More spam is lighting up for Battle.net account users, Diablo, and World of Warcraft members. The latest spam update is below, where once again, the spammers are using a fake email account (firstname.lastname@example.org) as the sender, and stating that you are trying to sell your Battle.net account and need to verify it so it will not be suspended.
However, the link it gives looks real, however, it is fake.
Here are the technical details:
Return-path (email address the email actually came from): ab[at]vlrpc.com
IP address: 126.96.36.199 belonging to an unknown/private user (WHOIS states the IP master’s name: yanling ruanof) China Unicom, a telecommunications company governed by The People’s Republic of China. They seem to either ignore abuse reports, or do not know much about their users’ activities. We know a private user sent this spam, because the message header clearly states the application used to send the email: Microsoft Outlook Express 6.00.2900.5512.
Known blacklisting: Spamhaus.org (listed as “Illegal 3rd party exploits, including proxies, worms and trojan exploits”), abuseat.org, barracudacentral.org, uceprotect.net
Now, it’s believed that the recent spam outbreak (like the one above, for example) is a result of the latest Blizzard lawsuit. However, spam like this has happened before (also look in the comments for a user who posted about Diablo 3 spam).
The only thing to best protect against spam is having an anti-spam program. Please visit the vendor below for more information.
The latest Blizzard spam returns with some IP warnings involved:
Here is the full text (links removed):
Dear customer,This is an automated notification sent from our account security system. You logined your account successfully at 4:27 on July 11th form the 125.87.108.* range, but our system shows the 125.10.151.* IP range exists a large number of hackers. As too many customer complaints, the 125.98.104.* IP range has been blacklisted.We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, visit click:
hxxps://www.battle.net/account/support/password-verify.htmlwebsite fill out some information to facilitate our investigation.Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.Sincerely,
Blizzard account system
- Any displaying of an IP address is immediate red flag. Blizzard would never post an IP address to an email.
- Displaying of any password in an email, unless it is a confirmation email sent from Blizzard IMMEDIATELY after you register.
- Displaying of birthdates, server locations, etc. would not be a commonality in Blizzard emails.
If you receive an email that seems to reveal information that should not be revealed, delete it! It is probably spam. After all, if Blizzard really wants to get through to you, they would ask you to contact customer service…not verify your password online.
The sender of the email had an IP address of 188.8.131.52 – which can be blacklisted.
Seeing that it isn’t on most blacklists (thanks to WhatIsMyIPAddress.com:
Control spam now with SurfRight Antispam, makers of HitMan Pro secondary opinion malware scanner.