While cleaning up the mailbox today I've found a recently received email from
"email@example.com", subject "New Request Notification - Change the Login Address"
Pay attention that it can be in your inbox folder, in my mailbox it was in "spam" so thanks to the mail server (this one was in my google mailbox that's registered with the account) :)
When I opened it, I got notified by the web interface that the email it had been sent from does not correspond with what was written, and all links were disabled there by the security measures.
It had this text:
Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username [my mail here :P - Alex]. The e-mail address firstname.lastname@example.org has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change.
Once the new address has been verified, the e-mail address [my mail here again - Alex] can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account.
If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately.
The Battle.net Account Team
Looks suspicious, doesn't it :) But at first sight it might not; and a bit of smuggling on emotions also.
It's the small things you check, like, there are asterisks in the email that's specified for new,-- I'd expect it be revealed in such letter; and the verification procedure is kind of strange; you'd have to contact the Blizzard from your current email and they'd ask you a hell of a lot of questions I guess, if it can be possible at all. But, maybe it can, so beware of false notifications :)
I couldn't see where the links actually lead, because they were blocked, but no doubt it'd be some illicit site :)
You can always check where a link leads in the lowest line in the browser :) It's widely (and rightfully) advised that you do so before clicking on any link.
But, it can be different with this. Some such letters which claim to be from Blizzard, may have links like
ht tps ://eu.battle .net/login/en /login.xml?ref= htt ps%3A%2F%2Fus.battle.net%2Faccount%2Fmanagement%2Findex.xml&app=bam
I added here some spaces so it's not active and you won't click it by accident :)
Let's read the link...
Apparently, leads to battle.net, but afer the login part there is a "?" that indicates a query elsewhere, and after this there's some script execution and "ref" that means "in specific, go here:" after this you can see some very strange address :) and there you can see the "&" symbol, and "app=", which means "and execute this".
There are also email clients if you use one, that allow to see the real sending address together with the one specified in "From". :) (just so you know it's VERY easy to substitute it)
A good email client can also show you in detail quite some data about a given letter from its headers, or has addons that allow to do it. :)
You can also use complex passwords with, like, #%^ symbols and both capital and small letters, a good password will take zillion ages to bruteforce, till the Sun goes dark or maybe even more time :)
This one is also the reason for hijackers to use other methods, like breaking into database to get hashes or passwords directly, or social methods and phishing, to make you tell the password or go to a sinister website, which we an widely see happening :)
There's a saying that there's no fully secure pc and the most secure one is the one switched off and buried three meters underground nobody knows where :) But we have them turned on, so, increasing your awareness and alert can greatly improve the security of whichever you deal with :)