Phish: The problem of account invasion is getting worse and worse

Here’s the E-mail:

Return-Path: ooc1592jacmr_2@hotmail.com
Received: from fd ([125.141.229.21]) by BLU0-SMTP100.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 5 May 2010 12:01:50 -0700
From: “noreply@blizzard.com” <noreply@blizzard.com>
To: <jayras@gmail.com>
Subject: =?utf-8?B?V29ybGQgb2YgV2FyY3JhZnQgLSA=?=
=?utf-8?B?QWNjb3VudCHigI/igI8=?=
Subject: World of Warcraft – Account!‏‏

Recently, the problem of account invasion is getting worse
and worse which cause enormous players’ equipments and virtual currency stolen.
This severely damages the benefits of mass players, also causes our company lose
a lot of customers.
Our company has to adopt some measures
to safeguard our common benefits in order to strengthen the safety of mass
players’accounts, and firmly resist the account to be stolen again.
Through
our company’s research and investigation to xxx customers,we will make the
following decisions: we launch a package of updated code strengthen system and
dynamic code protection card which can effectively prevent the accounts invaded.
We will send this package of code protection system to players free of
charge.
Please open this connection:  [ Bad Link ]

the
information need to be filled in the following pages, when you have submitted
the preceding filled information, if your account passes the check successfully,
we will send this package of dynamic code protection card to you in the form of
e-mail.
In 3 days after you receiving the e-mail, if you
don’t submit your information, we have right to freeze your account, every
player is obligated to protect the safety of the account. You must work together
with us to be determined to crack down all the behaviors of destroying
games.

Regards,
The World of Warcraft Support Team
Blizzard
Entertainment

OK, Let’s see (if I can stop laughing):

  • Header says Hotmail.
  • No Personal Greeting
  • Worse translation job EVER
  • Bad english and spelling
  • Phrasing that makes you laugh so hard you sides hurt.

Oh man…so, this is the e-mail I used as an example in the “How to spot a Phish” Article.

Boy is this one of my favorites…the turn of phrase is so ludicrous, I can’t believe anyone fell for this…

Let us go through the e-mail and have some fun…shall we?

Recently, the problem of account invasion is getting worse
and worse

Recently eh?  So the past transgression weren’t all that bad eh?

which cause enormous players’ equipments and virtual currency stolen

WOW…first of all, apparently only Enormous players are affected.

Us regular size players are fine.

Their equipments are stolen, but only their virtual currently is stolen, their real gold is safe.

This severely damages the benefits of mass players,

Apparently enormous, massive players were also getting benefits that are susceptible to damage.

also causes our company lose a lot of customers

Me Tarzan…you Jane?  our company lose a lot

Our company has to adopt some measures to safeguard our common benefits in order to strengthen the safety of mass players’accounts

not bad, missing a space…but pretty good

and firmly resist the account to be stolen again.

Whoops, spoke too soon.  Right in the toilet…and it started out so well!

But, our accounts apparently have a resist against Stolen stat (Wonder where we get the resist gear from?)

Through our company’s research and investigation to xxx customers

Our research department, to avoid repeating the mistake NASA Made (Remember the mars lander that crashed?) have decided to forego the English measurement system, and to forego the Metric as well.

Our research department is using Roman Numerals!!!  There will be no mistakes made this time!!

And we investigated XXX Customers….

we will make the following decisions:

Well, as you read further you will see they made ONE decision, not “the following decisions”

we launch a package of updated code strengthen system and dynamic code protection card

All I saw here was:

Illudium Q-36 Explosive Space Modulator

which can effectively prevent the accounts invaded

Preventing “The Accounts Invaded” is a very good thing.  One day we’ll prevent accounts from being invaded too.

We will send this package of code protection system to players free of charge.

They are sending us the Modulator for FREE!!

