“Mission: Account Hacking” or “Bronte’s Tips for Sifting Through Bullshit Emails”
Hackers are ever-more inventive these days. From sniffers to key loggers to emails designed to phish your account information, they seem hell-bent on getting their grubby paws on your virtual goods through whatever means necessary.
Recently I received the following email in my account, and as much as I hate to admit it, even I paused for a moment, internally debating the legitimacy of the email. Go ahead and click on the link below, so you can view the email in full-size, and I will walk you through why the sender has worked hard to create a near-convincing, official-sounding email, but is an idiot nonetheless.
First, the email is from “email@example.com“. This makes me pause, because almost any and all correspondence I have had regarding my account has been from “firstname.lastname@example.org“. This is your first clue. If the email sounds like it is from blizzard, but the sub-domain clearly suspicious, you should probably take a closer look before freaking out over the contents of the email.
Second, the mailed by field says “hotmail.com”. That, right there, is enough of a clue to simply disregard the email and send it to your trash. I sincerely doubt Blizzard uses hotmail.com for all of its electronic correspondence. It sounds fiscally prudent, but given that blizzard already uses its own domain.
Third, the email claims that my account has been compromised because someone with the IP address of “18.104.22.168” has logged into my account which isn’t my “usual” IP. This is where I was a little torn. Plugging in “22.214.171.124” into an IP address locator shows that the computer is somewhere in Brisbane, Australia. I have a friend in Brisbane, Australia who has used my account on occasion. While this may be a remarkable coincidence, there are still some signs that give away the legitimacy of the email. The email claims that this isn’t my “usual IP”. My “usual IP” is my home computer, my laptop, my work computer, and at least two other LAN PCs at my friends’ houses. The possibility that Blizzard didn’t raise any red flags about me logging into my account from five different IPS, yet threw a shit-fit when I allegedly logged in from a sixth location is highly unlikely.
Fourth, Blizzard always provides links to the pages they advise their customers to view. The email advises you to “visit our Account Security website” and to “visit our Support page”, but provides no link to either. At the end of the email, it also says:
The Battle.net Account Team
Fifth, look at the link they provide for you to log in to your account: “http://us.worldofwarcraft.com.restoreconfirm.us/“. Upon entering this URL, you are redirected to “http://us.battle.net/en/“. The website looks incredibly legitimate. Take a look at the real website login page and the fake website login pages below:
But here is where you can tell which one is real and which one is fake. A browser like Firefox will clearly label for you which website is secure and which isn’t. In the picture on the left, the URL above is the fake website, since it does not support identity information. The one URL below is the real website, which is verified by Thawte Consulting cc.
Bottom-line: they are desperate to get your account. Just by looking at any emails you receive very carefully, you can determine which one is full of crap and which one is the real deal. Arm yourself with this knowledge kids, because knowledge is power!