Phish: Suspicious Activity

Here’s the e-mail:

Return-Path: <noreply@battle.net>
Received: from 20100629-2109 (host-66-59-248-49.static.linkline.com [66.59.248.49])
by mx.google.com with ESMTP id n11si10217572anh.49.2010.08.08.20.47.36;
Sun, 08 Aug 2010 20:47:40 -0700 (PDT)
Received-SPF: fail (google.com: domain of noreply@battle.net does not designate 66.59.248.49 as permitted sender) client-ip=66.59.248.49;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of noreply@battle.net does not designate 66.59.248.49 as permitted sender) smtp.mail=noreply@battle.net
Message-Id: <4c5f7a5c.0bf0640a.34c5.2113SMTPIN_ADDED@mx.google.com>
From: noreply@battle.net
Subject: Flag this messageBattle.net Account Locked
To: jayras@gmail.com
Sender: noreply@battle.net

Due to suspicious activity, your Battle.net account has been locked. To restore access to this account, please follow
these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing
your password may not deter future attacks without first ensuring that your computer is free from these programs. Please
visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail Account

After you have secured your computer, please create a new password for your e-mail account since it may also be
compromised. Be sure to check your e-mail filters and rules and look for any e-mail forwarding rules that you did not
create. For more information on securing your e-mail account, visit this Support page.

Step 3: Log in your Account
You must Log in your Battle.net account. Please click this link:

http://us.wow-batt1e.net/account/login.html?app=wam&ref=https%3A%2F%2Fwww.worldofwarcraft.com%2Faccount%2F&eor=0&app=bam

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at

http://www.worldofwaroraft.com/account/login.html?.

Sincerely,
The Battle.net Account Team
Online Privacy Policy

Let’s see here:

  • Header shows it’s from Battle.net, but with an invalid sender (I hate that Google still allows this!)
  • Links to: us.wow-batt1e.net Which almost looks like battle.net, but its wow- and that l is actually a 1 (one)
  • Also links to: www.worldofwaroraft.com WOW…double bad on this one.

Hmmm…Good advice on Steps 1 and 2…
Step 3 however…we’re running into a logic gap…
E-mail started off saying:

Due to suspicious activity, your Battle.net account has been locked.

But now it tells you to:

Step 3: Log in your Account
You must Log in your Battle.net account.

See the problem there? The account is LOCKED, but I MUST login to my account.
Oh CRAP
WHAT DO I DO??!!!???

So, ya, slight logic gap there…
Of course, if I still have questions I can go to that other Phishing website to get an answer…

So, ya…Not Blizzard.

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/