Main Blizzard's Security Commitment Security Checklist Types of Account Thefts Help!
Return to Battle.net 		 

Types of Account Thefts

The first question on the minds of most account theft victims is, "How did this happen?" It's a good question, and answering it is the first step in regaining control of your account and plugging any security holes that may exist.

Should your account have been compromised, the following list of types of account theft should help shed some light on how your account was stolen and what steps you can take to prevent any further damage.

Sharing Account Info

Solution

Avoiding this kind of theft is easy: just don't share your info. If you did share your information with someone else and you now suspect that your account has been stolen, change your password immediately to avoid any further damage. Also, do not log on from someone else's computer. Even if you practice perfect Internet security at home, you'll waste all that effort if you log on from a friend's machine that has been compromised.

The simplest form of account theft occurs when a user willingly shares login information with another player. This person may be someone you know and trust in real-life, or someone using a tactic called "social engineering" to get your information.

Sharing your account info is simply a bad idea.

Phishing Emails

Solution

The best way to avoid becoming a victim of a phishing attempt is to exercise caution when receiving any kind of information purporting to come from Blizzard. If an email asks for your password, makes urgent appeals, sounds too good to be true, or links to "account management" sites outside of Blizzard's sites (you can find a list of all official Blizzard domains here), you are dealing with a phishing attempt. Add the sender to your "blocked senders" list, forward the email to hacks@blizzard.com, then delete the email. If you believe you have recently fallen victim to a phishing attempt, change your password immediately.

The practice of "phishing" is the most common strategy used by account thieves. Many cases of people claiming they were "hacked" can actually be traced back to phishing schemes. These emails and websites pretend to be official Blizzard Entertainment communications to trick you into willingly handing out your login information. Here are some signs that you may be dealing with a phishing attempt:

  • Phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password.
  • Phishing emails will make urgent appeals in regards to your account being under investigation for hacking/cheating and ask that you provide personal information to avoid these penalties.
  • Phishing emails and websites may also make offers that seem too good to be true, such as early entry into Blizzard Entertainment beta tests, special promotions, etc.
  • Phishing emails frequently contain grammatical and/or spelling mistakes. If you can spot obvious typos and grammatical/syntactical errors, you are likely dealing with a phishing email.
  • Some phishing emails do not request personal information but instead link to fake websites that look exactly like Blizzard's account management websites. Check to make sure your browser's phishing filter is activated.
  • Some phishing emails will mask, or "spoof" their sending address, making it appear as though the emails are being sent from Blizzard Entertainment. Check the email's header information to verify the sending address.
  • Be aware of in-game mails or whispers that impersonate Blizzard or Blizzard employees.

Find out how to spot phishing emails by looking at these examples:

Close X

Sample Mail 1

From: "WoWAccountAdmin" <WoWAccountReview@blizzardadmins.net1>

Greetings,

It has come to our attention that you are trying to sell or trade your personal World of Warcraft account. As you may or may not be aware of2, these actions conflict with the EULA and Terms of Service (TOS) of Blizzard Entertainment and World of Warcraft. If upon further investigation you are indeed attempting to obtain monetary profit against the TOS agreement3, your account can and will be disabled. Blizzard has the right to consider legal action if necessary, based on the severity of the action.
If you hope to avoid account suspension4 you should verify your personal possession of the account in question. We at Blizzard Entertainment take infractions of the TOS quite seriously and we must confirm the original ownership of the account. This is easily done by supplying your account information below.
Please use the following template below to verify your account and information via email.
- Account Email:
- Account Password:5
If you ignore this communication your account can and will be closed permanently due to suspicions of alternative ownership. We ask that during the investigation you give approximately twenty-four hours of inactivity after sending a response email. This should provide enough time for Blizzard to confirm your identity and that the TOS are being followed as outlined.

