Gold and powerlevelling services - Phish/Scams

Guest

RE: Gold and powerlevelling services - Phish/Scams

Post by Guest » Fri Mar 11, 2011 12:55 pm

Yes it was a fake just like many of the other phishs reported here which attempt to deceive you into disclosing your gaming account login details so that they can then take over your account, spam ingame players and loot all your gold and items.

Blizzard categorically state they will NEVER ask you to update or verify any of your account details, by mail or any other means so anyone that tries this is naturally out to scam you.

My advice is to NEVER respond to any emails supposedly from Blizzard. Use the ingame account login facility or your trusted browser battle.net account login link to make any changes and not do this from any links provided in any emails you receive.

Another tip that will help you determine if the mail is genuine or fake is to check message headers. Simply select message header view or do this using the message properties and you will see where this mail originated and any email address that sent it. You will note that these mails are often sent via disposable email addresses (hotmail, yahoo, etc). Blizzard do not use this service to contact any of their customers and remember that blizzard know who you are so will address you by name too. This is something phishers can't do as they don't have this information so will simply address the recipient as 'hi', 'dear friend', 'dear customer', etc.

As for these spam emails, I would request that you submit them to phishtank and also record them in this thread for others to rate and confirm/deny their authenticity.

hierodule
Posts: 2
Joined: Mon Mar 14, 2011 1:23 am

Another Blizzard-related phishing scam (I think)

Post by hierodule » Mon Mar 14, 2011 1:23 am

I have another one to report. I have already submitted it to phistank for review. I do not know if it's from the same source, but I've received similar such phish e-mails for months. I haven't seen this particular one reported anywhere yet (as far as I can see with Google), so I'm posting it.

The link in the e-mail has the following URL in the A tag of the displayed legit-looking text address:

Code: Select all

http://us.blizzard.net.review-account-admin.net/securityconfirm.htm

Which obviously is not from Blizzard. Since I don't know if I can post here the e-mail with its links here, I am pasting the full source with headers below. I trust the experts here can deal with it as it is, but casual web users (like me) curious about what that gobbledygook Base64 code means, use something like Japplis Toolbox to decode it.

Regards,

Ed

Code: Select all

From - Sun Mar 13 16:03:21 2011
X-Account-Key: account17
X-UIDL: UID1913-1181100943
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <noreply@battle.net>
Envelope-to: webmaste r@ clubdearbitros . com
Delivery-date: Sun, 13 Mar 2011 04:54:44 -0700
Received: from bb-203-125-1-174.singnet.com.sg ([203.125.1.174] helo=battle.net)
	by tiger.arvixe.com with esmtp (Exim 4.69)
	(envelope-from <noreply@battle.net>)
	id 1Pyjsh-0001c9-I1
	for webmaster@clubdearbitros.com; Sun, 13 Mar 2011 04:54:44 -0700
Received: from oawx (unknown [133.228.117.56])
	by battle.net with SMTP id hplHLNGTYlVJBscj.1
	for <webmaster@clubdearbitros.com>; Sun, 13 Mar 2011 19:54:39 +0800
Message-ID: <4C1374727F2ED9E16145D5397E3A5A86@oawx>
From: "Blizzard Entertainment" <noreply@battle.net>
To: <webmaster@clubdearbitros.com>
Subject: Too Many Attempts Warning No.35
Date: Sun, 13 Mar 2011 19:54:28 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_060F_016EA252.12989F90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-EsetId: C04E2A2058C422389502

This is a multi-part message in MIME format.

