Everybody wants their WoW account to be safe right? It’s not
like anyone ‘wants’ their account to be hacked, to lose their characters, gold and gear and be forced to spend hours on the phone to Blizzard’s Support Line. Yet how many of your accounts are actually safe?
I’m not trying to scare you or anything, but for most of you reading this your attempts to stay safe are woefully inadequate. I’m going to tell you why and what you can do about it.
But Nec I really try and keep my account safe…
I change my password every so many weeks…
This is completely useless. It’s not even 1% helpful. It is not helpful with WoW or with email or anything else. The only person inconvenienced by regular password changes is you, the user.
If a keylogger gets your password, it’s not going to think “Score, got the password, I’ll just wait 5 or 6 weeks before sending it.”
The hacker who gets your password, isn’t going to think “Ahh another password, I’ll just set it down here and access it in a month or so.”
Of course not, they’re going to send the password immediately and hack your account immediately. They’re not going to sit on it for a while, they’re gonna strike while the iron is hot and loot your account. They’ll probably do it when you just logged in, so you’ll get disconnected, try and reconnect and get the terrifying “Incorrect password” alert. You never had time to change your password.
Changing password effectiveness is Zero.
I run a virus scan every x days…
The chances of this working is really sketchy at best. Virus scanners are a resource hog, they eat your processor, so most people don’t scan whilst they’re playing WoW, they’d scan late at night when they’re not using their PC and tell the scanner to shut their PC down when it’s finished. Of course this scan takes place a couple of hours after you had surfed the web, possibly picked up a keylogger and then went into WoW for your raid night. Oops, they got you.
Some virus scanners scan the websites you’re on and the files you download as they’re being downloaded, I know AVG Free does this. That is why the chances of this working is sketchy as opposed to non-existent. The scanner may detect the keylogger early on before it has a chance to do anything. Then again, it might not.
Scanning regularly gets rid of any keyloggers that may be on your machine, but by that point you’ve probably already been hacked so it’s too late.
I don’t click on any dodgy links either.
Not every keylogger relies on you clicking links. It’s a common belief that if you get a keylogger it’s because you clicked on a dodgy link, went to a fake W site or a gold buying site. This isn’t always the case.
Do you see adverts on many sites you frequent? The banner on top of message boards, the ads to the side of Facebook, even Google adverts? You know the ones I mean? They’re used frequently by virus makers, especially the ones for cheaper sites that are forced to be ad supported with flashy animated banners. It’s called a drive-by-malware-attack. The moment the ad loads on your screen… BAM! You’re infected. You clicked nothing, you did nothing, you still got keylogged.
Effectiveness of not clicking links is like a 50/50. You won’t get caught by your own stupidity, but the unpredictable nature of what ad is going to pop up next on your favourite messageboards still leaves you vulnerable.
Help me Neccy Lockenobi! You’re my only hope!
Here are some ways you can keep yourself safe when playing WoW.
Don’t buy gold
Did you know that gold-seller sites require that you register an account to buy? Did you know you just used the same email as your Battlenet account? Probably used your same generic password too… oh dear. You just gave them your WoW details without realising it. They just tried them, it worked, you just lost your account. They probably installed a drive-by keylogger also, so when you do get your account back they nab it immediately once again.
Don’t buy gold. Their sites are the dodgiest of dodgy.
Updated anti-virus
While not a guaranteed solution, it does help, especially if you use a virus scanner that scans everything going into your PC as well as websites you load. But they won’t detect anything if it’s not fully updated.
Furthermore, don’t run two anti-virus programs on the same PC, each will prevent the other from working properly. So remove that Norton anti-crap before installing AVG or Avast or whatever you prefer.
Use a unique password
Most people use the same password for most sites. So if you get keylogged, they have access to your guilds forum, your facebook, your twitter, your email… and by extension of the mail in your inbox… your online banking. Give WoW a unique password. It won’t stop you being keylogged, but it’ll stop them getting access to everything else you do online.
