Your account is being investigated

Lately, a lot of my friends are tempted to fall into scammers' traps concerning their WoW account. Lucky for them, they got me to keep them from going down that slippery slope, but I wonder, how many WoW players can actually distinguish a bona fide Blizzard e-mail from a scammer's attempt at sharding your epix?


In this post, I'll attempt to explain, once and for all, all the tell-tale signs that, once you learn to spot, will make sure your account remains yours. Of course, that only goes for the elaborate ones; people telling you they are GMs in-game, asking for your password deserve to get it if you're naive enough to actually give it to them. Just remember that old adage, which has made it, for the past two years, into a loading screen: "A Blizzard employee will never ask for your password". A GM can access your account if he/she wants/chooses to, without you giving them your password either way.


So, which are the "elaborate ones"? Let's break it down, shall we?
Usually it's sites that look like Blizzard or Battle.net sites, but are not. Those, once you get into them, will either present you with a very official-looking form that requires you to enter your account info, or, worse, infect you with a keylogger. Keyloggers actually keep track of which keyboard keys you press when logging in and sends that information to the scammer, effectively reverse-engineering your password. The scammer will then usually change your password as soon as possible, and, by the time you're aware of what's happened it will already be too late to stop it. Blizzard will restore any and all damages to your account, but that takes time, and that's a major inconvenience better avoided. Getting Firefox or Chrome and disallowing scripts to run automatically usually does the trick to protect yourself from getting infected with a keylogger. Sometimes, Firefox or Chrome will even refuse to open those sites at all, with a nice helpful message of "This website has been reported as fake" or something like it, derived from hundred, maybe thousands of users before you reporting it as such. Or, better yet, do not click at links concerning World of Warcraft from third-party sites at all. Odds are, you were browsing a site that would lead you down the path to breaking the EULA as it is, like bot sites or gold sellers.


Protecting yourself from sites like that is very, very simple when it comes down to it: just don't go into them. If you want something from your battle.net account, type in the URL yourself and bookmark it, then use that. You don't click those links, you don't get keyloggers. Simple as.


Which sort of overlaps with the second type of elaborate scam. Sometimes, it's e-mails from "Blizzard", "Blizard", "Blizzard Entairtenment", or, my personal favourite, "noreply@battle.net" or "noreply@blizzard.com". These e-mails are called "phishing", trying to lure you into divulging your account info or going on a site that will infect you with a keylogger. Heck, I got four of these bad boys in my inbox right now. How do I know they're fake? Why, I'm glad you asked. Here's a short list.


1) Bad grammar. This seems like a no-brainer, but if it didn't work scammers would have wised up to it by now. Be extremely wary of bad grammar, spelling or syntax in official-looking e-mails. Actual Blizzard e-mails are auto-generated based on a template, which you better believe has been spell-checked and proof-read thoroughly. Assuming you are able to spot it, it will save you a few precious milliseconds - seconds - minutes - hours - days (delete as appropriate) of QQing at "why was my account suspended???!?!?".


2) Sender address. An actual Blizzard e-mail will ALWAYS end in @blizzard.com or @battle.net. If it's anything else, it's fake. However, sometimes, just sometimes, the e-mail WILL APPEAR to be from @blizzard.com or @battle.net but will still be fake. Scammers know how to make it look like it is from a trusted sender when it's not, a process called "spoofing". To really know where that e-mail's from, find the header of it ("View source/message source" in hotmail/live, "view original" in gmail, etc). If it's not @blizzard.com or @battle.net, ignore it.


3) What's in the actual friggin' email. If it's providing you with a link to a battle.net service you didn't initiate yourself, don't click it. If it makes you think your account has been compromised and you have to verify it by following a link and entering your account info, don't do it. If it's offering you something for nothing, 99,99999% of the time it's lying (I'd say 100%, but recently a friend got a free WoW account for being such a good sport and buying almost every other Blizzard game).  Again, remember that adage we talked about:  "A Blizzard employee will never ask for your password".


In short, keeping your account in WoW secure is really not hard. Some would argue that getting an official Authenticator from Blizzard can be used in lieu of a common sense, but Authenticators have been hacked and bypassed on occasion. I've yet to hear of a scammer hacking a brain.