MOGS

Is your MMO Account safe?

Posted on Friday, August 27th, 2010 and filed under Security.

While this article applies more to World of Warcraft players more than any other game, mostly because there are so many WoW players out there, most of this advice applies to any game, or even web service you use. EVE, Aion, Paypal, your Bank Account, Facebook… these days scammers can target pretty much anything and everything. The scary part is how easy it is to run these scams, and how easy it is for you to fall for it if your not diligent.

Since working here at MOGS, I’ve seen and heard about hundreds and thousands of people who have lost access to their accounts, people who had to watch helplessly or be informed by guild members as someone accessed their account and stripped it of every piece of gear and gold they have ever acquired.

There are two primary types of scams and system compromises that can be used by hackers and scammers to gain access to your account; Phishing and Keylogging. Today I’m going to take a few moment’s to talk about the origins of these terms, and some methods you can use to protect yourself.

Way Back Then

Once upon a time, in the dawn on the internet, when getting online required listening to your modem screach for 10 seconds and hogging your phone line, there was an internet provider that connected a majority of people to the World Wide Wide, a service called America Online. In the 90′s something like 9 out of 10 people online were using this service to connect.

In some of the “private” chat rooms, people would trade pirated software, MP3′s, and other illegal or frown upon content. Some of the more technical savvy members of this community would use a method of gaining access to other peoples accounts in order to get online for free or to keep their real accounts from getting suspended, by running a scam called “Phishing”, and collecting hundreds and thousands of user accounts, called “Phish”.

A phisher would pose as an AOL staff member, often creating screen names to make it look like they were employed by AOL, and scan through public chat rooms harvesting account names. Once they had a suitable list they would use programs to send hand crafted instant messages to their potential victims intended to get them to reveal passwords or credit card numbers. By using terms like “verify your account” or “confirm billing information”, and messaging so many different people, users not aware of the scam would literally just hand over their information.

Over time that method, while it still worked, was starting to catch on in the general internet communities and wasn’t as affective as it used to be. So what these hackers did was move one step forward by implementing a technique that is now the bane of many Warcrafters today; Keyloggers.

With little more effort than mass-mailing a keylogger to thousands of people with a simple message like “Hey here’s that document you requested”, or “Naked Picture of Britney Spears”, they no longer had to rely on people responding in instant messages. All that had to happen is some unsuspecting person downloading the application and clicking on it, at which point the next time they tried to log into AOL their account username and password would be sent to the hackers email address and harvested at any time they needed it later on.

Between these two methods, a number of hackers had access to hundreds and thousands of AOL Accounts and credit card numbers. Back then it was mostly just a bunch of teenage boys “goofing around” and playing internet “war games” with each other, seeing who could get more of their rivals accounts suspended, sending refrigerators and other large appliances to each other after hacking their personal addresses, or trading people’s accounts for other services like hacks, programs, or just for the “lawls”.

Here and Now

Today these methods are still in use, and while the basic premise and methods are the same, as all technology does it has become more advanced, more widespread, and more malicious than ever.

Now you don’t have to just open an unsuspecting email and download some application to get Keylogged, all you have to do is visit the wrong web page and the file will be transferred to your computer transparently, immediately starting to harvest information to send to the hacker. They can then log into your account whenever they feel like it and strip it of everything they can get their hands on, using the gold to sell on cheap gold seller websites, or using your bank and paypal information to use your hard earned money for pretty much anything they want.

Phishers no longer have to directly message hundreds of users and hope someone will respond with their account information. Today they use programs to scape popular Warcraft and gaming sites for email addresses, and send custom crafted (very official looking) emails that will redirect you to their bogus website that look exactly like Battle.net. These emails say things like “World of Warcraft Subscription Reminder”, “Cataclysm Beta Opt-In”, “Account Password Verification”, “Battle.net Account Locked – Issue #47592458″.

In the screenshot above you can see the inbox of my personal Gmail account. Keep in mind, I don’t actually have a Warcraft/Battle.net account tied to this address, so obviously any emails pertaining to Warcraft I get on this address are bogus. I actually have about 10 different email addresses I use for a number of different things, and each and every one of them gets these type of emails on a regular basis. In fact, the only address I don’t get these scammer emails on is the one actually tied to my battle.net account. The reason for this is because that email was setup specifically for battle.net and has never been used for anything else, published anywhere, or given to anyone. The ONLY email I get on that particular address is actually directly related to my Warcraft account, that’s it.

If you open one of these emails and read through them, they all look very real. Often times they will contain multiple links to the real Warcraft site that actually provide more information about how to keep from getting scammed (ironic eh?). But if you pay very close attention and use a web based email client, you can hover over these links and see that one of them (or all of them), will lead to a completely bogus website that is designed to look exactly like the real battle.net site you use to manage your account.