Please open this connection:

uhhh…bite me.

the information need to be filled in the following pages

Initiating time warp…

when you have submitted the preceding filled information

Time warp complete, welcome to “after filling out the form”, even though you haven’t seen it yet.

if your account passes the check successfully

wait a minute…

we will send this package of dynamic code protection card to you

I SAID WAIT!!

…Is it just me, or doesn’t Blizzard already have all the information about my account already?  I mean, after all…they like…ummm….HOUSE the account…

In reality, it’s not MY account, it’s Blizzard’s account they let me use…for a fee.

so, what exactly am I filling out in the forms that they don’t know already?  And wouldn’t they have already determined if I’m eligible for the Modulator since they already have my info?

Ya, I know…I’m using logic….

ok…back to the E-mail…

in the form of e-mail.

WOW, we are now in the Diamond Age where we have matter generators from “the stream”?

In 3 days after you receiving the e-mail

Ummm…the Modulator e-mail or this e-mail?

if you don’t submit your information,

OK, I’m assuming this e-mail, I guess.

we have right to freeze your account

You’re account will be in ICC and won’t be able to go anywhere else!!

every player is obligated to protect the safety of the account

We’re communist, there is only THE ACCOUNT, there are no individual accounts!

You must work together with us

Sounds very “not together”…shouldn’t you say “We must work together”?

to be determined to crack down all the behaviors of destroying games.

Remember folks, people don’t destroy games, behaviors do.

Update:

  • Received again:

Return-Path: boguss_80@hotmail.com
Received: from ekjcz ([112.216.160.78]) by BLU0-SMTP19.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 28 May 2010 04:58:01 -0700
From: “noreply@blizzard.com” <noreply@blizzard.com>
To: <jayras@gmail.com>
Subject: World of Warcraft – Account Authenticator

Links to: www.worldofwarcraft-authenticator-securety.com

  • Received again:

Return-Path: <donotreply@blizzard.com>
Received: from SL-20091113QMYE ([208.48.253.232])
by mx.google.com with ESMTP id s38si7060877qco.138.2010.08.09.01.42.13;
Mon, 09 Aug 2010 01:42:14 -0700 (PDT)
Received-SPF: fail (google.com: domain of donotreply@blizzard.com does not designate 208.48.253.232 as permitted sender) client-ip=208.48.253.232;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of donotreply@blizzard.com does not designate 208.48.253.232 as permitted sender) smtp.mail=donotreply@blizzard.com
Message-Id: <4c5fbf66.6669e50a.33fc.ffffd75bSMTPIN_ADDED@mx.google.com>
From: donotreply@blizzard.com
Subject: Protect Your Battle.net Account

Links to: batt1e-us.net

  • Received again:

Return-Path: <donotreply@blizzard.com>
Received: from SL-20091223ORRH ([203.216.161.253])
by mx.google.com with ESMTP id g8si11231091ibe.9.2010.08.09.02.39.41;
Mon, 09 Aug 2010 02:39:43 -0700 (PDT)
Received-SPF: fail (google.com: domain of donotreply@blizzard.com does not designate 203.216.161.253 as permitted sender) client-ip=203.216.161.253;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of donotreply@blizzard.com does not designate 203.216.161.253 as permitted sender) smtp.mail=donotreply@blizzard.com
Message-Id: <4c5fccdf.8827e70a.14b9.058cSMTPIN_ADDED@mx.google.com>
From: donotreply@blizzard.com
Subject: Protect Your Battle.net Account

Links to: batt1e-us.net

  • Received again:

Return-Path: johanh__@hotmail.com
Received: from qkzh ([125.45.155.77]) by BLU0-SMTP54.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 11 Aug 2010 19:46:16 -0700
Reply-To: <wowaccountadmin@blizzard.com>
From: “wowaccountadmin@blizzard.com” <wowaccountadmin@blizzard.com>
To: <jayras@gmail.com>
Subject: The investigation will be continued by Blizzard administration to determine the action to be taken against your account.

Links to: us.bbatlile.net

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/