Today was to be the last day of my sub. So I get the following email:
We regret to inform you that an investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzards EULA under section 4 Paragraph B which can be found here:
To verify your identity please visit the following webpage:
Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.
I have no clue what the hell they are talking about. I have an authenticator on this account. I haven’t logged in in nearly a month and I’m trying to cancel. Therefore I’m selling the account??? I’m am SO not going to ever go back. I guess they feel there is no other reason for me to cancel unless I was going to sell the account. That is just madness. I’m canceling the account because the game is not fun for me anymore, but apparently that’s not possible in their eyes.
Even though it’s a bot, it still pisses me off to be accused of cheating.
Seriously: Something went wrong on their side that put some red flags on your account for whatever reason.
Back when I canceled my 2 subs all went fine besides the sad little peon on the confirmation page :(.
When I re-subbed all was fine, too.
Only got this email when someone stole my login data and used it for gold selling / spamming.
Was resolved fairly quickly, too once I provided information that identified me as the legit owner of that account.
That was my thought, which is why I didn’t click on the link. Um, I’m cancelling anyway and really this is a good thing because it will assure that I will never be back (unless of course it really is a scam, then when I get my life where I want it, I may reconsider).
It just torks me that they would try this. And there’s an authenticator on the account, so it’s not supposed to be able to be compromised. I did try to log in and the authenticator is still on the account. I also wanted to know (which I should have said) if other people had this happen to them.
Go to the official website, click on “Account Management” and enter your login / pw + token number.
You should see the status of your account then + the recent history of it OR you will get a message that your account is “on ice” because Blizzard is investigating something (got this message when my account was hacked / put on hold).
If you see a button “resub” then all is fine. You should always be able to access this page as long as your account exists whether active or not.
PS: Might be a good idea to “de-link” the token from your accout (if possible) in case you lose it and want to play WoW again in a year! ;)
I’d lay money on that being a phishing email. Even if it wasn’t, as has been said, taking a minute to log in to your account to ensure everything is well and your cancellation is going ahead was probably prudent, should you ever want re-subscribe.
Ok guys, this is really interesting. On the screen (and when I have gmail show details, the link shows something like https://xxx.worldofwarcraft.com xxx.xxx.xxx (I’m too lazy to type the whole thing), but when I copied the link it to show you guys, the paste came out like this:
The blog link says the email came from a gmail account. I’m not seeing a gmail account, even with show details on. The first thing I did was to show details, but it still showed up as a worldofwarcraft.com address, and a @blizzard.com email.
Ah well, I wasn’t going to click on the link anyway, and since I have an authenticator, my password wouldn’t have done them any good. All’s well that end’s well. Still cancelled though :)
Well if they found a real badly configured SMTP server they can spoof emails to appear from wherever they like to. Most that allow relay (forwarding an email that was sent to them) will show the real sender IP / domain in the header but some will simply accept everything they get.
Back when the internet was fun I used to send friends emails from [email protected] demanding that they license their MS software.
A lot of SMTP servers allowed open relaying (= not checking whether your IP matched the domain you said you are from -> microsoft.com) since spam was no big issue back in those days. Today it’s much harder to find such a badly configured machine but they are still out there.
Good times back then. :)
Concerning the spoofed link. I recall having read that there is a way to mask the real link using a special format of the link structure but I don’t know any details and I am too lazy to google.