Everybody wants their WoW account to be safe right? It’s not
like anyone ‘wants’ their account to be hacked, to lose their characters, gold and gear and be forced to spend hours on the phone to Blizzard’s Support Line. Yet how many of your accounts are actually safe?
I’m not trying to scare you or anything, but for most of you reading this your attempts to stay safe are woefully inadequate. I’m going to tell you why and what you can do about it.
But Nec I really try and keep my account safe…
I change my password every so many weeks…
This is completely useless. It’s not even 1% helpful. It is not helpful with WoW or with email or anything else. The only person inconvenienced by regular password changes is you, the user.
If a keylogger gets your password, it’s not going to think “Score, got the password, I’ll just wait 5 or 6 weeks before sending it.”
The hacker who gets your password, isn’t going to think “Ahh another password, I’ll just set it down here and access it in a month or so.”
Of course not, they’re going to send the password immediately and hack your account immediately. They’re not going to sit on it for a while, they’re gonna strike while the iron is hot and loot your account. They’ll probably do it when you just logged in, so you’ll get disconnected, try and reconnect and get the terrifying “Incorrect password” alert. You never had time to change your password.
Changing password effectiveness is Zero.
I run a virus scan every x days…
The chances of this working is really sketchy at best. Virus scanners are a resource hog, they eat your processor, so most people don’t scan whilst they’re playing WoW, they’d scan late at night when they’re not using their PC and tell the scanner to shut their PC down when it’s finished. Of course this scan takes place a couple of hours after you had surfed the web, possibly picked up a keylogger and then went into WoW for your raid night. Oops, they got you.
Some virus scanners scan the websites you’re on and the files you download as they’re being downloaded, I know AVG Free does this. That is why the chances of this working is sketchy as opposed to non-existent. The scanner may detect the keylogger early on before it has a chance to do anything. Then again, it might not.
Scanning regularly gets rid of any keyloggers that may be on your machine, but by that point you’ve probably already been hacked so it’s too late.
I don’t click on any dodgy links either.
Not every keylogger relies on you clicking links. It’s a common belief that if you get a keylogger it’s because you clicked on a dodgy link, went to a fake W site or a gold buying site. This isn’t always the case.
Do you see adverts on many sites you frequent? The banner on top of message boards, the ads to the side of Facebook, even Google adverts? You know the ones I mean? They’re used frequently by virus makers, especially the ones for cheaper sites that are forced to be ad supported with flashy animated banners. It’s called a drive-by-malware-attack. The moment the ad loads on your screen… BAM! You’re infected. You clicked nothing, you did nothing, you still got keylogged.
Effectiveness of not clicking links is like a 50/50. You won’t get caught by your own stupidity, but the unpredictable nature of what ad is going to pop up next on your favourite messageboards still leaves you vulnerable.
Help me Neccy Lockenobi! You’re my only hope!
Here are some ways you can keep yourself safe when playing WoW.
Don’t buy gold
Did you know that gold-seller sites require that you register an account to buy? Did you know you just used the same email as your Battlenet account? Probably used your same generic password too… oh dear. You just gave them your WoW details without realising it. They just tried them, it worked, you just lost your account. They probably installed a drive-by keylogger also, so when you do get your account back they nab it immediately once again.
Don’t buy gold. Their sites are the dodgiest of dodgy.
While not a guaranteed solution, it does help, especially if you use a virus scanner that scans everything going into your PC as well as websites you load. But they won’t detect anything if it’s not fully updated.
Furthermore, don’t run two anti-virus programs on the same PC, each will prevent the other from working properly. So remove that Norton anti-crap before installing AVG or Avast or whatever you prefer.
Use a unique password
Most people use the same password for most sites. So if you get keylogged, they have access to your guilds forum, your facebook, your twitter, your email… and by extension of the mail in your inbox… your online banking. Give WoW a unique password. It won’t stop you being keylogged, but it’ll stop them getting access to everything else you do online.
If you’re using Internet Explorer as your browser, stop using Internet Explorer as your browser. It’s like an old hooker, cheap but filled with disease. Get Firefox and install the addons NoScript and Foof, this will give you a more secure browser, stop ALL scripts running on websites unless you give them direct permission ‘and’ will block the majority of adverts on every site. Drive-by-malware just ceased to be a threat. Yes I was kind enough to provide you direct links to Firefox and the addons in question. So no excuses.
Be careful with your email
The hackers greatest weapon is player stupidity. They will send you an email that looks like an official Blizzard mail and they will tell you that your account has been suspended or you’ve been invited to the Cataclysm Alpha/Beta. It will look all shiny and pretty (sometimes it looks awful) but there will be noticeable flaws.
Spelling will be poor, blizzard mail is spellchecked and proof-read, hacker mail is not. If you see regular spelling errors be suspicious.
Cataclysm Alpha is not for players. It’s for Friends and Family of Blizzard. The Beta has not started yet and when it does you’ll be informed cause it’ll be all over the Internet on official WoW sites.
They want you to go to a link, the link looks odd. batt.elnet? With a dot in the middle and misspelled name? Really? Fake address. Log into World of Warcraft properly by typing the address in your browser and not clicking a link. You’ll then find out if anything is wrong with your account as it’ll say “Account suspended” or whatever in the Account Status.
Get an Authenticator
If you have an iPhone the authenticator is free. If you don’t have an iPhone, the physical authenticator is free but you pay the shipping charges. Blizzard lose money on every authenticator sold because they use the Vasco system, a system BANK Authenticators use! This is not a cheap security system they put into effect but one of the most expensive on the market.
Currently only a single virus (EMCOR.DLL) can bypass the authenticator. It does this by keylogging you, sending your account name, password and authenticator code to the hacker and sending a false code to Blizzard, you then get the “Incorrect password blah blah” message, the hacker now has ~30 seconds to get into your account or the key is useless. A virus scan on your end and relogging in will boot him and prevent him from doing anything else. He can’t change your password or he can’t get into the account (he’ll have used the authenticator code), if he gets into your account he can’t change the password. Damage therefore will be limited.
The authenticator itself is easy to set up and easier to use. When inputting your password you have a third box for an authenticator code. You push the button, get the code, type it in and hit Login. You’re now logged in and quite safe as once a code is used it cannot be reused.
Losing your account is always painful. This is something we’ve put so many hours into and as a result are emotionally bound to it. Keeping your account safe isn’t that difficult a thing to do, so there’s no excuse for not trying. “Blizzard should make their game safe” is the whine of a moron, keeping your PC clean and your web-surfing safe is your responsibility, not Blizzards.
Blizzard have put on offer a top of the range security system called the Authenticator, available from their online store for a cheap price.
If you don’t have an authenticator, you are gambling with your account, you never win but can lose big. It’s a lottery not worth buying a ticket for.