After going many months without seeing a single phishing email, I finally got one claiming I was trying to sell my SWTOR account. (Part of me almost feels like there should be an achievement unlock for this.) Those of us who have been dedicated WoW players for years will recall the thousands upon thousands of phishing emails that we have gotten in the past, claiming a variety of things, such as we were attempting to sell our accounts or that we had magically gotten into a beta we hadn’t signed up for. To the untrained eye, these emails do look like we’ve gotten an email from the official source. However, closer inspection will reveal that the email does not originate from where we think it does. Take a close look at the the email address of the person who sent you said email, or, if you can, check out the original header (which might not make sense to you, but you can easily see where the email originated from that way). Also, do not click the links contained within the email. Ever. They will inevitably lead you to a website that looks like the official page, but is not. They’re just trying to get your account information.
Of course, if you’re unfortunate enough to have received an email like this, you might be wondering what to do with it. Blizzard provided us with an email address to forward all phishing emails to, but once I had gotten my first SWTOR phishing email, I realized that I didn’t know what to do with said email apart from deleting it. Did the devs have an email to send all phishing emails to like Blizzard did?
Curious, I scoured through pages and pages of the Customer Service forum and then finally the FAQ when I couldn’t find anything more recent than January before I finally found something of a solution. If you receive such an email and aren’t certain what to do with it like I was, here’s what you do, taken directly from SWTOR’s own FAQ:
Emails sent to you from Star Wars: The Old Republic are sent from the mail domain @email.swtor.com, and this domain should be the only one you see in the sender and reply-to headers in an email that is genuinely from us.
Please also be aware that we will never request your password details or the answers to your Security questions via email.
If you receive an email claiming to be from Star Wars: The Old Republic that asks you to provide this kind of information (either by replying to the mail or by clicking on a link inside it), please do not reply to the mail and do not follow any hyperlinks in the message. We would ask you to please forward any suspect mails to support@swtor.com so that we can investigate them.
With this information in hand, I made certain to copy the full original header and paste it into the email (habit from forwarding phishing emails to Blizzard) before I forwarded my first SWTOR-related spam mail off to the bolded address above. I actually got two very quick responses from the CS team once I did so: one to confirm they had received the email within five minutes after I had forwarded it and one at least an hour or so later confirming that it was, in fact, spam (which I knew already) and tips on how to tell the real thing from the phishers.
Essentially, though, guys, if it looks suspicious, it probably is. Even if you aren’t sure, you can always forward it off to the support team to make sure. They’ll tell you whether it’s official or whether it isn’t. If you’re worried about someone guessing your password and getting into your account, though, make sure you invest in an authenticator/security key. Either buy a physical one or download one from your iTunes/Android app store and get it attached to your account, which makes it much more difficult for people to get into it if they manage to crack your password. There have been many WoW horror stories I’ve heard where guild banks get cleared out, characters get transferred and/or stripped of their equipment just for the gold. Please do not let this happen to you.