The link in the email might look like this:
– > https://us.battle.net/login

Which is in fact the legitimate login address for World of Warcraft. However, if you hover over that link, your address bar will show something like this in the bottom left hand corner:

– > http://www.worldofwarcraft-fake-accountauthorization.com
– > http://www.wrldofwarcft-accnt-authatication

Obviously neither of these sites are battle.net, but most people don’t bother checking the URL that is in their address bar when clicking a link, and as long as a site looks like what they have come to expect when managing their account, they will be happy to follow the emails instructions and use this site to sign into “their account” in order to verify the account settings, or gain that elusive battle.net opt in. And once they do that, their account is compromised.

So how can I protect myself?

The problem with these sites is that they look so incredibly realistic. It’s not very hard to mask a URL and make someone believe they’ve reached worldofwarcraft.com when they’ve really reached worldofwarcraft-scamsite.com. Before you know it, you’ve attempted to login, found that nothing happened and have your login information logged away neatly in some scammers database. It’s all too easy to fall victim to.

You need to know Blizzard’s website is a very carefully constructed site and, though scammers can replicate it, copying it completely is very hard. However, the best way to bypass having to keep an eagle eye glued to their website is to simply never click on links directly out of your inbox. You might have missed the fake email address or the fake use of “Blizzard E” as a company name, but if you simply manually visit WorldofWarcraft.com instead of clicking on that link, you will guarantee that your login is legitimate (assuming you haven’t downloaded a program that modify’s your windows HOSTS file and transparently redirects you to a scammer site anyway, but that’s a bit beyond the depth of most people, so I’m just not even going to get into that).

Secondly, you need to stay safe and be careful where you order gold and powerleveling from if you decide to go that route. Do your home-work, read reviews. There is a reason that gold your buying from XYZ site is so much cheaper than it is here at MOGS. In the end you honestly get what you paid for. We offer a guaranteed service, using un-flagged accounts on US IP addresses. All of our gold comes to us legitimately from suppliers and actual players selling extra gold, not from botting programs and keylogging customer accounts to turn a quick buck. Unlike a majority of the companies in this industry we actually care about you as a customer and your account. Your continued business with us is more important than making a quick sale.

Ultimately, the best thing you can do is to pay close attention to the sites you visit and never click through a link that doesn’t look right. Never fall victim to an automatic login or send off information requested through an email. They’re all scams and the scammers are all to happy to take that account information from you in a flash.

I highly recommend anyone serious about keeping their Warcraft account secure spends the $6.50 and picks up a Battle.net Authenticator to keep their account secure.

- Jason@MOGS

Recent World of Warcraft Scam

Posted on Saturday, October 10th, 2009 and filed under MMORPG Issues, RMT News.

Over the past few weeks I have noticed a pattern of scam activities between our customers and delivery in World of Warcraft, I’ve spoken with many of you via MSN, Email, Live Chat, etc pouring through screen shots and delivery logs to try and find out what the real cause of this problem is.

Unlike other companies in the RMT industry we do not shift blame, we do not refuse to take action or fail to investigate the situation. Any and all complaints made to us are handled ASAP and we always respond with an (accurate as possible) response. Here at Mogs we do not have a “Customer is always right” mentality. That died out in the 90′s. We are however all gamers, and we understand more than most where a customer is coming from and we look into every situation like we were looking into a problem with our own accounts.

Any trades that resulted in the customer getting scammed were reset and placed back into queue. We did this at a loss of revenue to us, someone still had to pay for that gold. But the point is, we support you just the same as you support us, and we very much value your continued business with us here at mogs.

IMPORTANT:
Under no circumstances, at any time, should you ever trade back your gold after the initial trade. If someone says they need the gold back so they can screenshot, please come immediately to live support located at the top right hand corner of our website so we can verify that is indeed the fact. Without getting into any detail as to how this scam is done, just remember, never ever ever give the gold back to anyone unless someone in Live Chat or on the Telephone asks you to.

Again, thanks for the support and appreciation, we definately appreciate you.
Jason / MOGS

NCsoft, RMT, Gold Spamming.

Posted on Wednesday, October 7th, 2009 and filed under RMT News.

NCsoft, the makers of Aion have recently released a statement concerning advertising that makes use of a black hat tactic known as “gold spamming”. Gold spamming is a practice that most any player of any game can instantly recognize and absolutely can’t stand. The repetitive spam messages boasting incredible prices and claims such as, “instant delivery!”, “we’re so fast it’s probably already in your mail!” and “Buy 1000 gold and get 10% free plus a trip to Hawaii!” we’ve all seen it and most people are sick of it.

Real Money Trade (RMT) is a business based on providing services centered on virtual products such as, currency and items. There are many businesses involved in RMT and the industry as a whole has a bad name. Part of that bad name comes from the endless in game spamming that is used as a pathetic attempt to gain customers. The truly sad part is that for as many people as it annoys there must be a lot of people trying services that stoop to this level of advertising, seems more and more companies are turning to this method, but so far the vast majority of the companies that use gold spamming seem to come and go like a bad taco.

