Phishing is when a hacker tries to fool you into giving away your account information, which lets them log into your account and cause havoc. Phishing scams can take many forms—fake websites, bogus emails, and threatening in-game whispers are the most common types.
If you're worried you may be the victim of a phishing scam, follow the steps on our Account and Computer Security page to make sure your account is secure. You should also consider attaching a Battle.net Authenticator for an added layer of security.
Don't just trust a site based on how it looks—scammers can make fake websites that look official. Blizzard Entertainment keeps two major domains: blizzard.com and battle.net. If someone who claims they're with Blizzard asks you to log into a site that isn't on either of these domains, you should be skeptical. Logging into a fake website with your Battle.net account information will jeopardize your account's security.
Want to see whether or not a specific address is a scam? Check PhishTank, where many commonly reported scam sites are listed.
Just like a hacker can fake a website, they can also fake an email to make it look like it's from Blizzard. Often, phishing emails will be fake promotions that give you something for free (so long as you log in and "claim" the thing) or threaten account suspension (which you must prevent by logging in and "confirming" some bit of account information).
Email from Blizzard Entertainment will come from one of two domains: @blizzard.com or @battle.net. If you get an email from someone claiming to be with Blizzard that isn't from one of these domains, you should be cautious. Even if the email appears to come from one of these two domains, it might still be fake—hackers can make emails look like they came from somewhere else. To be absolutely sure, check the email's headers to see where it actually came from.
If you receive a phishing email, please forward it to firstname.lastname@example.org. When you forward the email, copy and paste the entire email header into the message body so we can identify its source.
Threatening In-Game Whispers
Game Masters have a blue tag next to their name in-game. If the tag isn't there, but the person you're talking to claims to be with Blizzard, it's a phishing attempt. Please report players who try to trick you this way. Reporting them to us ensures we know to take action against the scammer and has the added benefit of putting them on a temporary ignore list so you can keep playing without spam.
- Watch for bad grammar and spelling. Phishing messages usually have simple mistakes that someone writing professionally wouldn't make.
- Don't reply to emails that ask for your account information. Blizzard won't need to confirm account details through email (unless you're talking with a Game Master about a ticket you opened).
Article ID: 300737