Is your MMO Account safe?
Posted on Friday, August 27th, 2010 and filed under Security.
While this article applies more to World of Warcraft players more than any other game, mostly because there are so many WoW players out there, most of this advice applies to any game, or even web service you use. EVE, Aion, Paypal, your Bank Account, Facebook… these days scammers can target pretty much anything and everything. The scary part is how easy it is to run these scams, and how easy it is for you to fall for it if your not diligent.
Since working here at MOGS, I’ve seen and heard about hundreds and thousands of people who have lost access to their accounts, people who had to watch helplessly or be informed by guild members as someone accessed their account and stripped it of every piece of gear and gold they have ever acquired.
There are two primary types of scams and system compromises that can be used by hackers and scammers to gain access to your account; Phishing and Keylogging. Today I’m going to take a few moment’s to talk about the origins of these terms, and some methods you can use to protect yourself.
Way Back Then
Once upon a time, in the dawn on the internet, when getting online required listening to your modem screach for 10 seconds and hogging your phone line, there was an internet provider that connected a majority of people to the World Wide Wide, a service called America Online. In the 90′s something like 9 out of 10 people online were using this service to connect.
In some of the “private” chat rooms, people would trade pirated software, MP3′s, and other illegal or frown upon content. Some of the more technical savvy members of this community would use a method of gaining access to other peoples accounts in order to get online for free or to keep their real accounts from getting suspended, by running a scam called “Phishing”, and collecting hundreds and thousands of user accounts, called “Phish”.
A phisher would pose as an AOL staff member, often creating screen names to make it look like they were employed by AOL, and scan through public chat rooms harvesting account names. Once they had a suitable list they would use programs to send hand crafted instant messages to their potential victims intended to get them to reveal passwords or credit card numbers. By using terms like “verify your account” or “confirm billing information”, and messaging so many different people, users not aware of the scam would literally just hand over their information.
Over time that method, while it still worked, was starting to catch on in the general internet communities and wasn’t as affective as it used to be. So what these hackers did was move one step forward by implementing a technique that is now the bane of many Warcrafters today; Keyloggers.
With little more effort than mass-mailing a keylogger to thousands of people with a simple message like “Hey here’s that document you requested”, or “Naked Picture of Britney Spears”, they no longer had to rely on people responding in instant messages. All that had to happen is some unsuspecting person downloading the application and clicking on it, at which point the next time they tried to log into AOL their account username and password would be sent to the hackers email address and harvested at any time they needed it later on.
Between these two methods, a number of hackers had access to hundreds and thousands of AOL Accounts and credit card numbers. Back then it was mostly just a bunch of teenage boys “goofing around” and playing internet “war games” with each other, seeing who could get more of their rivals accounts suspended, sending refrigerators and other large appliances to each other after hacking their personal addresses, or trading people’s accounts for other services like hacks, programs, or just for the “lawls”.
Here and Now
Today these methods are still in use, and while the basic premise and methods are the same, as all technology does it has become more advanced, more widespread, and more malicious than ever.
Now you don’t have to just open an unsuspecting email and download some application to get Keylogged, all you have to do is visit the wrong web page and the file will be transferred to your computer transparently, immediately starting to harvest information to send to the hacker. They can then log into your account whenever they feel like it and strip it of everything they can get their hands on, using the gold to sell on cheap gold seller websites, or using your bank and paypal information to use your hard earned money for pretty much anything they want.
Phishers no longer have to directly message hundreds of users and hope someone will respond with their account information. Today they use programs to scape popular Warcraft and gaming sites for email addresses, and send custom crafted (very official looking) emails that will redirect you to their bogus website that look exactly like Battle.net. These emails say things like “World of Warcraft Subscription Reminder”, “Cataclysm Beta Opt-In”, “Account Password Verification”, “Battle.net Account Locked – Issue #47592458″.
In the screenshot above you can see the inbox of my personal Gmail account. Keep in mind, I don’t actually have a Warcraft/Battle.net account tied to this address, so obviously any emails pertaining to Warcraft I get on this address are bogus. I actually have about 10 different email addresses I use for a number of different things, and each and every one of them gets these type of emails on a regular basis. In fact, the only address I don’t get these scammer emails on is the one actually tied to my battle.net account. The reason for this is because that email was setup specifically for battle.net and has never been used for anything else, published anywhere, or given to anyone. The ONLY email I get on that particular address is actually directly related to my Warcraft account, that’s it.
