So I fell for a phishing attempt for the first time, today. It was a scheme to steal my Battle.net account information. I don't have WoW, but I do have Diablo II registered on there, so I suppose they wanted that?
Anyway, the phisher fooled hotmail into thinking the email came from [email protected] , which I know to be their email for sending me account notices. The actual email came from [email protected], which is clearly a spammer address, but you can only find this out if you look at the message source (thanks for that hotmail). The email was a pretty good replication of a Blizzard automated message telling me that my account settings had changed and that if I had changed them, ignore the email, but if I had not, go here to review my account settings.
I always always look at the url of links in email messages, but for whatever reason I didn't this time. Stupid of me, but I guess the combination of the known return address and legitimate looking message had my guard down. The link went to http://www.battle.net-supporsafety-management.com/ which is a phishing site where I assume I would have received a virus or would have given them my account info or whatever.
Except that Firefox saved me from myself.
Instead, I got a big red screen from Firefox telling me I did not want to go there and I woke up and looked again at the email and I figured all of this out.
So thanks, Firefox!
(and boo, hotmail, for obscuring key information that would have alerted me to a phishing scheme)