I found this great information at http://world of warcraft.stratics.com about a common WoW scam regarding stealing of accounts and passwords:聽
This is probably the most practiced scam within all online games:
Players will often email you or act as an Blizzard employee or Blizzard representative (both in-game and out-of-game), when in reality they're just fishing (phishing) for your account information so they can steal what you have on your toons and in your bank before you can get the password changed/recovered through Blizzard support services.
There are a few rules you can follow to avoid this. If you are being emailed, make sure you are sending the email to an @blizzard.com or @battle.net address. If it is an in-game avatar, say NO, and consider reporting the player for impersonation of a Blizzard employee.
Blizzard is not going to use Avatars to make announcements, it's just to hard to cover so many people.
And do not fall for scams which ask you to give your World of Warcraft account name to win a prize! The KEY though is that official Blizzard representatives will NEVER EVER ask you for your account name via e-mail, on a website (except official secure sites), or in-game.
Remember, they have this information on file and will never have a need for you to supply this to them. If you get a request like this, make sure to alert all community sites and Blizzard so that word can get out about the scam.