A solution for phishing

[Souca]

All,

I just submitted a suggestion I had for allowing users to verify emails from Blizzard by archiving them on a section withing the Battle.net account pages. Not sure if you think it's a decent idea or how the suggestions thing works, but if you do like it, I'd encourage you to comment on it on the forums.

The link is here. A summary of the post is below:

Subject: Battle.net Correspondence Section

Place a section within the Battle.net Account manager that lists all account related emails that Blizzard has sent regarding the games attached to that Battle.net account. This would provide a safe method for users to validate that an email they received was in fact from Blizzard. This section would not need to include the Blizzard Insider, but should include promotional emails, such as those asking players to reactivate accounts, or any other message that a third party is likely to use in a phishing attempt. All emails sent from Blizzard should include text explaining that the user can log on to their Battle.net account to confirm the validity of the message. Messages should be kept for at least 60 days.

I voluntarily submit this suggestion to Blizzard Entertainment and grant them full use of it without limit.

- Souca -

[Shodokan]

Actually a sound and easily implemented idea.

[Toned]

That is a really good idea ^^

[Norrin]

As a developer, I would agree this is an easily implemented solution.
I like it too.

[zenga]

How i understand your suggestion:

The theory is good, people can doublecheck. However i like to know how many people actually 'would ' doublecheck.

About easy implementable: that totally depends on their infrastructure. From my experience usually the front end (the site) is totally separated from the mailserver.

[rfuilrez]

Who cares if it's seperated from the mail server? They're still networked together, even if they're not on the same machine. Besides that, to send an email, they're already pulling information out of the database for your account. All they should have to do, is add a table for recent "blue" emails to the database, and when they pull your email address, add an entry for the email they're sending. Then its a simple SQL query by the web server to pull the information and display it.

To even go one step further, my bank sends me emails saying "You have a message. Log in to your account to view it". Though, this may be a little over kill for a game.

[Souca]

Thanks for the feedback. I went ahead and bumped my own official thread since it had slipped down to page 8. I'd really like to see them do this, since there have been some emails I was never really sure about. Luckily they weren't ones I needed to respond to, so it was safer to just ignore them.

- Souca -

[Toned]

1 Stored proc would solve the problem ^^

[Maxion]

I can just see if this gets implemented, all the phishing mails will have a link to "battle.net" for verifying the email.
Nothing that can be done about stupid people getting scammed i guess, but at least the suggestion would help us more cautious users know for sure about each email.

[Souca]

I can just see if this gets implemented, all the phishing mails will have a link to "battle.net" for verifying the email.
Nothing that can be done about stupid people getting scammed i guess, but at least the suggestion would help us more cautious users know for sure about each email.

I actually thought about putting something in there about not linking to the list of messages, since those will just be another phishing link. It would put a higher burden on the phisher though, since they would need to include more account specific stuff on the phishing page. Granted, I'm not sure how good the spoofs are in the first place, as I have never clicked on a link to go to the wow pages; I always type the url out just to be safe.

- Souca -