Phish: Controversial Currency Transaction.

Here’s the e-mail:

Return-Path: wigoz_88@hotmail.com
Received: from xg ([125.45.155.171]) by BLU0-SMTP91.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 2 Aug 2010 10:56:08 -0700
Reply-To:
From: “wowaccountadmin@blizzard.com” <wowaccountadmin@blizzard.com>
To: <jayras@gmail.com>
Subject: you must complete the steps below to secure the account and your computer

Blizzard Entertainment is dedicated to creating the most epic gaming experiences ever; making sure that your information is safe and secure is an important part of that effort.
We have the evidence to prove that your account  involved in the controversial game currency transaction .The investigation will be continued by Blizzard administration to determine the action to be taken against your account.
To ensure the legitimacy of your account, we need you here to check your account status as soon as possible.
Any recurring subscriptions have been suspended to prevent further monetary charges. In order to regain access to the account, you must complete the steps below to secure the account and your computer.
The Battle.net account is a centralized account system that will let you manage all of the Blizzard Entertainment games you play, including World of Warcraft and future games, in one place without having to remember multiple sets of login information.
We highly recommend that you take this opportunity to verify your account information.To do so, simply click here:

https://us.battle.net/login/login.xml?ref=https%3A%2F%2Fus.battle.net%2Faccount%2Fmanagement%2Findex.xml&app=bam

Blizzard only collects personal information on a voluntary basis.The personal information you provide Blizzard will allow us to fulfill your product or service order; alert you of new products or services, features, or enhancements; handle/route your customer service or technical support questions or issues; and/or notify you of upgrade opportunities, contests, promotions, or special events and offers. Blizzard may enhance or merge the personal information collected at a Blizzard site with data from third parties. Blizzard may also provide your personal information to other companies or organizations that offer products or services that may be of interest to you. In such cases, we will notify you that the information will be shared and provide you with an opportunity to opt-out.
For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.
Sincerely,
The Battle.net Account Team

Let’s see here:

  • Header shows it’s from Hotmail.
  • No greeting at all, let alone personalized
  • Subject is a mess
  • Bad english, although spelling is pretty good.
  • “flow” of e-mail gives you the impression its at least 3 e-mails pasted together.
  • Link goes to : us.bbattlle.com

So ya…

you must complete the steps below to secure the account and your computer

That’s not a subject…that would be a quote from an e-mail.  “Account Security” would be a good subject…or better yet…”Battle.NET Account Security.”

I swear…they aren’t even putting forth the effort anymore…are we really THAT gullible these days?

Blizzard Entertainment is dedicated to creating the most epic gaming experiences ever; making sure that your information is safe and secure is an important part of that effort.

Pretty sure that semi-colon should have been a period and start a new sentence.  Although the statement is a good one.  And is true.

We have the evidence to prove that your account  involved in the controversial game currency transaction .The investigation will be continued by Blizzard administration to determine the action to be taken against your account.

I swore I saw that before, and I swore I already had a page for this particular phish too…

But then I realized it was a combination of two different things….”the controversial game currency transaction” Came from another Phish…the account confusion one.  Where they were telling me the changes I made to the account did this…That second sentence…well, we’ll get to that in a moment…

To ensure the legitimacy of your account, we need you here to check your account status as soon as possible.

This is ALMOST the typical hook they lay.  Normally it’s “We need you to verify your account.” Or “We need you to verify you are the original owner of this account.”  This one is slightly different and ALMOST sounds legitimate.

Any recurring subscriptions have been suspended to prevent further monetary charges.

WOA…now this one is new.  And would be something you would expect Blizzard to do if they really thought your account was compromised.  STOP billing on it, so it has to be acted upon.  Pretty brilliant on the Phisher for coming up with this one…oh…but wait…lets go back a couple of lines….

The investigation will be continued by Blizzard administration to determine the action to be taken against your account.

WHOOPS

Brilliant Hook FOILED By a logic gap.

So, are you determining what action or have you taken action?  Come on…make up your mind…which one is it?

The Battle.net account is a centralized account system that will let you manage all of the Blizzard Entertainment games you play, including World of Warcraft and future games, in one place without having to remember multiple sets of login information.
We highly recommend that you take this opportunity to verify your account information.To do so, simply click here:

And then they do this.  Completely breaks the flow of the e-mail and is obviously a copy of another e-mail which is not pertaining to this topic at all….

Blizzard only collects personal information on a voluntary basis.The personal information you provide Blizzard will allow us to fulfill your product or service order; alert you of new products or services, features, or enhancements; handle/route your customer service or technical support questions or issues; and/or notify you of upgrade opportunities, contests, promotions, or special events and offers. Blizzard may enhance or merge the personal information collected at a Blizzard site with data from third parties. Blizzard may also provide your personal information to other companies or organizations that offer products or services that may be of interest to you. In such cases, we will notify you that the information will be shared and provide you with an opportunity to opt-out.
For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.

And again…another break in the flow and another obvious copy of yet another e-mail.  Actually, I think this may be a copy from their privacy statement.

But still, nothing to do with the e-mail at hand.

Then, to add insult to injury, the “click here for answers” isn’t a link at all, so there is nothing to click.

It’s almost as if the Phisher is hoping that pasting in a ton of official sounding “mumbo jumbo” at the bottom of his e-mail it’ll make us forget the horrible English at the top of the e-mail, not to mention hoping we’ll forget the crap is completely off topic to the start of the e-mail….

I dunno, I swear they’re just getting lazy.

  • Received again:

Return-Path: tamtsquare1@hotmail.com
Received: from tuj ([123.4.241.223]) by BLU0-SMTP47.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 6 Aug 2010 19:52:26 -0700
Reply-To: <wowaccountadmin@blizzard.com>
Sender: wowaccountadmin@blizzard.com
From: “wowaccountadmin@blizzard.com” <wowaccountadmin@blizzard.com>
To: <jayras@gmail.com>
Subject: To protect your privacy and security, Any recurring subscriptions have been suspended to prevent further monetary charges.

Links to: us.battllie.net

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/