------=_NextPart_000_060F_016EA252.12989F90
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: base64

RGVhciBjdXN0b21lciwNCkR1ZSB0byBzdXNwaWNpb3VzIGFjdGl2aXR5LCB5b3VyIEJhdHRsZS5u
ZXQgYWNjb3VudCBoYXMgYmVlbiBsb2NrZWQuIFlvdSB0cmllZCB0byBsb2dpbiB5b3VyIGFjY291
bnQgdG9vIG1hbnkgdGltZXMgKDQwMykuIFdlIGFyZSBjb25jZXJuZWQgYWJvdXQgd2hldGhlciB5
b3VyIGFjY291bnQgaGFzIGJlZW4gc3RvbGVuLiBJbiBvcmRlciB0byBndWFyYW50ZWUgdGhlIGxl
Z2l0aW1hY3kgb2YgeW91ciBhY2NvdW50LCB3ZSBuZWVkIHlvdSBmb2xsb3cgdGhlc2Ugc3RlcHM6
DQpTdGVwIDE6IFNlY3VyZSBZb3VyIENvbXB1dGVyDQpJbiB0aGUgZXZlbnQgdGhhdCB5b3VyIGNv
bXB1dGVyIGhhcyBiZWVuIGluZmVjdGVkIHdpdGggbWFsaWNpb3VzIHNvZnR3YXJlIHN1Y2ggYXMg
YSBrZXlsb2dnZXIgb3IgdHJvamFuLCBzaW1wbHkgY2hhbmdpbmcgeW91ciBwYXNzd29yZCBtYXkg
bm90IGRldGVyIGZ1dHVyZSBhdHRhY2tzIHdpdGhvdXQgZmlyc3QgZW5zdXJpbmcgdGhhdCB5b3Vy
IGNvbXB1dGVyIGlzIGZyZWUgZnJvbSB0aGVzZSBwcm9ncmFtcy4gUGxlYXNlIHZpc2l0IG91ciBB
Y2NvdW50IFNlY3VyaXR5IHdlYnNpdGUgdG8gbGVhcm4gaG93IHRvIHNlY3VyZSB5b3VyIGNvbXB1
dGVyIGZyb20gdW5hdXRob3JpemVkIGFjY2Vzcy4NClN0ZXAgMjogU2VjdXJlIFlvdXIgRS1tYWls
IEFjY291bnQNCkFmdGVyIHlvdSBoYXZlIHNlY3VyZWQgeW91ciBjb21wdXRlciwgY2hlY2sgeW91
ciBlLW1haWwgZmlsdGVycyBhbmQgcnVsZXMgYW5kIGxvb2sgZm9yIGFueSBlLW1haWwgZm9yd2Fy
ZGluZyBydWxlcyB0aGF0IHlvdSBkaWQgbm90IGNyZWF0ZS4gRm9yIG1vcmUgaW5mb3JtYXRpb24g
b24gc2VjdXJpbmcgeW91ciBlLW1haWwgYWNjb3VudCwgdmlzaXQgb3VyIFN1cHBvcnQgcGFnZS4N
ClN0ZXAgMzogUmVzdG9yZSBhY2Nlc3MgdG8gWW91ciBhY2NvdW50DQpXZSBub3cgcHJvdmlkZSBh
IHNlY3VyZSBsaW5rIGZvciB5b3UgdG8gdmVyaWZ5IHdoZXRoZXIgeW91IGhhdmUgdGFrZW4gdGhl
IGFwcHJvcHJpYXRlIHN0ZXBzIHRvIHNlY3VyZSB0aGUgYWNjb3VudCwgeW91ciBjb21wdXRlciwg
YW5kIHlvdXIgZW1haWwgYWRkcmVzcy4gUGxlYXNlIGZvbGxvdyB0aGlzIHNpdGUgdG8gcmVzdG9y
ZSB0aGUgYWNjZXNzIHRvIHlvdXIgYWNjb3VudDogaHR0cDovL3VzLmJhdHRsZS5uZXQvc2VjdXJp
dHljb25maXJtLmh0bQ0KSWYgeW91IHN0aWxsIGhhdmUgcXVlc3Rpb25zIG9yIGNvbmNlcm5zIGFm
dGVyIGZvbGxvd2luZyB0aGUgc3RlcHMgYWJvdmUsIGZlZWwgZnJlZSB0byBjb250YWN0IEN1c3Rv
bWVyIFN1cHBvcnQgYXQgaHR0cDovL3VzLmJsaXp6YXJkLmNvbS9zdXBwb3J0L2FydGljbGUueG1s
P2xvY2FsZT1lbl9VUyZhcnRpY2xlSWQ9MjA2MDYuDQpTaW5jZXJlbHksDQpUaGUgQmF0dGxlLm5l
dCBBY2NvdW50IFRlYW0NCk9ubGluZSBQcml2YWN5IFBvbGljeQ0KTWVzc2FnZSBJRCAydW5xcjdp
ZGd1a21pZGZraDNrb3VjdGg5NmFucnZ2aTRpOGV1Zm9rcmlsdg0KSWRlbnRpdHkgSUQgY2cycndn
a3ljam54aGJta2t0ZHNtNXdxdjg2djB6cmN6YnB4Ynl3eXNib2E=

