New scam tries to give you a free Celestial Steed
One of the sadder parts of this job is reporting on the numerous scams that sweep across the World of Warcraft landscape. It's no secret that your WoW account is valuable to thieves -- the entire gold-selling industry is built on a foundation of hacked accounts and stolen items.
Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat:
You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account.
No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account
If it sneaks by your spam filter, the latest scam email can be quite convincing. The message, which appears to be from sales@mail.blizzard.com, masquerades as a receipt for the purchase of the $25 Celestial Steed mount. Of course, the email is not actually from Blizzard (the "from" email is spoofed), and the links to Battle.net and Worldofwarcraft.com inside send you to a phishing website designed to steal your password or infect your computer with a keylogger.
Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back.
More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.
The not-so-great sparkle pony scam of 2010
With more people using authenticators to protect their accounts, scammers, hackers, phishers and thieves are getting increasingly aggressive in their tactics to snare new victims. The latest attempt making the rounds is the following authentic-looking email:
Hello, thank you for shopping at the Blizzard Store!
World of Warcraft® Mount: Celestial Steed : 314159265358979323846
To use this key to activate the pet, simply follow these instructions:
* Create a Battle.net account (or if you already have one, log in) at http://www.worldofwarcraft.com
* Verify your e-mail address. (If you have previously verified your address, skip this step.) From the main Account Management page, click the 'verify this e-mail address' link. Then, check your e-mail account for a verification e-mail. Click the link in this e-mail to verify your e-mail address.
* Return to the Battle.net account management page, then click on 'Code Redemption'.
* Enter the above Pet Key in the code field.
* Once you have successfully redeemed this code, you will be able use the pet in World of Warcraft.
NOTE: If you have previously chosen to gift your digital purchase, attaching this key to their Battle.net account will prevent the gift recipient from being able to redeem this key with your Battle.net account.
===========================================
Purchase Receipt
===========================================
Customer Account: your_address_here@wow.com
Order Date: 2010-7-11
Order #: 3778397
(1) World of Warcraft® Mount: Celestial Steed - $25.00
Credit Card Number : ****-****-****-2663
Credit Card Type : Visa
Item Subtotal: $25.00
Tax: $0.00
Shipping & Handling: $0.00
Shipping Tax: $0.00
Grand Total: $25.00
===========================================
If you have any questions or concerns about your order, please contact us at:
Phone: Toll-free at (1-800-592-5499)
Website: http://us.battle.net/account
Live phone support is available seven days a week, 8:00AM - 8:00PM Pacific Time.
Thanks for shopping with us!
Blizzard Customer Service
Instead of helping you redeem your free sparkle pony (or, alternatively, file a request to have this faulty transaction taken off your credit card), the links included in the email will whisk you away to a sketchy land of horror, where honest and kind World of Warcraft players have their gaming experience exploited and destroyed for the profit of gold sellers.
What to do if you are a victim
If all the items, gold and equipment you own are missing -- or worse yet, if you can't log into your account at all because it's asking for an authenticator you didn't request -- you're probably a victim of a hacking attempt. You can recover your account (and sometimes the items that are missing), but it will take some time. Here's what you should do:
Contact Blizzard Customer Service. You can get a lot more information about the appropriate people to contact by visiting the World of Warcraft compromised account page. From there, you can learn how to contact Blizzard by phone, email or web to start the account recovery process.
Contact your guild, if you have one. Most hackers go after guild banks if they can. Taking the extra step of contacting your guild can save everyone a lot of headaches.
Consider buying an authenticator. Well over 99% of hacking and phishing attempts could have been prevented if the victims had purchased and installed an authenticator on their accounts. Better yet, some mobile phones like the iPhone and Android are capable of downloading a free authenticator app.
Tips on protecting yourself
Never give out your password to anyone other than your parent or guardian. Blizzard employees and GMs will never ask for your password in game.
Don't follow web links from strangers in game.
If you receive an email from Blizzard about your account, do not follow any of the links present in the email itself. If you believe the message may be legitimate, type the worldofwarcraft.com or battle.net address directly in your browser's address bar.
Blizzard does not run in-game prize drawings. If someone is offering anything to you for free, chances are it's a scam. Don't follow links given to you in game via tells, trade chat or dead gnome corpses strangely floating in mid-air outside the Stormwind auction house.
Blizzard GMs do not contact people using level 1 characters and tells/whispers.
Even the most cautious of people can still get hacked by accidentally downloading a keylogger by visiting the wrong site or clicking the wrong link. Make sure your computer is protected with trusted anti-virus software.
[A special hat tip to all of you who sent us emails about the scam. Thanks!]
