Today was to be the last day of my sub. So I get the following email:

Greetings,

We regret to inform you that an investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzards EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement (http://www.worldofwarcraft.com/legal/eula.html)

And Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use (http://www.worldofwarcraft.com/legal/termsofuse.shtml)

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated. In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:

<link removed>

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,
Account Administration
Blizzard Entertainment
******************************
I have no clue what the hell they are talking about. I have an authenticator on this account. I haven't logged in in nearly a month and I'm trying to cancel. Therefore I'm selling the account??? I'm am SO not going to ever go back. I guess they feel there is no other reason for me to cancel unless I was going to sell the account. That is just madness. I'm canceling the account because the game is not fun for me anymore, but apparently that's not possible in their eyes.

Even though it's a bot, it still pisses me off to be accused of cheating.

If it's a mistake then it's a mistake and you contact them and explain it.

If you're cancelling...then what's the big deal?

You seem awfully upset over something that can get resolved with a telephone call.

Better stop that ebay auction! ;)

Seriously: Something went wrong on their side that put some red flags on your account for whatever reason.
Back when I canceled my 2 subs all went fine besides the sad little peon on the confirmation page :(.
When I re-subbed all was fine, too.

Only got this email when someone stole my login data and used it for gold selling / spamming.
Was resolved fairly quickly, too once I provided information that identified me as the legit owner of that account.

Are you sure this isn't just a scam? I mean, the whole, 'to verify your identity, go to this handy-dandy url I provided' is the classic scam technique.

Are you sure this isn't just a scam? I mean, the whole, 'to verify your identity, go to this handy-dandy url I provided' is the classic scam technique.


That was my thought as well...you should be 100% that link is legit before you enter any info.

Are you sure this isn't just a scam? I mean, the whole, 'to verify your identity, go to this handy-dandy url I provided' is the classic scam technique.

That was my thought, which is why I didn't click on the link. Um, I'm cancelling anyway and really this is a good thing because it will assure that I will never be back (unless of course it really is a scam, then when I get my life where I want it, I may reconsider).

It just torks me that they would try this. And there's an authenticator on the account, so it's not supposed to be able to be compromised. I did try to log in and the authenticator is still on the account. I also wanted to know (which I should have said) if other people had this happen to them.

That was my thought, which is why I didn't click on the link. Um, I'm cancelling anyway and really this is a good thing because it will assure that I will never be back (unless of course it really is a scam, then when I get my life where I want it, I may reconsider).

Go to the official website, click on "Account Management" and enter your login / pw + token number.
You should see the status of your account then + the recent history of it OR you will get a message that your account is "on ice" because Blizzard is investigating something (got this message when my account was hacked / put on hold).
If you see a button "resub" then all is fine. You should always be able to access this page as long as your account exists whether active or not.

PS: Might be a good idea to "de-link" the token from your accout (if possible) in case you lose it and want to play WoW again in a year! ;)

This seems like a phishing scam to me.

It's almost certainly a phishing scam. I am pretty sure that Blizzard never provides a direct link to account pages in emails--they'll just say "log onto your account."

Pretty easy to find out if it's a scam.. just 'view source' on that email and look at the link in its raw html format. It probably takes you somewhere other than blizzard.com or worldofwarcraft.com.

I'd lay money on that being a phishing email. Even if it wasn't, as has been said, taking a minute to log in to your account to ensure everything is well and your cancellation is going ahead was probably prudent, should you ever want re-subscribe.

It's a phishing scam. (http://blogs.ign.com/PallyDog/2008/07/14/95933/)

Mouse over the link they provide, I'm betting it looks like this, or something close.

http://blizzard.totallynotgoingtoscamyouipromise.ca/iminyouraccountshardingyourgear/youdumbass.htm

Your link doesn't work Griddle. :p

Your link doesn't work Griddle. :p
Ni hao. ^.^ You geiv gold.

Pretty professional-looking scam, but remember to always check the domain of whatever page you're being sent to.

And also remember that the companies providing these sorts of services (WoW, Xbox Live, etc.) will never ask for your password, ever.

Qt3 -- post here and we'll google shit for you.

Ok guys, this is really interesting. On the screen (and when I have gmail show details, the link shows something like https://xxx.worldofwarcraft.com xxx.xxx.xxx (I'm too lazy to type the whole thing), but when I copied the link it to show you guys, the paste came out like this:

http://wow81.freehostia.com/

The blog link says the email came from a gmail account. I'm not seeing a gmail account, even with show details on. The first thing I did was to show details, but it still showed up as a worldofwarcraft.com address, and a @blizzard.com email.

Ah well, I wasn't going to click on the link anyway, and since I have an authenticator, my password wouldn't have done them any good. All's well that end's well. Still cancelled though :)

Well if they found a real badly configured SMTP server they can spoof emails to appear from wherever they like to. Most that allow relay (forwarding an email that was sent to them) will show the real sender IP / domain in the header but some will simply accept everything they get.

Back when the internet was fun I used to send friends emails from bill@microsoft.com demanding that they license their MS software.
A lot of SMTP servers allowed open relaying (= not checking whether your IP matched the domain you said you are from -> microsoft.com) since spam was no big issue back in those days. Today it's much harder to find such a badly configured machine but they are still out there.
Good times back then. :)

Concerning the spoofed link. I recall having read that there is a way to mask the real link using a special format of the link structure but I don't know any details and I am too lazy to google.

If you look at the HTML source of your email you'll probably see:
<a href="http://blizzard.totallynotgoingtoscamyouipromise.ca/iminyouraccountshardingyourgear/youdumbass.htm">http://www.worldofwarcraft.com/somelegitpage.html</a>

It's common in phishing scams.

