 2010 21:06:40 -0800
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 13 Dec 2010 21:06:40 -0800
Received: from yourjvrgp4jtdb ( by (
with Microsoft SMTP Server id; Mon, 13 Dec 2010 21:06:40 -0800
thread-index: AcubTGf2lvZtFSuGQqe9ZH3kgm91Yg==
Thread-Topic: Account Security Alert: Password Reset
From: <>
To: <Redacted>
Subject: Account Security Alert: Password Reset
Date: Mon, 13 Dec 2010 21:04:37 -0800
Message-ID: <29bfda01cb9b4c$67f65dd0$3d012c0a@yourjvrgp4jtdb>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
X-OriginalArrivalTime: 14 Dec 2010 05:06:40.0607 (UTC) FILETIME=[B1630EF0:01CB9B4C]


We’ve recently been informed that several Gawker Media websites have been compromised. These websites include Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, Deadspin, and Fleshbot. To help minimize the effects of this compromise and help keep your account safe and secure, we’ve reset your account password. To complete the password reset, please log into Account Management ( and follow the provided instructions.

If you are a registered commenter for any of these sites and used your email address to sign up with Gawker Media, we also recommend that you update your address as soon as possible via Account Management. If you are unable to complete this step or the password reset on your own and believe your account may be compromised, please contact our customer support staff by using the Account Recovery form ( and be sure to check out our Account Security Awareness guide ( for additional security tips and suggestions.

For more information about this situation, please visit Gawker Media’s official announcement ( or Lifehacker’s comprehensive FAQ (

Blizzard Entertainment

Posting email to confirm validity.
Yeah, that's the one i got, talking about Gawker and saying my pass was already reset. I'd really like to know if it was also a scam or not.
I also received the same message that Kibaookami received as well as one that stated that there had been a password reset request made, and would like to know if both are just junk.
Here's my question though--

I tried to log in last night from my hotel in Sapporo, and wow told me that my account had been locked 'due to suspicious activity'. I then got an email from noreply@Blizzard saying I should change my password.

I'm assuming this was legit, since changing my password with the link allowed me to log in to wow once again. I'm running a full virus scan just in case, but I really don't want to change my passwords a second time after gawker.
I just make it a policy to never, ever click any link in the emails. Legit or not, if for some reason I need to change my password, or I think an email may be real, I manually go to the page in a new tab and do it myself.

I also got the Gawker Media thing and am curious if that's legit or not, because I fear a number of my friends did click on it.
Easiest way is to log into ( and see if any changes were made (don't click the links in the email - even if it is legit)

Join the Conversation

Return to Forum