Phishing E-Mails - E-Mail DB Compromised?
Posted: Mon Jan 18, 2010 12:56 pm
I haven't played WoW in about 8 months, but I thought somebody here should know about this issue.
I created a custom E-Mail address specifically for this website when I signed up. In the last month or so, I've received approximately ten phishing E-Mails by somebody who has been trying to get WoW account info. I deleted my E-Mail account, but here's the info on the last phishing E-Mail I received.
E-Mail Header:
Return-path: weee_12@hotmail.com
Envelope-to: warcraftrealms@<mydomain>
Delivery-date: Mon, 18 Jan 2010 12:44:41 -0500
Received: from impinc02.yourhostingaccount.com ([10.1.13.102] helo=impinc02.yourhostingaccount.com)
by mailscan19.yourhostingaccount.com with esmtp (Exim)
id 1NWvea-0005GY-Iw
for warcraftrealms@<mydomain>; Mon, 18 Jan 2010 12:44:40 -0500
Received: from blu0-omc3-s18.blu0.hotmail.com ([65.55.116.93])
by impinc02.yourhostingaccount.com with NO UCE
id X5kg1d04J20yn3V025kg37; Mon, 18 Jan 2010 12:44:40 -0500
X-EN-OrigIP: 65.55.116.93
X-EN-IMPSID: X5kg1d04J20yn3V025kg37
Received: from BLU0-SMTP60 ([65.55.116.74]) by blu0-omc3-s18.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 09:39:34 -0800
X-Originating-IP: [211.199.5.14]
X-Originating-Email: [weee_12@hotmail.com]
Message-ID: BLU0-SMTP60DC3A1970144C38BF619E81660@phx.gbl
Received: from uzmk ([211.199.5.14]) by BLU0-SMTP60.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 09:39:32 -0800
From: "noreply@blizzard.com" <noreply>
To: <warcraftrealms@<mydomain>
Subject: World of Warcraft Account Management
Date: Tue, 19 Jan 2010 01:40:10 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-OriginalArrivalTime: 18 Jan 2010 17:39:33.0115 (UTC) FILETIME=[31FB44B0:01CA9865]
E-Mail Content:
From: noreply@blizzard.com [mailto:noreply@blizzard.com]
Sent: Monday, January 18, 2010 10:40 AM
To: warcraftrealms@<mydomain>
Subject: World of Warcraft Account Management
World of Warcraft -> Legal -> End User License Agreement
and Section 8 of the Terms of Use:
Blizzard Entertainment -> Legal -> Terms of Use
A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.
Thank you for respecting our position on this matter.
==================================================================================================================
** We request that you verify your legitimate ownership of the account here:
http://worldofwarcraft-account-logininstructions.com
Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time . It will not affect your game uptime.
If you are unable to successfully verify your password .
using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team Blizzard Entertainment
I created a custom E-Mail address specifically for this website when I signed up. In the last month or so, I've received approximately ten phishing E-Mails by somebody who has been trying to get WoW account info. I deleted my E-Mail account, but here's the info on the last phishing E-Mail I received.
E-Mail Header:
Return-path: weee_12@hotmail.com
Envelope-to: warcraftrealms@<mydomain>
Delivery-date: Mon, 18 Jan 2010 12:44:41 -0500
Received: from impinc02.yourhostingaccount.com ([10.1.13.102] helo=impinc02.yourhostingaccount.com)
by mailscan19.yourhostingaccount.com with esmtp (Exim)
id 1NWvea-0005GY-Iw
for warcraftrealms@<mydomain>; Mon, 18 Jan 2010 12:44:40 -0500
Received: from blu0-omc3-s18.blu0.hotmail.com ([65.55.116.93])
by impinc02.yourhostingaccount.com with NO UCE
id X5kg1d04J20yn3V025kg37; Mon, 18 Jan 2010 12:44:40 -0500
X-EN-OrigIP: 65.55.116.93
X-EN-IMPSID: X5kg1d04J20yn3V025kg37
Received: from BLU0-SMTP60 ([65.55.116.74]) by blu0-omc3-s18.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 09:39:34 -0800
X-Originating-IP: [211.199.5.14]
X-Originating-Email: [weee_12@hotmail.com]
Message-ID: BLU0-SMTP60DC3A1970144C38BF619E81660@phx.gbl
Received: from uzmk ([211.199.5.14]) by BLU0-SMTP60.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 18 Jan 2010 09:39:32 -0800
From: "noreply@blizzard.com" <noreply>
To: <warcraftrealms@<mydomain>
Subject: World of Warcraft Account Management
Date: Tue, 19 Jan 2010 01:40:10 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-OriginalArrivalTime: 18 Jan 2010 17:39:33.0115 (UTC) FILETIME=[31FB44B0:01CA9865]
E-Mail Content:
From: noreply@blizzard.com [mailto:noreply@blizzard.com]
Sent: Monday, January 18, 2010 10:40 AM
To: warcraftrealms@<mydomain>
Subject: World of Warcraft Account Management
World of Warcraft -> Legal -> End User License Agreement
and Section 8 of the Terms of Use:
Blizzard Entertainment -> Legal -> Terms of Use
A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.
Thank you for respecting our position on this matter.
==================================================================================================================
** We request that you verify your legitimate ownership of the account here:
http://worldofwarcraft-account-logininstructions.com
Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time . It will not affect your game uptime.
If you are unable to successfully verify your password .
using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team Blizzard Entertainment