Blizzard Entertainment Inc
Account Administration Team
P.O. Box 18979, Irvine, CA 92623
Regards,

Krondel
Account Recovery Team
Blizzard Entertainment Inc.
1
Official Blizzard support emails will ONLY come from @Blizzard.com or @Battle.net. Also keep in mind that email addresses can be disguised as official ones. Check the email header to see where the email really came from.
2
Official Blizzard mails will never feature such a blatant lack of style.
3
Again, watch for bad grammar and style as indicators of fake emails.
4
Note the stilted wording. The blind grasping for words. The horror. The horror.
5
Blizzard emails will NEVER ask you for your password. Never ever ever. EVER.
Close X

Sample Mail 2

Greetings,

An investigation of your World of Warcraft account has found strong evidence that you are eligible for an account upgrade. You are eligible for the Wrath of the Lich King Beta. To sign-up and get your download please visit our website at this special link:1 http://worldofwarcraft.com/login This process usually last's2 one week. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,

Account Administration
Blizzard Entertainment
1
Appearances can be deceiving. Even though the URL looks harmless, it could actually redirect to a phishing website (which is often indistinguishable from the real thing, in this case, a copy of worldofwarcraft.com). Even hovering over the link may not betray its true destination. It bears repeating: as a general rule, don't click on links in emails.
2
Mistakes such as this easily betray a phishing email's true colors. (In this case, mauve.)
Close X

Sample Mail 3

In attention of our World Of Warcraft customer,

Our automated security systems have indicated that access to your online account was temporarily blocked due to to repeated login failures. Our logs indicate that your account received 20 authentication failures during this time. It is most probable that your account was subject to malicious attack through automated brute forcing techniques. While World Of Warcraft were able to successfully block this attack, we would recommend that you ensure that your password is sufficiently complex to prevent future attacks. You must click the link below1 and enter your password on the following page to confirm the reactivation of your account.

http://www.worldofwarcraft.com2

- Verify that your contact information is accurate and update it if necessary.
- Create a new, not-easily guessed, secure personal password; an example of this may include letters and numbers.
- Please be sure to scan the computer system you are using to remove all viruses, Trojan files, and key loggers.
- Maintain safe Internet practices and safeguard all World of Warcraft account information for the most secure gaming experience.
1
Don't EVER click on the link below. Okay, nobody's perfect, we've all accidentally clicked on a link. But if you do click on a link like this one, please CLOSE THE BROWSER immediately and DON'T give them your login information.
2
Appearances can be deceiving. Even though the URL looks harmless, it could actually redirect to a phishing website (which is often indistinguishable from the real thing, in this case, a copy of worldofwarcraft.com). Even hovering over the link may not betray its true destination. It bears repeating: as a general rule, don't click on links in emails.
We will never ask for your password in an email.

Gold Sellers and Leveling Services

Solution

Do not buy gold, and do not solicit power levelers. Frankly, their services are not worth the money or the headache of potential credit card theft, not to mention a permanent ban if you are caught. Factor in the fact that supporting them means making the game worse for everyone, and it becomes clear that what they are offering simply isn't worth it. Read more about the adverse effects of buying gold here.

Gold sellers and leveling services are responsible for the vast majority of all account thefts, and they are the number-one source of World of Warcraft-related phishing attempts, spyware, and even credit card theft. Players who buy gold actively support spam, hacks, and keyloggers, and by doing so diminish the gameplay experience for everyone else.

If you buy gold, you support a major source of spam, hacks, and keyloggers.

Malicious Add-ons

Solution

Be extremely careful when downloading and installing game add-ons. If an add-on asks that you download an executable file, cancel the download immediately. If you believe you have recently fallen victim to a malicious add-on, immediately have your anti-virus software run a full system scan, then change your password.

Some hackers try to turn our community's very creativity against them by injecting computer viruses and other malware (including keyloggers) into otherwise legitimate player-made add-ons. At the very least, this can break your game installation; at the worst, it can lead to irreparable damage to your computer, financial consequences due to credit card theft, or even real-life identity theft.

Use caution when you download and install add-ons.

Malicious Websites

Solution

The most important thing to avoid becoming a victim of a malicious website is to make sure your browser and anti-virus software are up-to-date. Carefully examine any and all links you are presented with, even from close friends. If you believe you have recently fallen victim to a malicious website, immediately have your anti-virus software run a full system scan, then change your password.

Malicious websites target your browser's weak spots by attempting to install harmful software on your computer, with end results similar to malicious add-ons. These sites may be obvious, or they may be designed to look exactly like a Blizzard website. One easy way to tell is by looking closely at the site's URL. If it's not a Blizzard URL but the site claims to be official, you are probably dealing with a malicious website. You can find a list of all official Blizzard domains here.

Always keep your browser and anti-virus software up-to-date.

Language:
English (EU)

Need Help?
Support Site
Learn how to
protect your account
Online Privacy Policy | Blizzard Terms of Use
©2010 Blizzard Entertainment, Inc. All rights reserved.