Do these people look like they want to help you? A customer support big phish story

You probably get loads of spam. And you probably have noticed that some of those mails try to trick you (phish) personal details, such as credit card numbers and personally identifiable details that could be used to scam you. And these phishers are getting smarter.

Once happy to prey only on newbies and the truly stupid, phishing mailers used to send poorly written, typo ridden messages that were easily sniffed out by Internet veterans. But not so much these days.

I got an e-mail recently that looked like it might have been legit. It claimed I had a account which had its password recently changed. And if I didn’t initiate this change, I should contact Blizzard support to reclaim it.


This is an automated notification regarding your account. Some or all of your contact information was recently modified through the Account Management website.

*** If you made recent account changes, please disregard this automatic notification.

*** If you did NOT make any changes to your account, we recommend you log in to Account Management review your account settings.

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance.

Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8AM-8PM Pacific Time) or at

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.


The Support Team
Blizzard Entertainment
Online Privacy Policy

These sorts of mails are commonly triggered for security reasons, so it gave me pause. Did I have a account? It was entirely possible. Could someone have hacked it? Certainly. Did the mail come to the e-mail address I would have used when creating such an account? Yes, in fact, it did – an account that until now had been mostly free of spam. And those do appear to be legitimate phone and e-mail support options (they’re banking that you’ll choose the easy method and just click the link).

So I did the smart thing and visited Blizzard support. But I did NOT use any of the links in the e-mail I received. E-mail links are easily diverted to addresses that look remarkably legit but are really fronts for data thieves. No, I typed in a search and found the verified Blizzard support page, which looked like this:

Blizzard Support page

Do these folks make you feel warm inside? Maybe from the blood spilling from your entrails.

What do you think of this page? Does it look warm and inviting? Do the characters portrayed on it suggest that helpful support personnel are standing by, ready to help you through whatever problem you might be facing down?

No. The woman looks like she’s piercing your soul with her silvery eyes and considering whether you’d make a tasty snack for her pet serpent. The dude on the right looks like he’d be sneering at your Level 1 Dwarf except that he’s decided that you’re beneath his contempt and will roundly ignore you should you attempt to engage him in conversation.

Probably not what Blizzard was going for, unless their goal is to sacrifice customer service for reduced support volume.

Despite the icy virtual reception, I submitted my support request. I only asked whether I ever had an account with them attached to the e-mail address that received the notification mail. It took a follow-up to clear up the issue to my satisfaction. This is a common problem with support – they don’t actually read the message, they scan it for keywords and then cut and paste canned responses. Here’s what I got back:

Thank you for contacting Blizzard! My name is Charli and I am from Blizzard’s Account and Technical Services department. I have read through your e-mail and would be happy to assist you. We have recently seen an increase in phishing attempts which pose a real threat for account security. As a friendly reminder, many scams will ask you for your password, which is something Blizzard Entertainment will *NEVER* do.

You may wish to review the following links for more information on phishing emails:

     – Types of Account Thefts:

     – How to tell if the email you received is legitimate:

     – Information concerning email scams, examples of phishing emails, and what to do in the event you have received a phishing email can be found on the Customer Service Forum here:

Add a authenticator to the account and receive an exclusive Corehound pet! Information about this security device can be found here:

If you feel you may have responded to a phishing email, and are unable to access the account, please contact Account & Technical Services. With proper verification our representatives may be able to assist you in recovering the account. Our contact information can be found at

Charli could be a guy or a girl, so I don’t know if it was the ice princess or that sneering dude who replied. To his or her credit, s/he did allude to the fact that it could be a phishing scam – but did not state what I actually wanted to know. A simple “The email address used to contact us is not and has never been registered to a or World of Warcraft account” would have satisfied me. Which is what I eventually got, when I pressed for a more specific answer.

Since then, I have received several more “notifications” from the Society of Not Really Blizzard Phishers, including a notice of “Suspicious Activity – Account Locked” for my non-existent World of Warcraft account.

If there’s a silver lining here, apart from the fact that I avoided clicking what I can now see is a very suspicious link, is Blizzard’s concise white list messaging. I’ve written white list messages myself for various organizations in my roles as communications director and community manager, and this is a good one. Short, sweet and detailed:

Please be aware that if your email service or software utilizes restrictive junk or “spam” filters, you may not be able to receive important emails from our support department. This can often include critical account notices, password recovery, and billing confirmation. If such filters are in place, these messages may wind up in a junk folder, or even be deleted automatically.

To ensure you are able to receive support messages, please review the following options:

Do not use the “Spam”, “Junk”, or “Junk Mail” buttons to delete emails from Blizzard Entertainment. If this happens it may not only prevent you from getting important emails, but your mail service may start blocking ALL Blizzard Entertainment emails of any kind, for ALL its subscribers.

Check your “Junk Folder” or “Spam Folder” and make sure you do not see any official emails there. If you see any, be sure to mark them as “Not Junk” or “Not Spam” so that messages are not improperly filtered in the future.

Add our email addresses to your Address book or “Safe Sender” list:

  • *

Following these steps should ensure that you receive all the messages from Blizzard Entertainment. If you have any questions or concerns, please don’t hesitate to let us know.

Now, if they could just convince us they really do want to have a dialog with their customers!

Comments are closed.