------=_NextPart_000_060F_016EA252.12989F90
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2LjAw
LjI5MDAuNTkyMSIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFk+DQo8UD5EZWFyIGN1c3Rv
bWVyLDwvUD4NCjxQPkR1ZSB0byBzdXNwaWNpb3VzIGFjdGl2aXR5LCZuYnNwO3lvdXIgQmF0dGxl
Lm5ldCBhY2NvdW50Jm5ic3A7aGFzIGJlZW4gDQpsb2NrZWQuIFlvdSB0cmllZCB0byZuYnNwO2xv
Z2luIHlvdXIgYWNjb3VudCB0b28gbWFueSB0aW1lcyAoNDAzKS4gV2UgYXJlIA0KY29uY2VybmVk
IGFib3V0IHdoZXRoZXIgeW91ciBhY2NvdW50IGhhcyBiZWVuIHN0b2xlbi4gSW4gb3JkZXIgdG8g
Z3VhcmFudGVlIHRoZSANCmxlZ2l0aW1hY3kgb2YgeW91ciBhY2NvdW50LCB3ZSBuZWVkIHlvdSZu
YnNwO2ZvbGxvdyB0aGVzZSBzdGVwczo8L1A+DQo8UD5TdGVwIDE6IFNlY3VyZSBZb3VyIENvbXB1
dGVyPC9QPg0KPFA+SW4gdGhlIGV2ZW50IHRoYXQgeW91ciBjb21wdXRlciBoYXMgYmVlbiBpbmZl
Y3RlZCB3aXRoIG1hbGljaW91cyBzb2Z0d2FyZSANCnN1Y2ggYXMgYSBrZXlsb2dnZXIgb3IgdHJv
amFuLCBzaW1wbHkgY2hhbmdpbmcgeW91ciBwYXNzd29yZCBtYXkgbm90IGRldGVyIA0KZnV0dXJl
IGF0dGFja3Mgd2l0aG91dCBmaXJzdCBlbnN1cmluZyB0aGF0IHlvdXIgY29tcHV0ZXIgaXMgZnJl
ZSBmcm9tIHRoZXNlIA0KcHJvZ3JhbXMuIFBsZWFzZSB2aXNpdCBvdXIgQWNjb3VudCBTZWN1cml0
eSB3ZWJzaXRlIHRvIGxlYXJuIGhvdyB0byBzZWN1cmUgeW91ciANCmNvbXB1dGVyIGZyb20gdW5h
dXRob3JpemVkIGFjY2Vzcy48L1A+DQo8UD5TdGVwIDI6IFNlY3VyZSBZb3VyIEUtbWFpbCBBY2Nv
dW50PC9QPg0KPFA+QWZ0ZXIgeW91IGhhdmUgc2VjdXJlZCB5b3VyIGNvbXB1dGVyLCZuYnNwO2No
ZWNrIHlvdXIgZS1tYWlsIGZpbHRlcnMgYW5kIA0KcnVsZXMgYW5kIGxvb2sgZm9yIGFueSBlLW1h
aWwgZm9yd2FyZGluZyBydWxlcyB0aGF0IHlvdSBkaWQgbm90IGNyZWF0ZS4gRm9yIG1vcmUgDQpp
bmZvcm1hdGlvbiBvbiBzZWN1cmluZyB5b3VyIGUtbWFpbCBhY2NvdW50LCB2aXNpdCZuYnNwO291
