So I wake up this morning to find a helpful email from Blizzard, reminding me to renew my account before The Burning Crusade. "That's odd," I think, "My account is active right now. Well, I'd better just check..."
![[Image: phishmb9.jpg]](http://img101.imageshack.us/img101/5072/phishmb9.jpg)
In my early morning stupor, I clicked the link, entered my account information, and realized that this is the model for a textbook phishing attack (in that order). I immediately changed my password and scrutinized the headers of the email and it looks legitimate to my untrained eyes.
Which brings me to my point: Did anyone else receive this email? If it wasn't legitimate, well, I hope all other recipients were sharper than me. If it was legitimate, what was Blizzard thinking, sending an official mail that looks like a phishing attack?
In my early morning stupor, I clicked the link, entered my account information, and realized that this is the model for a textbook phishing attack (in that order). I immediately changed my password and scrutinized the headers of the email and it looks legitimate to my untrained eyes.
Code:
Date: Friday, January 05, 2007 01:28 am
Subject: Are You Ready For The Burning Crusade?
Message-ID: <20070105052853.1C3D.7155-53@email.blizzard.com>
Return-Path: <Newsletter@email.blizzard.com>
Delivered-To: "monkey"
Received: (qmail 12631 invoked from network); 5 Jan 2007 05:33:14 -0000
Received: from dsl093-061-106.pit1.dsl.speakeasy.net (HELO "friend's mail redirect") ([66.93.61.106]) (envelope-sender <Newsletter@email.blizzard.com>) by mail22.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <"monkey">; 5 Jan 2007 05:33:14 -0000
Received: from email.blizzard.com (email.blizzard.com [12.129.200.219]) by "friend's mail redirect"(8.12.10/8.12.10) with SMTP id l055X1Q0004416 for <"monkey">; Fri, 5 Jan 2007 00:33:07 -0500 (EST) (envelope-from Newsletter@email.blizzard.com)
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; blizzard
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_16D8_728_9635A8BA.01C73078"Which brings me to my point: Did anyone else receive this email? If it wasn't legitimate, well, I hope all other recipients were sharper than me. If it was legitimate, what was Blizzard thinking, sending an official mail that looks like a phishing attack?