Within the last week, hackers have seemingly beefed up their attempts to trick Blizzard customers into installing malware and/or stealing their personal information. Below is an actual email I've personally received twice within the last seven days, leading to an unsecure "secure" website where I can supposedly confirm I'm the owner of my World of Warcraft account.
Other than the fact that I don't have an active subscription to World of Warcraft (but an active Battle.net account), and the email itself was sent to another personal email address not associated with Battle.net, the link itself is a dead giveaway, taking users to an external "us.battle.woribofwarcraft.com" website (WHOIS) which in itself pulls up a "Bad Request" error. The actual email was also sent from "Blizzard Entertainment" aka email@example.com.
Here' the email:
It has come to our attention that you are trying to sell your personal World of Warcraft account(s). As you may not be aware of, this conflicts with the EULA and Terms of Agreement. If this proves to be true, your account can and will be disabled. It will be ongoing for further investigation by Blizzard Entertainment's employees. If you wish to not get your account suspended you should immediately verify your account ownership.
You can confirm that you are the original owner of the account to this secure website with:
Login to your account, In accordance following template to verify your account.
* Account name
* Account password
* First and Surname
* Secret Question and Answer
Show * Please enter the correct information
If you ignore this mail your account can and will be closed permanently.
Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.
Account Administration Team
World of Warcraft , Blizzard Entertainment 2010
Please retain all history if you reply to this mail.
Thankfully this email ended up in my spam box. Still, there may be many Blizzard customers who may think this is a legit request. Just pay attention to the "secure" link. If you don't have an active World of Warcraft subscription (but currently play Diablo 2, StarCraft 2), there's nothing to worry about other than the fact that someone has figured out you have a Battle.net account and my be a possible WoW target.