ciBTdXBwb3J0IHBhZ2UuPC9QPg0KPFA+U3RlcCAzOiZuYnNwO1Jlc3RvcmUgYWNjZXNzIHRvJm5i
c3A7WW91ciBhY2NvdW50PC9QPg0KPFA+V2Ugbm93IHByb3ZpZGUgYSBzZWN1cmUmbmJzcDtsaW5r
IGZvciB5b3UgdG8gdmVyaWZ5Jm5ic3A7d2hldGhlciB5b3UgaGF2ZSANCnRha2VuIHRoZSBhcHBy
b3ByaWF0ZSBzdGVwcyB0byBzZWN1cmUgdGhlIGFjY291bnQsIHlvdXIgY29tcHV0ZXIsIGFuZCB5
b3VyIGVtYWlsIA0KYWRkcmVzcy4gUGxlYXNlIGZvbGxvdyB0aGlzIHNpdGUgdG8gcmVzdG9yZSB0
aGUgYWNjZXNzIHRvIHlvdXIgYWNjb3VudDogPEEgDQpocmVmPSJodHRwOi8vdXMuYmxpenphcmQu
bmV0LnJldmlldy1hY2NvdW50LWFkbWluLm5ldC9zZWN1cml0eWNvbmZpcm0uaHRtIj5odHRwOi8v
dXMuYmF0dGxlLm5ldC9zZWN1cml0eWNvbmZpcm0uaHRtPC9BPjwvUD4NCjxQPklmIHlvdSBzdGls
bCBoYXZlIHF1ZXN0aW9ucyBvciBjb25jZXJucyBhZnRlciBmb2xsb3dpbmcgdGhlIHN0ZXBzIGFi
b3ZlLCBmZWVsIA0KZnJlZSB0byBjb250YWN0IEN1c3RvbWVyIFN1cHBvcnQgYXQgPEEgDQpocmVm
PSJodHRwOi8vdXMuYmxpenphcmQubmV0LnJldmlldy1hY2NvdW50LWFkbWluLm5ldC9zZWN1cml0
eWNvbmZpcm0uaHRtIj5odHRwOi8vdXMuYmxpenphcmQuY29tL3N1cHBvcnQvYXJ0aWNsZS54bWw/
bG9jYWxlPWVuX1VTJmFtcDthcnRpY2xlSWQ9MjA2MDY8L0E+LjwvUD4NCjxQPlNpbmNlcmVseSw8
QlI+VGhlIEJhdHRsZS5uZXQgQWNjb3VudCBUZWFtPEJSPk9ubGluZSBQcml2YWN5IFBvbGljeTwv
UD4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA4LjAwLjc2MDAuMTY1ODgiIG5hbWU9R0VORVJBVE9S
Pg0KPERJVj48Rk9OVCBjb2xvcj13aGl0ZT5NZXNzYWdlIElEIGFjbWhhMnluemZzdGhucXVoZjRy
eHFsNXQ4dmpxa2JxZm15NngxY2s2bWRhPC9GT05UPjwvRElWPg0KPERJVj48Rk9OVCBjb2xvcj13
aGl0ZT5JZGVudGl0eSBJRCBxaWV0ZWlkcjZiYnVtMmxkb2Z4M3JvbHpxenFqNnRtZ2s2ZWR6cXNq
c3dzYzwvRk9OVD48L0RJVj48L0JPRFk+PC9IVE1MPg0K

