Hmmm… I guess what I can say here is that if those mails came from us, that means someone knows your Account Name (user name or log-in name). The fact there’s been no access is great, and you’ve followed very sensible security protocols. (I would be remiss in not saying that sometimes someone gets all needed information to access an account but waits and uses it later. I’d call that percentage pretty small, though.)
On the other hand, this definitely could be random: Some RMT company acquire a list of “One Gazillion Valid E-mail Addresses!” and then spam those addresses to see if they can match them with a list of known passwords. With what you’ve done, and because, as you said, you’ve “checked my account management, no unusual logins, have the authenticator installed, and e-mail and game password are unique and not shared with any other games / websites. Only buy my gems from the ingame store, and don’t visit any other fan forums” I think you’re pretty secure.
If this is a concern and you’d like to change your user name, please go ahead and submit a ticket (click “Support” above, then “Submit a request”). I get sent about a half-dozen to a dozen phishing attempts a week. I know they are just sent out to people without the sender knowing anything else. And yes, I’ve gotten the “attempted password change” e-mails a few times as well and all has been ok.
But again, we’re happy to help you if you’d like to change to another Account Name.
