I was nearly a victim of a battle.net email phishing scam.

Yesterday I very nearly became the victim of an email phishing scam that attempted to steal my battle.net account. If it had succeeded, the fraudsters would not only have gained control of my account, but they would have had access to personal details such as my date of birth and home address, and possibly even my credit card payment details.

The thing is, I never expected to be one of those people who get taken in by these things. I’ve received fraudulent emails before, but they were always obvious, full of errors in spelling and grammar, and just sounding, well, dodgy. So it alarmed me how easily I was nearly fooled this time.

Here is how it worked:

I received an email, appearing to come from from Blizzard, informing me that they had ‘strong evidence’ my account was being illegally traded. It went on, using legalistic terms, to explain that my account was being investigated and might be closed. I would have to take action by logging into my account to verify that I am, indeed, the owner.

Perhaps I wouldn’t have been taken in by this if I hadn’t recently had difficulty accessing my account. I had tried to log in the day before using an iPad app but could only access limited areas. As a result I already had concerns which leant credibility to the scam.

I followed the link and was just about to log in to battle.net when I (thankfully) became suspicious. First I decided to log into battle.net through my favorites rather than the site I was directed to by the link. The site looked almost exactly the same. There were some additional links and icons on the genuine one. The URLs were also subtly different – battrd.net rather than battle.net – but you would only spot this if you were looking carefully.

At this point I examined the email more closely. Now that my suspicions were raised, I could see obvious flaws. For a start, the subject line was”battle.net survey”. This clearly had nothing to do with the serious nature of the contents. While it appeared to have been sent  from noreply@blizzard.com, a quick check at the top of the message, where the source is displayed in Outlook Express, showed that it was in fact sent from a a hotmail account behalf of   noreply@blizzard.com. Unfortunately, when I originally opened the message, I was using my iPad – which doesn’t appear to have an option for displaying the source information.

How to avoid being scammed.

A quick check at of the blizzard website revealed that this is a common scam. They recommend a number of measures to take to avoid becoming a victim. A useful article about how to identify a phishing scam is here.

Blizzard also recommend a few security measures. The most basic is to ensure that the phishing filter in your internet browser is switched on. I assumed mine would be by default; however when I checked, it turned out it was switched off.

To activate the filter in IE8 go to Tools. Select Smart Screen Filter then Turn on Smart Screen Filter. After doing this, I returned to the site the email directed me to, and the filter immediately popped up a bright red warning.

The second measure they recommend is to protect battle.net accounts by using an authenticator. This adds an extra layer of security as you have to enter a code, randomly generated by the authenticator, every time you log in. You can mail order an authenticator from Blizzard or download a free app from ITunes.

Further advice from Blizzard around account security can be found here.

However, the main reason I nearly fell for this scam was complacency. I’ve become so comfortable in the environment that I don’t take nearly as much care around security as I did when I started functioning in this online world. Once I started looking carefully, it became obvious the email was a fraud. For me this experience has been a useful wake-up call.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s