If you open one of these emails and read through them, they all look very real. Often times they will contain multiple links to the real Warcraft site that actually provide more information about how to keep from getting scammed (ironic eh?). But if you pay very close attention and use a web based email client, you can hover over these links and see that one of them (or all of them), will lead to a completely bogus website that is designed to look exactly like the real battle.net site you use to manage your account.
The link in the email might look like this:
– > https://us.battle.net/login
Which is in fact the legitimate login address for World of Warcraft. However, if you hover over that link, your address bar will show something like this in the bottom left hand corner:
– > http://www.worldofwarcraft-fake-accountauthorization.com
– > http://www.wrldofwarcft-accnt-authatication
Obviously neither of these sites are battle.net, but most people don’t bother checking the URL that is in their address bar when clicking a link, and as long as a site looks like what they have come to expect when managing their account, they will be happy to follow the emails instructions and use this site to sign into “their account” in order to verify the account settings, or gain that elusive battle.net opt in. And once they do that, their account is compromised.
So how can I protect myself?
The problem with these sites is that they look so incredibly realistic. It’s not very hard to mask a URL and make someone believe they’ve reached worldofwarcraft.com when they’ve really reached worldofwarcraft-scamsite.com. Before you know it, you’ve attempted to login, found that nothing happened and have your login information logged away neatly in some scammers database. It’s all too easy to fall victim to.
You need to know Blizzard’s website is a very carefully constructed site and, though scammers can replicate it, copying it completely is very hard. However, the best way to bypass having to keep an eagle eye glued to their website is to simply never click on links directly out of your inbox. You might have missed the fake email address or the fake use of “Blizzard E” as a company name, but if you simply manually visit WorldofWarcraft.com instead of clicking on that link, you will guarantee that your login is legitimate (assuming you haven’t downloaded a program that modify’s your windows HOSTS file and transparently redirects you to a scammer site anyway, but that’s a bit beyond the depth of most people, so I’m just not even going to get into that).
Secondly, you need to stay safe and be careful where you order gold and powerleveling from if you decide to go that route. Do your home-work, read reviews. There is a reason that gold your buying from XYZ site is so much cheaper than it is here at MOGS. In the end you honestly get what you paid for. We offer a guaranteed service, using un-flagged accounts on US IP addresses. All of our gold comes to us legitimately from suppliers and actual players selling extra gold, not from botting programs and keylogging customer accounts to turn a quick buck. Unlike a majority of the companies in this industry we actually care about you as a customer and your account. Your continued business with us is more important than making a quick sale.
Ultimately, the best thing you can do is to pay close attention to the sites you visit and never click through a link that doesn’t look right. Never fall victim to an automatic login or send off information requested through an email. They’re all scams and the scammers are all to happy to take that account information from you in a flash.
I highly recommend anyone serious about keeping their Warcraft account secure spends the $6.50 and picks up a Battle.net Authenticator to keep their account secure.
- Jason@MOGS
A reminder to WoW Players
Posted on Saturday, January 16th, 2010 and filed under Uncategorized.So today I received a famous WoW account scam email… I want to share this with everyone and how to avoid falling for this bullshit. To any scammers out there.. FUCK OFF!
—————————————————————————————
from Blizzard Entertainment
reply-to noreply@blizzard.com
to hayden@mogs.com
date Fri, Jan 15, 2010 at 9:30 PM
subject Blizzard Account Administration — Account Security
mailed-by hotmail.com ****** HERE is our first clue, check all headers, mail from Blizzard will not be Hotmail.com******
hide details 9:30 PM (20 hours ago)
Greetings!
This is an automated notification regarding the recent change(s) made to your World of Warcraft account.
Your password has recently been modified through the Password Recovery website.
*** If you made this password change, please disregard this notification.
However, if you did NOT make changes to your password, we recommend you Login verify your password:
http://www.worldofwarcraft.com *****HERE this is a working link in the email, right click any links that refer to Blizzard/ Wow and copy the link, then paste it in a txt file, you will see something much different than worldofwarcraft.com*****
If you are unable to successfully verify your password using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com.
Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account.
In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team
Blizzard Entertainment