Mogs.com supports Real Money Trade; we are all for providing a service that is extremely helpful for a lot of gamers out there. However, we deplore the actions of these 2nd rate hack shops spamming everyone in game non-stop. It’s annoying, it feels desperate, and it just makes everyone in RMT look bad. We support NCsoft’s tough stance on gold spamming. NCsoft further recommends that if you are experiencing issues with chat spam you can simply right click the user’s name and choose to block the character. This of course won’t kill all of the spam, but a little bit at a time will help. NCsoft promises new tools that will also help rid Aion of these pesky spammers. Mogs.com thinks this is a great idea, take it a step further and beyond RMT’s normal controversy and simply don’t buy from companies that are inundating you with spam. Half of them want to rip you off and key log your account. We suggest taking your time and researching RMT companies, and always simply keep mogs.com in mind, we are a small Cleveland, Ohio based company that’s been working in the industry since the late 1990’s and as MOGS since 2004. We do our best to battle spam and keep it out of the game. We are gamers and we built this company with gamers in mind. Please read NCsoft’s statement here: http://uk.aiononline.com/board/notices/view?articleID=169&page=

---

In order to help soothe your spam frustrations, we have scoured the internet for weeks to find you the PERFECT game to ease your spam concerns. Monty Pythons: Spamalot

Cleaning Up the RMT Industry

Posted on Wednesday, August 12th, 2009 and filed under RMT News.

IGE.com, a well known player in the RMT industry, recently sent out an important newsletter to its customers regarding the current state of RMT and some of the solutions to the problems we have all been seeing. Rampant in-game advertising, unethical outsourcing, and other fraudulent and blackhat techniques used to ultimately take advantage of you, the consumer.

Real Money Trading (RMT) is defined as the exchange of real money for ingame items or currency. This is an industry that was originally started by gamers, for gamers. Here at MOGS that is something we really take to heart. MOGS was born out of a passion for gaming, all of our staff are MMORPG gamers themselves so it helps us have a much deeper-rooted understanding of our customers needs.

Unfortunately, today’s market is not, for the most part, driven by gamer-to-gamer relationships. Instead, we find a multi-billion dollar annual market. We find company after company with little to no accountability. This problem is amplified when you bring venture capitalists into the mix. By pouring money into these illegitimate operations, they are just enabling them to spread in hopes that they can gain a customers trust long enough to take their money. Due to their lack of service quality these companies cannot grow organically. They can’t retain customers so they must resort to in-game advertising, click-jacking, and fake web storefronts in order to generate sales.

In this day of Fannie Mae, Enron, and the various other corporate accountability scandals that have hit major media here in the states, we may have become accustomed to this, but that doesn’t mean we should stand for it.

Regulators, Mount up.

In January of 2009, IGE started reaching out to some of the other RMT companies within this industry, explaining their goal of building a group of trusted sites dedicated to implementing some standardization within our industry. By working together and banding with some of the other legitimate RMT providers, we hope to make your gold buying experience as safe and secure as possible.

In order to qualify, the company must have adhered to a set of benchmarks that IGE has defined (Thankfully MOGS was already fully compliant). There’s nothing ground breaking here folks, ultimately it breaks down to Google’s very clever motto, “Don’t Be Evil”.

• Zero Tolerance for Fraud
• Ethical Sourcing Policies
• McAfee and VeriSign verified e-commerce sites
• Scrupulous monitoring of systems to prevent malicious activities. Our sites are guaranteed virus free.
• Absolutely NO in-game, or email spam
• Expert, English speaking and comprehensive customer service
• Clear and documented complaints escalations and refund procedures and policies
• Clear terms of services and privacy policies.

Gold Sellers you can trust (listed alphabetically):

Below is a list of companies that have proven themselves to be trustworthy, operating with a high standard of business ethics and adhering to legitimate industry standards. This is by no means an “end all, be all” list of legitimate gold sellers, only a list of some of the more notable providers.

1. www.EpicToon.com
2. www.Gamemasta.com
3. www.IGE.com
4. www.MOGS.com
5. www.Mymmoshop.com
6. www.RPGTrader.com
7. www.VIPGamer.com
8. www.Videogamegold.com
9. www.WoWGoldPig.com
10. www.WoWtreasures.com

The message is clear – You have the power to regulate this industry by only buying from trusted sites..

You can view the full email sent by IGE regarding cleaning up the RMT industry posted by our good friend at WoWGoldFacts.com

Why do they copy?

Posted on Saturday, November 15th, 2008 and filed under RMT News.

Thsale, Brogame, Power4game, Team4power and many other RMT sites are all under one company with Asian VC backing them. I wonder why with all of the money and so called brains behind the opperation they still cannot create their own original content. I have contacted Thsale multiple times over the past few years to fix this typo LOL!! Check it out and decide if you want to deal with a company that blatently plagurizes another website. Here is (Brogames Affiliate programs terms), do you notice the mention of “Massive Online Gaming Sales”? Hmmm..

This seems to be the norm with many of our oversea competitors, ruining peoples gaming experience with in game spam, making completly false statements on their websites about delivery time or available stock. The good news is that MOGS is taking the steps to help eliminate these companies.. stay tuned and watch as we take the RMT market to the next level leaving all the amateurs behind!