Users of popular Massively Multiplayer Online (MMO) games such as World of Warcraft have often been targets. Attackers will farm e-mail addresses from several different websites that may have been compromised such as online gaming forums. I received this phishing e-mail several years ago and wanted to explain why it is suspicious. Initially what caught my eye was the bad grammar and incomplete sentences. This e-mail is a shot in the dark for the spammer which is made obvious because of the lack of specificity. I will attempt to break down all of the red flags.
1) The e-mail address may not seem suspicious to the recipient but for a company such as Blizzard with several different intellectual properties it is hard to believe that the company uses a separate e-mail address for each one.
2) This claims to be an automated response, however, it does not clearly explain the purpose of the e-mail or why the account violated the EULA to begin with.
3) This section was intended to scare the recipient due to the tone, however, the grammatical errors make it difficult for this to be taken seriously. Also the recipient of the e-mail is asked to verify account ownership but does not give a good reason as to why!
4) This part of the e-mail states that the recipient will need to verify account ownership, wasn’t this mentioned a few lines above? A company with millions of subscribers would never make this mistake! The spammer obviously did not put much thought into this and it shows!
5) This URL is obviously not from Blizzard
6) Another scare tactic designed to get the user clicking, however, if the recipient has read this far then there is probably some doubt anyway.
7) Company name is misspelled, an obvious tell tale sign that this is a fake.
Header text of phishing e-mail:
Upon examining the message headers, I noticed that the originating IP is from mainland China, doing a GEO IP lookup has confirmed this.
How do I know the message is really from the sender in question?
- Look for the green shield! Many legitimate companies are identified as a trusted sender, meaning they are vetted by the e-mail provider being used by the recipient.
- An example of a green shield:
- If in doubt do not click on any links in an e-mail, instead visit the vendor’s website directly and look for the green bar or https text in the URL field of the browser.