Phish: In view of recent…

Here’s the e-mail:

Return-Path: haku415@hotmail.com
Received: from hwlt ([60.19.174.160]) by BLU0-SMTP12.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 26 Feb 2010 00:13:53 -0800
From: “wowaccountadmin@blizzard.com” <wowaccountadmin@blizzard.com>
To: <***@gmail.com>
Subject: World of Warcraft Account Notice
Date: Fri, 26 Feb 2010 16:13:45 +0800

In view of recent, we have received too many from other players on your complaint we must to verify your account.please login http://www.worldofwarcraft.com/ as soon as possible with our current inspection or we will lock your account, forever.

Regards,
Blizzard Inc.

OK, lets look at this:

  • No greeting at all, let alone no name in the greeting.
  • Header shows it from Hotmail (Surprise!  I’m keeping my eye out here…I don’t think I’ve seen these come from anywhere BUT Hotmail.)
  • Language is so bad that I still can’t figure out what this e-mail is supposed to be saying.
  • Link doesn’t go to Blizzard:  Although what you SEE is worldofwarcraft.com, hovering over the link shows it’s actually going to: cnf-lkoi.worldofwarcraftftb.com

WOW….just WOW

“In view of recent”

WHAT?  In view of recent WHAT?

What are you trying to say I did wrong?

“we have received too many from other players”

again…WHAT? you have received too many WHAT from other players?

“on your complaint”

That’s funny, I never registered a complaint.

“we must to verify your account”

Oh yes, very good english here….

Well, apparently whatever I did was so egregious that they don’t know who I am.

This is one of the most obvious Phishes I’ve seen, it baffles me that ANYONE could be duped into thinking this was real.

Perhaps in the native language this looked more genuine?

  • Received again:

Return-Path: <donotreply@blizzard.com>
Received: from 20100629-2109 ([58.181.62.4])
by mx.google.com with ESMTP id g8si6567568ibb.64.2010.07.05.08.55.47;
Mon, 05 Jul 2010 08:55:51 -0700 (PDT)
Received-SPF: fail (google.com: domain of donotreply@blizzard.com does not designate 58.181.62.4 as permitted sender) client-ip=58.181.62.4;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of donotreply@blizzard.com does not designate 58.181.62.4 as permitted sender) smtp.mail=donotreply@blizzard.com
Message-Id: <4c320087.c814e70a.58a4.ffff8a61SMTPIN_ADDED@mx.google.com>
From: donotreply@blizzard.com
Subject: Battle.net Account Management

wow-batt1e.ne

  • Received again:

Return-Path:
Received: from 20100629-1522 ([61.111.116.37])
by mx.google.com with ESMTP id g1si8358553rva.68.2010.07.05.06.06.25;
Mon, 05 Jul 2010 06:06:30 -0700 (PDT)
Received-SPF: fail (google.com: domain of donotreply@blizzard.com does not designate 61.111.116.37 as permitted sender) client-ip=61.111.116.37;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of donotreply@blizzard.com does not designate 61.111.116.37 as permitted sender) smtp.mail=donotreply@blizzard.com
Message-Id: <4c31d8d6.013a8c0a.03f2.ffff89d0SMTPIN_ADDED@mx.google.com>
From: donotreply@blizzard.com
Subject: Battle.net Account Management

wow-batt1e.ne

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/