WTF? My WoW account

Today was to be the last day of my sub. So I get the following email:


We regret to inform you that an investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzards EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement

And Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated. In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:

<link removed>

Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Account Administration
Blizzard Entertainment

I have no clue what the hell they are talking about. I have an authenticator on this account. I haven’t logged in in nearly a month and I’m trying to cancel. Therefore I’m selling the account??? I’m am SO not going to ever go back. I guess they feel there is no other reason for me to cancel unless I was going to sell the account. That is just madness. I’m canceling the account because the game is not fun for me anymore, but apparently that’s not possible in their eyes.

Even though it’s a bot, it still pisses me off to be accused of cheating.

If it’s a mistake then it’s a mistake and you contact them and explain it.

If you’re cancelling…then what’s the big deal?

You seem awfully upset over something that can get resolved with a telephone call.

Better stop that ebay auction! ;)

Seriously: Something went wrong on their side that put some red flags on your account for whatever reason.
Back when I canceled my 2 subs all went fine besides the sad little peon on the confirmation page :(.
When I re-subbed all was fine, too.

Only got this email when someone stole my login data and used it for gold selling / spamming.
Was resolved fairly quickly, too once I provided information that identified me as the legit owner of that account.

Are you sure this isn’t just a scam? I mean, the whole, ‘to verify your identity, go to this handy-dandy url I provided’ is the classic scam technique.

That was my thought as well…you should be 100% that link is legit before you enter any info.

That was my thought, which is why I didn’t click on the link. Um, I’m cancelling anyway and really this is a good thing because it will assure that I will never be back (unless of course it really is a scam, then when I get my life where I want it, I may reconsider).

It just torks me that they would try this. And there’s an authenticator on the account, so it’s not supposed to be able to be compromised. I did try to log in and the authenticator is still on the account. I also wanted to know (which I should have said) if other people had this happen to them.

Go to the official website, click on “Account Management” and enter your login / pw + token number.
You should see the status of your account then + the recent history of it OR you will get a message that your account is “on ice” because Blizzard is investigating something (got this message when my account was hacked / put on hold).
If you see a button “resub” then all is fine. You should always be able to access this page as long as your account exists whether active or not.

PS: Might be a good idea to “de-link” the token from your accout (if possible) in case you lose it and want to play WoW again in a year! ;)

This seems like a phishing scam to me.

It’s almost certainly a phishing scam. I am pretty sure that Blizzard never provides a direct link to account pages in emails–they’ll just say “log onto your account.”

Pretty easy to find out if it’s a scam… just ‘view source’ on that email and look at the link in its raw html format. It probably takes you somewhere other than or

I’d lay money on that being a phishing email. Even if it wasn’t, as has been said, taking a minute to log in to your account to ensure everything is well and your cancellation is going ahead was probably prudent, should you ever want re-subscribe.

It’s a phishing scam.

Mouse over the link they provide, I’m betting it looks like this, or something close.

Your link doesn’t work Griddle. :p

Ni hao. ^.^ You geiv gold.

Pretty professional-looking scam, but remember to always check the domain of whatever page you’re being sent to.

And also remember that the companies providing these sorts of services (WoW, Xbox Live, etc.) will never ask for your password, ever.

Qt3 – post here and we’ll google shit for you.

Ok guys, this is really interesting. On the screen (and when I have gmail show details, the link shows something like (I’m too lazy to type the whole thing), but when I copied the link it to show you guys, the paste came out like this:

The blog link says the email came from a gmail account. I’m not seeing a gmail account, even with show details on. The first thing I did was to show details, but it still showed up as a address, and a email.

Ah well, I wasn’t going to click on the link anyway, and since I have an authenticator, my password wouldn’t have done them any good. All’s well that end’s well. Still cancelled though :)

Well if they found a real badly configured SMTP server they can spoof emails to appear from wherever they like to. Most that allow relay (forwarding an email that was sent to them) will show the real sender IP / domain in the header but some will simply accept everything they get.

Back when the internet was fun I used to send friends emails from [email protected] demanding that they license their MS software.
A lot of SMTP servers allowed open relaying (= not checking whether your IP matched the domain you said you are from -> since spam was no big issue back in those days. Today it’s much harder to find such a badly configured machine but they are still out there.
Good times back then. :)

Concerning the spoofed link. I recall having read that there is a way to mask the real link using a special format of the link structure but I don’t know any details and I am too lazy to google.

If you look at the HTML source of your email you’ll probably see:

<a href=""></a>

It’s common in phishing scams.