MMO: How to know if an email is real or phishing

I have always taken this for granted, but the proliferation of phishing emails, makes me wonder who knows how to tell a phishing email, from a legit one?

The first step to determine a phishing email is a proactive one.  We start by creating a new email, and only using this email for the game we play.  For example, for general contacts, I use one email, for PayPal, I use another, and for each game I play, I use yet another.  What this does, is allows me to know, that when an email doesn’t come to that game email I specifically set up, then it’s likely a phishing attack.

Next, we look at the headers.  The headers of an email, will tell where the email came from, but it’s not a fool proof way to verify the information.  There are some email programs out there, that will allow you to edit the headers.  For example, I once sent an email from BigBird@SesameStreet.com, I then modified the headers how I wanted, and the email became untraceable. An additional method that spoofers will do, is to bounce an email off an official server, so that the headers to look legit.

Thats why we need to look at the actual email.  The first clue that something is amiss, is the lack of personalization.  A phishing attack, will never mention your account name.  Smart Phishers will do a little research and look for your name, but without the account name, then this is a sure sign of an attack.

Next, we look at links.  We actually hover over them, to get a look at what the link looks like, their true form.  For example, if it looks like worldofwarcraft.com, but we hover over it, and it’s actually world.ofwarcraft.com, then it’s a phishing attack – this should show in the status bar, at the bottom of the page.  It might be an option in your browser, so if you don’t see it, go in and turn it on.  Attackers usually use a free host for this, because a free host doesn’t try to verify your real information.  So really we might see something like wow197.110mb.com.  I think most of these people are stupid, because if they really wanted to get accounts, they would be smarter about it and just find a host who allows you to send them cash.  But I guess phishers are cheapa$$’ – I suppose this is why I don’t phish, I would make mine look real.

Next, check out the grammar and spelling.  Normally a phishing attack will come from some foreign country or is written by children who are used to texting.  What this mean’s is quite simply that the text has spelling or grammar errors, and Blizzard doesn’t send out text with spelling or grammar errors.

Now read what the email is offering you.  Are they offering you to get into a beta program, are they claiming you are suspended and need to check your account? The best way to verify this information, is to know the actual login location for your account.  For Blizzard’s games, it would be battle.net.  Goto the official url, and login.  Don’t EVER follow a link in an email – even an official looking one.  Even if it is official, then you don’t hurt yourself by going to the official url.

The last thing we want to look at, is the use of graphics.  If the email is without graphics, then it’s likely a phishing attack – unless you opted out of graphic emails.  Most likely the person who sent it, doesn’t know how to send a graphic email.


If you do follow a link, and you entered in your information, and realize it afterwards.. simply login to the official url, and change your password.  Normally it takes 3-7 days (or more) for a phisher to check and see which phish they caught in their nets.  It gives you plenty of time to change some information.  If you actually gave away your real name and secret answer, call the game company -don’t email them or it could be too late – and let them know of the situation.  I know for a fact that while Blizzard claims they cannot change their SQA, they can.  I am sure other companies can as well.  However, they might lock down your account, until you can prove it’s your account, so make sure you are the registered owner before calling a game company.


When you do find a phishing email, notify the game company, the search engines, and the host.  For example a recent one was sent with a site hosted at ripway.com.  Notify that host of the email you received.  It will be much more likely to stop and close the account, thus wasting the time and possibly resources of the phishers.

Page Views: 39

One Response to MMO: How to know if an email is real or phishing

  1. I think you hit the nail on the head

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php
X

Forgot Password?

Join Us