AdBlocker/NoScript
If you’re using Internet Explorer as your browser, stop using Internet Explorer as your browser. It’s like an old hooker, cheap but filled with disease. Get Firefox and install the addons NoScript and Foof, this will give you a more secure browser, stop ALL scripts running on websites unless you give them direct permission ‘and’ will block the majority of adverts on every site. Drive-by-malware just ceased to be a threat. Yes I was kind enough to provide you direct links to Firefox and the addons in question. So no excuses.
Be careful with your email
The hackers greatest weapon is player stupidity. They will send you an email that looks like an official Blizzard mail and they will tell you that your account has been suspended or you’ve been invited to the Cataclysm Alpha/Beta. It will look all shiny and pretty (sometimes it looks awful) but there will be noticeable flaws.
Spelling will be poor, blizzard mail is spellchecked and proof-read, hacker mail is not. If you see regular spelling errors be suspicious.
Cataclysm Alpha is not for players. It’s for Friends and Family of Blizzard. The Beta has not started yet and when it does you’ll be informed cause it’ll be all over the Internet on official WoW sites.
They want you to go to a link, the link looks odd. batt.elnet? With a dot in the middle and misspelled name? Really? Fake address. Log into World of Warcraft properly by typing the address in your browser and not clicking a link. You’ll then find out if anything is wrong with your account as it’ll say “Account suspended” or whatever in the Account Status.
Get an Authenticator
If you have an iPhone the authenticator is free. If you don’t have an iPhone, the physical authenticator is free but you pay the shipping charges. Blizzard lose money on every authenticator sold because they use the Vasco system, a system BANK Authenticators use! This is not a cheap security system they put into effect but one of the most expensive on the market.
Currently only a single virus (EMCOR.DLL) can bypass the authenticator. It does this by keylogging you, sending your account name, password and authenticator code to the hacker and sending a false code to Blizzard, you then get the “Incorrect password blah blah” message, the hacker now has ~30 seconds to get into your account or the key is useless. A virus scan on your end and relogging in will boot him and prevent him from doing anything else. He can’t change your password or he can’t get into the account (he’ll have used the authenticator code), if he gets into your account he can’t change the password. Damage therefore will be limited.
The authenticator itself is easy to set up and easier to use. When inputting your password you have a third box for an authenticator code. You push the button, get the code, type it in and hit Login. You’re now logged in and quite safe as once a code is used it cannot be reused.
Conclusion
Losing your account is always painful. This is something we’ve put so many hours into and as a result are emotionally bound to it. Keeping your account safe isn’t that difficult a thing to do, so there’s no excuse for not trying. “Blizzard should make their game safe” is the whine of a moron, keeping your PC clean and your web-surfing safe is your responsibility, not Blizzards.
Blizzard have put on offer a top of the range security system called the Authenticator, available from their online store for a cheap price.
Europe Blizzard store authenticator.
US Blizzard store authenticator.
ITunes store authenticator for iPhone.
If you don’t have an authenticator, you are gambling with your account, you never win but can lose big. It’s a lottery not worth buying a ticket for.
Related posts:
If you enjoyed this post, or if you hated it and want to flame us more often, consider subscribing to our RSS feed. Does that sound like gibberish? More infoz over yonder.
“If you’re using Internet Explorer as your browser, stop using Internet Explorer as your browser. It’s like an old hooker, cheap but filled with disease.”
Best line EVER!
DAmn – in before I did Tethane
Always good to see a post like this every so often as it focuses the mind. I never thought seriously about an Authenticator. This changed as soon as goldcap was reached. There’s nowt like a primal fear of losing hard earned loots and golds to give you the wake up call that’s a necessity.
My only worry is that the Missus gets pissed off with my playing WoW and fecks the Authenticator into the dustbin
.-= magpawacar´s last blog ..When YouTube was an Insult. =-.
Good article, full of sound advice.
Sometimes I see people argue against authenticators but half the time the points they make are rubbish (it’s not 100% safe so it’s not worth it/I don’t pay monthly for this game to pay some more etc.). For me it’s a minor inconvenience that gives me a lot of peace of mind.
