Phishing Example: Diablo 3 | Battle.Net | Blizzard | World of Warcraft | Starcraft | Etc.

I've recently gotten an email in my gmail inbox where the sender (a.k.a. "Scumbag") is attempting to sucker me out of my Battle.net login credentials by pretending to be sent from Blizzard Entertainment themselves. Of course, par for the course, the email portrays a sense of relative impending doom (to your account) and you must hurry and confirm that you're the original owner of the account. Below is a paste of the actual email:

I've highlighted some of the things in this email to pay attention to if you should receive this or any other similar email that you may be unsure of, to help you learn to identify phishing attempts.

The highlight above shows that the email was sent from the "email.com" domain. Blizzard Entertainment would not be sending their email messages from there, they'd be using one of their official (and known) domains. But still, that can be faked as well, so don't solely rely on this one piece of information ...

Also, notice that they included a link (in blue) that they want you to click on in order to "confirm your account". Don't blindly assume that just because the link text looks ok that the actual URL it links to is OK, or even the same destination, because in this case, it's not.

 

Next thing to notice is the cz.org and [email protected] apparent sender in the source code of the message, which in Gmail can be seen by clicking on the drop-down arrow on the Reply button to the right of the message's date and selecting "Show Original".

The big block of yellow towards the bottom is the actual message, encoded as Base64 in an attempt to mask where the link in the message that they want you to click on actually takes you.

 

After selecting, copying and pasting the encoded Base64 message and decoding it in an online Base64 Decoder you can see what the actual message is. Highlighted in yellow is the actual URL that the blue text link takes you to if you click it. Obviously this is not the real Blizzard Entertainment website, even though they've tried a little bit to confuse you by adding the "diablo.net" to the URL. In actuality the URL is "eu.diablo.net.sw-login.in" ... an India domain ... (.in). Blizzard is an American company. In green you can see the link text that was used to try and fool you.

These are not all of the tricks phisher's use to try and steal your account info, for anything, not just games, but just a couple. With a little practice you'll easily be able to tell any phishing attempt quickly at a glance. If you're ever confused or unsure simply ignore clicking on any link within an email and manually type the website's URL into your browser and login that way. If the email notice was legitimate you're most likely see some sort of notice right there in your online account. You could also contact their support via their website contact links and ask them, mentioning the email that you received, which has the added benefit of alerting them to the current phishing attempt going around so that they can better protect you and others, as well as alert the proper authorities.

Also, if you should positively come across a phish attempt in your email box, please don't simply ignore and delete it, if your email provider offers something like "report phishing attempt" like Gmail does (found in the same place as the "Show Original" is) please report it. It only takes a split second and helps everyone.

Read More ...