If you look at the HTML source of your email you'll probably see:
<a href="http://blizzard.totallynotgoingtoscamyouipromise.ca/iminyouraccountshardingyourgear/youdumbass.htm">http://www.worldofwarcraft.com/somelegitpage.html</a>

It's common in phishing scams.

Wow it's that easy?
Damn even I could manage that based on my HTML 3.2 leet knowledge from way back. :)

Wow it's that easy?
Damn even I could manage that based on my HTML 3.2 leet knowledge from way back. :)

Yeah dood, it are totally difficult:

http://en.wikipedia.org/wiki/Spyware (http://www.youtube.com/watch?v=Yu_moia-oVI)

You fail at rick-rolling.
IE shows the correct URL if you mouse over it.

Wow it's that easy?

There are more complicated methods that'll pass the mouse over test (unlike Aeon221's attempt) but they're browser specific and usually get patched. When in doubt trust no one and type the URL into the browser yourself.

I have no clue what the hell they are talking about. I have an authenticator on this account. I haven't logged in in nearly a month and I'm trying to cancel. Therefore I'm selling the account??? I'm am SO not going to ever go back. I guess they feel there is no other reason for me to cancel unless I was going to sell the account. That is just madness. I'm canceling the account because the game is not fun for me anymore, but apparently that's not possible in their eyes.

Even though it's a bot, it still pisses me off to be accused of cheating.


Wait, so you're saying our deal is off?

You fail at rick-rolling.
IE shows the correct URL if you mouse over it.

You're right, but a lot of people are too lazy or non-computer savvy to double-check the link and will just click it without thinking. They're even more likely to fall for it the text just displays an URL, since people usually seem to assume that they correspond with what the link directs to, as in Aeon221's example (gee, I sure hope this makes sense when others read it).

Scammers only need to snare one victim to be successful.

You fail at rick-rolling.
IE shows the correct URL if you mouse over it.

No shit.

Good! I learned something today. I don't normally click on links that tell me to disclose passwords, but I hadn't thought of mousing over the link. Thanks guys.

You can do some tricky things with the hover text, too. Something like <a href="http://paypal.com [...huge number of spaces...] @phishing-site.com/">http://www.paypal.com/</a> will look like a perfectly legitimate link if you mouse over it because the spaces pushed the rest of the real address off the right-hand side of the screen. Firefox displays ellipses in the lower-right corner to indicate there's more to the address, but it's really easy to miss.

Good! I learned something today. I don't normally click on links that tell me to disclose passwords, but I hadn't thought of mousing over the link. Thanks guys.

You are right to never click on links that tell you to disclose a password. Mousing over can help, but you never know if there is some bizarre browser flaw that will let a scammer hide the real URL. Always better to just type in the URL yourself for these things.

I hadn't played WoW for two years and I got an e-mail congratulating me for activating Burning Crusade. Somehow my account got hacked, but my password is pretty obscure so I don't know how. Luckily they don't have my credit card # or anything, and I changed all of the other passwords I use.

Qt3 -- post here and we'll google shit for you.

I found this thread informative and interesting, something I wouldn't be privy to had he not posted.

I found this thread informative and interesting, something I wouldn't be privy to had he not posted.

Oh well in that case I'll get started posting all the spam I've got in my hotmail account.

Oh well in that case I'll get started posting all the spam I've got in my hotmail account.

If you are going to be snarky, at least do so in the form of entertaining pictures.

If you are going to be snarky, at least do so in the form of entertaining pictures.
I will post my curmudgeonly opposition to this. The "snark through image" thing here is getting rather overplayed.

http://tbn1.google.com/images?q=tbn:tAU1A9K5N3VlyM:http://synthesismagazine.net/wp-content/uploads/2008/01/lolwut.jpg

'nuff said!

PS: Might be a good idea to "de-link" the token from your accout (if possible) in case you lose it and want to play WoW again in a year! ;)

That's a really bad idea. I can confirm from bitter personal experience that it's entirely possible to have your account hacked looong after you've cancelled, and the whole point of the token is to prevent that sort of thing. Just keep the token someplace safe.

They actually had the nerve to write me back:

Greetings,

It appears that no response has been made on the behalf of your account regarding the issue of breaking Blizzards EULA under section 4 Paragraph B

WoW -> Legal -> End User License Agreement (http://www.worldofwarcraft.com/legal/eula.html)

And Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use (http://www.worldofwarcraft.com/legal/termsofuse.shtml)

To verify your identity please visit the following webpage:

https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww.worldofwarcraft.co m%2Faccount%2Findex.html (http://wow81.l4rge.com/)

If no response is made within 3 days our Account Administration team will lock the account until further notice.

Sincerely,
Account Administration
Blizzard Entertainment

This time I was able to duplicate the whole thing. Do not click on that link and give them your password!!! I put it in for informational purposes only.

Write abuse@choopa.com with the headers and full HTML source of that email. They're the responsible parties for the l4rge.com domain, where that's hosted.

Do not click on that link and give them your password!!! I put it in for informational purposes only.

Well, I don't think anyone's going to click it, but you could just write where the links goes without actually giving the link.

Well, I don't think anyone's going to click it, but you could just write where the links goes without actually giving the link.

Already been done. I just wanted to demonstrate that the link does look entirely legal. They even managed to spell all the words in the email properly. And I will forward the email to that address mystery, thanks.

Already been done. I just wanted to demonstrate that the link does look entirely legal. They even managed to spell all the words in the email properly. And I will forward the email to that address mystery, thanks.

http://www.geocities.com/reaper_dont_fear/redhellokitty.html

You know you'll click it!

http://www.geocities.com/reaper_dont_fear/redhellokitty.html

You know you'll click it!

Yeah cuz I lurv Hello Kitty!