OK, so… this new attempt of stealing accounts looks so good that almost got me.
When I came to work this morning my work e-mail had a new message (when battle.net accounts came out I used this address to “test” it but I never added any wow account in):
Blizzard Entertainment recently received a request to change the e-mail address used to log in to the Battle.net account with the username **************@a***********.ro. The e-mail address firstname.lastname@example.org has been specified as the new username for this Battle.net account. An email has been sent to this new address containing a verification link to complete the change.
Once the new address has been verified, the e-mail address **************@a***********.ro can no longer be used to log in to this Battle.net account or any World of Warcraft accounts merged with this Battle.net account.
If you did not initiate this request, please click here to contact the Blizzard Billing & Account Services team immediately.
The Battle.net Account Team
And… to be sure I checked an original mail from blizzard where idd I changed my battle.net account and that one… looked exactly the same, with 2 differences:
1. the sender NEEDS to be: Blizzard Entertainment (email@example.com)
2. the “click here” link will send you the battle net account with the fallowing address:
while the first e-mail will send you to: http://us.battle.blizzard-email-confirm.com/.
SO… in conclusion… don’t even try to type your e-mail and password there because what I got was:
Please notice the difference btwin those 2 addresses and DON”T lose your account. One more thing: for a US battle.net the page should have: https://us.battle.net/account/support/index.html?rhtml=y
In fact, your account is safe… for now, but you will “get rid of it” if you enter your e-mail+pass.