Many of you guys have probably seen these before, if not for Diablo III than over the last many years for WoW, but it’s become quite common for attempted account thieves to send out fake emails that appear to be warnings about your account being hacked or compromised. The goal is to trick you into visiting their fake version of Blizzard’s site, where they hope you’ll type your account name and password into their script, so they can steal it from you.
I’ve personally received dozens of these for World of Warcraft, going back years and years. They range from pathetically-fake to virtually-identical-to-official-Blizzard-notifications. Luckily, by virtue of never having had a WoW account, I have little difficulty ascertaining that they are fake. I hope you guys are hip to this sort of scam, but now that we’re seeing regular reports of these scams targeting Diablo III players, a warning seemed in order.
Below is quoted one I’ve received several times over the past week. It’s a lot closer to the “laughably-incompetent” than “believable”) but don’t expect all of them to be so bad; these scammers do improve with practice, and it’s not hard to fake the sending address to look like it’s from [email protected], or links to look real as well.
It has come to our attention that you are trying to sell your personal Diablo III account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by Blizzard Entertainment’s employees.
If you wish to not get your account suspended you should immediately verify your account ownership.
You can confirm that you are the original owner of the account to this secure website with:
[snipped fake link to malware-filled, trojan-serving site]
Login to your account, In accordance following template to verify your account.
* First and Surname
* Secret Question and Answer
Show * Please enter the correct information
If you ignore this mail your account can and will be closed permanently.
Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.
Account Administration Team
Diablo III , Blizzard Entertainment 2012
If you receive any such mail and have any suspicion about the authenticity, it’s wise to not click the link. These are usually made to appear real, and will have “battle.net” in there somewhere, but always take you to some phony site where the thieving begins. It’s safer to go directly to www.battle.net, log in, and then navigate to your account info. It’s also a very good idea to use some non-public email for your official contact on this sort of thing, and not the same email you use to register on every forum and mailing list around the Internet. And of course attaching an authenticator to your account will save you, even if you fall for one of these scams.