That’s not to say you will certainly get hacked if you don’t use one, but for the price (or lack thereof) it’s a steal, just not for the hackers. Har har.
Plus you get a free core puppy pet and it’s adorable! Unless they ended that offer. I’m not sure. But if they didn’t, only the hardest of hearts can resist the lure of the core pup.
You can still get the Core pup, I bought an Authenticator a couple of weeks ago and I got one with it. It’s sweet.
And I do feel happier about my account’s safety now I’ve got an Authenticator on it. I’m just scared in case I lose it amongst the mountain of crap surrounding my computer desk.
Very well written and pertinent article Nec.
Sadly we’ve had a few haxx in our guild, and it’s a ball-ache to sort out (yay for passing the guild master reins to Sazon!)
I never believed in the authenticator since I don’t really surf at home – that’s what work is for.
But since I’ve bought one, I really do feel a lot safer logging in. Must be psychological, but still.
Fookin haxx0rz. May they burn in virtual hell…
I’m the same, I rarely use my home computer for anything but wow and checking a few key websites. But I am going to order an authenticator this week, as a GM I really should have one!
.-= Tethane´s last blog ..The Horde are angered! =-.
Many thanks for those firefox addons, didn’t know about them and now have them installed
I’m on my second authenticator. The first packed up after about 14 months. Now, you might be thinking that it was a pain to get it sorted, but it wasn’t.
It was a bank holiday and the Blizz help lines were very busy, but it was still sorted within about 2 hours.
Authenticators may not be 100%, but most companies I have worked for in the last 10 years have provided staff with similar devices – and they do so for very good reasons! Authenticators do work! Yes, they are not 100%, but they are probably one of the best defences you can get!
To prove a point about account security and why the authenticator system still isnt enough on blizzards behalf.
My account has been compromised I have the authenticator not a mobile download but the actual dongo, should I have been safe from losing my account I think so I use a password which is unique and a good mixture of letters and numbers, My email is also still securely mine. So what happend well my password has been changed not by me but by a hacker without the authenticator code so despite there expensive system there are holes which can still be exploited.
I have run my anti virus and spybot search and destroy but now have to wait on blizzard sorting this out.
There is a virus which I mentioned above that intercepts your authenticator code and sends it to the hacker whilst sending a false code to Blizzard.
The hacker then has about 20 seconds to get to your account settings (using the authenticator key they just nabbed) to change your password. So they actually did have your authenticator code which they used to change your password.
No matter how expensive or elaborate a security system is, there is always one big unavoidable easily exploited hole: The user.
Hope you get your account back soon.
Sorry to hear that Mogil – as I understand it there have only been a tiny number of authenticator-protected accounts being hacked, which I think are done by a ‘man in the middle’ attack. Did you have any instances of trying to log in seemingly unsuccessfully before this happened ?
I’m sure Blizzard will take this very seriously, keep us updated on what happens.
I had one on Saturday night where my log in seemed to time out. I logged in within a minute of that but I had issues with my connection which meant i didnt think anything off it.
Still no reply from blizz however Im going to call them tonight after work to chase it up my toons are still all geared up so they havent been able to rob me by the look of things.
OK Update,
I have my account back with nothing being touched I had to phone them tonight however it turns out it wasnt my WoW account that they managed to hack but my Email. I had a password reset done a few weeks ago and never removed the email from my inbox hacker seized it and changed the password but wsa then unable to use the account at all.
Glad you got it back.
If you had an authenticator… how did they hacker bypass that when getting into account management?
Oh wait… never mind. Passwords Reset mail the “Click here to reset your password” thing, assuming you don’t need to access account settings to use it.
I have the authenticator and when on the phone asked the very question why doesnt the system require an authenticator code at that point. He couldnt answer but did state they were putting it higher to see if they can fix that happening again.
So, they changed your password but couldn’t get in without an authenticator?
Yep,
They managed to change the password through me having an old link in my email account but couldnt access the account since I had the authenticator.