Pages

Wednesday, November 16, 2011

I Smell Fraud

Something interesting brewing on a couple wine enthusiast websites. Apparently, a large quantity of users there have suddenly been hit by multiple credit card charges from "Blizzard Entertainment".

The situation is suspicious because so many users grouped together on these very specific forums are all being charged fraudulently by the same company. Most of the charges are Blizzard related, and there are also common iTunes purchase trends. Check out the Wine Library forum, for example. This one too, but it requires an account.

Many of the users there weren't familiar with Blizzard, so many guesses were about the "Wizards of Warcraft" game and if Blizzard was some kind of Adult Entertainment company.

What is apparent, however, is that there have been many fraudulent credit card charges just recently and dating back over the past couple months. They all probably use the same wine (or related) online ordering site, and their credit card numbers have been compromised. (They have not received any breach notifications, however, which most companies aren't required by law to report anyways.)

Normally, I would suspect overseas farmers.. but most of these charges are for continued monthly subscriptions (only subscriptions, no extra purchases like software), and they're also making iTunes purchases. Maybe teenagers? :)

SS Chris wrote:
"Blizzard must be having a spectacular quarter from a Revenue perspective."
On a related note, Blizzard is actively investigating the issue it seems. I received Blizzard HQ traffic from the wine forums which I found highly unusual, and it was really the only reason I looked into it. Perhaps it was one of the "legendary" Fraud Specialist / Billing employees. According to Blizzard experts, though, the position does not exist, it has never existed, and only a raving lunatic wearing a tin foil hat could ever imagine and make up the fact that Blizzard would ever actually hire for a "Fraud Manager" or "Fraud Specialist" position. :)

I never realized this was such a problem, but apparently the issue goes back for many years.

Here's an older one that probably was farming related:
Blizzard just took $1100 out of my account and I've never even heard of them before today let alone bought anything from them! They took out 6 lots of $91.63 & 3 lots of $183.27.
These other, more recent ones, are just for continued monthly subscriptions, and they've ruled out their own children.

After seeing all of this, I have to wonder if any of these Active Subscriptions were used in their vanity figures? Some fraudulent charges might never get caught, or are only discovered after several months. I wonder what percentage of "Active Subscribers" are actually fraudulent charges? :)

* UPDATE (11/22/2011):

Looks like it finally got picked up by some other sites.

Apparently, the Winelibrary site itself maintained a list of user's credit card numbers. Possibly unencrypted plaintext?

* UPDATE (11/29/2011):

Blizzard has just updated their MVP FAQ.

One of the readers here was very upset that a MVP could ever be considered a Blizzard expert or ever be credible:
And btw, calling a MVP (which is not paid by Blizzard) a Blizzard expert isn't doing good for your credibility. You're starting to employ the same tactics as those that you pretend to uncover.
According to Blizzard, though, they have officially stated that:
"MVPs.. answer other players' questions consistently and accurately. It lends a note of credibility to what they post; it allows players seeking answers to take what they say at face value, and frees up Blizzard representatives so that they can focus on their primary responsibilities."

"MVPs promote constructive posting wherever they can. They contribute to the community and encourage polite discussion throughout the forums. When you see an MVP post, listen to what they have to say—they were also chosen for their knowledge of the game."
And the MVP that was quoted in regards to the Fraud position was the #1 MVP of them all. That's pretty credible, wouldn't you say? :)