------=_NextPart_000_060F_016EA252.12989F90--

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

RE: Gold and powerlevelling services - Phish/Scams

Post by MysteryFCM » Mon Mar 14, 2011 2:08 am

Related;

Domains living on 180.210.204.158;

List of domains/hosts

alphasunglasses.net
en.bctttle.net
eu-battle-net.com
eu-battle-net.org
eu-battle.org
eu.barttle-net.com
eu.batlle-net.com
eu.batrle-net.net
eu.batrle-net.org
eu.battie-net.org
eu.battlcv.net
eu.battlre-net.com
eu.battlre-net.net
eu.battlre-net.org
eu.battrle-net.com
eu.battrle-net.net
eu.battrle-net.org
eu.bettla-net.com
hi.bctttle.net
ok.bctttle.net
ua.battle.net.login-en.org
ue.battle.net.login-en.org
ui.battle.net.login-en.org
ui.brttle.net.login-en.org
un.bctttle.net
us-batlle.net
us-battle-net.com
us-batttle.org
us-bettle-net.org
us.barttle-net.net
us.barttle-net.org
us.batrle-net.org
us.battlcv.net
us.battle-nct.org
us.battle.net.account.bzitlc.net
us.battle.net.bt.battcle.net
us.battle.net.email.battlec.net
us.battle.net.en.battve.net
us.battle.net.hi.battve.net
us.battle.net.ss.battcle.net
us.battle.net.ss.battve.net
us.battle.net.tt.battlec.net
us.battle.net.uk.bacttle.net
us.battle.net.uk.battcle.net
us.battle.net.uo.bzitlc.net
us.battle.net.user.bzitlc.net
us.battlie.org
us.battlre-net.net
us.battlvo.net
us.battrle-net.com
us.battrle-net.net
us.batttle-net.com
us.batttle-net.net
us.bettla-net.com
us.bettle-net.com
us.bnttle-net.org
us.brttle.net.login-en.org
vibram5fingers.net
www(dot)alphasunglasses.net
www(dot)barttle-net.com
www(dot)barttle-net.net
www(dot)barttle-net.org
www(dot)batlle-net.com
www(dot)batrle-net.net
www(dot)battlcv.net
www(dot)battlre-net.com
www(dot)battlre-net.net
www(dot)battlre-net.org
www(dot)battlvo.net
www(dot)battrle-net.com
www(dot)battrle-net.net
www(dot)batttle-net.com
www(dot)batttle-net.net
www(dot)bettla-net.com
www(dot)ghdoutlet-au1.net
www(dot)paulsmithsoutlet.net
www(dot)vibramfivefingers-outlet.net

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

RE: www(dot)

Post by c۞g » Mon Mar 14, 2011 2:45 am

throws the MRT off with www(dot)

also some of those are not topic related, though scams, they are fake shoe outlet stores. :)

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

RE: www(dot)

Post by MysteryFCM » Mon Mar 14, 2011 3:08 am

I know ;o), mentioned them as related as they all share or did share, the same IP ;o)

Some of the domains related are also now dead. Only mentioned the whole list for informational purposes.

Guest

RE: Gold and powerlevelling services - Phish/Scams

Post by Guest » Thu Mar 17, 2011 4:08 pm

us.battle.customer-info-admin.net
us.blizzard.com.info-account-review.net
us.battle.net.review-information-admin-management.net
us.battleil.net
us.blizzard.com.info-management-review.net
blizzard.warcraft.com.info-management-review.net

Guest

RE: Gold and powerlevelling services - Phish/Scams

Post by Guest » Mon Mar 28, 2011 6:50 pm

Will rate bad for ethical issues.

Figure10
Posts: 270
Joined: Sun Jun 20, 2010 9:46 pm

RE: Gold and powerlevelling services - Phish/Scams

Post by Figure10 » Tue Mar 29, 2011 4:36 am


us.battle.net.1ogin.en.eu-baett1e.net
battle.net.login.zh.suppor.management.xml.admin-notice-wowaccountadmin.com

Guest

RE: Gold and powerlevelling services - Phish/Scams

Post by Guest » Wed Mar 30, 2011 10:18 pm

us.battle.review-account-identify.net

Angalia
Posts: 73
Joined: Tue May 11, 2010 8:58 pm

RE: Another being spammed today

Post by Angalia » Sat Apr 02, 2011 1:20 am

brothergame.com still spamming WoW ..

brothergame.com/World-of-Warcraft-US.Gold

Also this one:

2joygame.com

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests