Friday, 30 July 2010

Let's be a little security conscious, shall we?

Not to jump on a bandwagon or anything, but there have been a few better attempts to hack accounts around lately.

This is not one of them. He didn't even point out to me that I was supposed to go there - and what was the silly thing with Blizaard about? Next time at least give the initial whisper a random name to make the shifted line appear more valid.

Anyway... on to the real concern. This morning I got an email that was about as good as the one Noisy Rogue talked about.

It read something like this:


Blizzard Entertainment recently received a request to change the e-mail address used to log in to the account with the username The e-mail address k*** has been specified as the new username for this account. An email has been sent to this new address containing a verification link to complete the change.

Once the new address has been verified, the e-mail address can no longer be used to log in to this account or any World of Warcraft accounts merged with this account.

If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately.


The Account Team

Online Privacy Policy
MessageID hhyx9n7odruzdcck7w0aptbg
Now if I had not recently changed my email adress, this probably would have been less effective. What surprised me is that it is a perfect copy. This is the actual "you changed no email recently" email.
Spot what's wrong with it?
Neither did I.
Mainly because it's not there. Displayed above is the pure text part of the email - not the html email. In the html version there is a link at the end to contact Blizzard Billing and Account Services.
Let me not quote the wrong one here, but it was not leading instead to a .us site. Well done, it did make me wonder for a while.
Oh yes, and in case you haven't done so yet - go and get an authenticator. Cunningly available from the Blizzard store, which you'll likely find linked on the real Blizzard homepage. I won't even bother linking that here, right?


  1. This comment has been removed by a blog administrator.

  2. This comment has been removed by a blog administrator.

  3. This comment has been removed by a blog administrator.