MOGS

Is your MMO Account safe?

While this article applies more to World of Warcraft players more than any other game, mostly because there are so many WoW players out there, most of this advice applies to any game, or even web service you use. EVE, Aion, Paypal, your Bank Account, Facebook… these days scammers can target pretty much anything and everything. The scary part is how easy it is to run these scams, and how easy it is for you to fall for it if your not diligent.

Since working here at MOGS, I’ve seen and heard about hundreds and thousands of people who have lost access to their accounts, people who had to watch helplessly or be informed by guild members as someone accessed their account and stripped it of every piece of gear and gold they have ever acquired.

There are two primary types of scams and system compromises that can be used by hackers and scammers to gain access to your account; Phishing and Keylogging. Today I’m going to take a few moment’s to talk about the origins of these terms, and some methods you can use to protect yourself.

Way Back Then

Once upon a time, in the dawn on the internet, when getting online required listening to your modem screach for 10 seconds and hogging your phone line, there was an internet provider that connected a majority of people to the World Wide Wide, a service called America Online. In the 90′s something like 9 out of 10 people online were using this service to connect.

In some of the “private” chat rooms, people would trade pirated software, MP3′s, and other illegal or frown upon content. Some of the more technical savvy members of this community would use a method of gaining access to other peoples accounts in order to get online for free or to keep their real accounts from getting suspended, by running a scam called “Phishing”, and collecting hundreds and thousands of user accounts, called “Phish”.

A phisher would pose as an AOL staff member, often creating screen names to make it look like they were employed by AOL, and scan through public chat rooms harvesting account names. Once they had a suitable list they would use programs to send hand crafted instant messages to their potential victims intended to get them to reveal passwords or credit card numbers. By using terms like “verify your account” or “confirm billing information”, and messaging so many different people, users not aware of the scam would literally just hand over their information.

Over time that method, while it still worked, was starting to catch on in the general internet communities and wasn’t as affective as it used to be. So what these hackers did was move one step forward by implementing a technique that is now the bane of many Warcrafters today; Keyloggers.

With little more effort than mass-mailing a keylogger to thousands of people with a simple message like “Hey here’s that document you requested”, or “Naked Picture of Britney Spears”, they no longer had to rely on people responding in instant messages. All that had to happen is some unsuspecting person downloading the application and clicking on it, at which point the next time they tried to log into AOL their account username and password would be sent to the hackers email address and harvested at any time they needed it later on.

Between these two methods, a number of hackers had access to hundreds and thousands of AOL Accounts and credit card numbers. Back then it was mostly just a bunch of teenage boys “goofing around” and playing internet “war games” with each other, seeing who could get more of their rivals accounts suspended, sending refrigerators and other large appliances to each other after hacking their personal addresses, or trading people’s accounts for other services like hacks, programs, or just for the “lawls”.

Here and Now

Today these methods are still in use, and while the basic premise and methods are the same, as all technology does it has become more advanced, more widespread, and more malicious than ever.

Now you don’t have to just open an unsuspecting email and download some application to get Keylogged, all you have to do is visit the wrong web page and the file will be transferred to your computer transparently, immediately starting to harvest information to send to the hacker. They can then log into your account whenever they feel like it and strip it of everything they can get their hands on, using the gold to sell on cheap gold seller websites, or using your bank and paypal information to use your hard earned money for pretty much anything they want.

Phishers no longer have to directly message hundreds of users and hope someone will respond with their account information. Today they use programs to scape popular Warcraft and gaming sites for email addresses, and send custom crafted (very official looking) emails that will redirect you to their bogus website that look exactly like Battle.net. These emails say things like “World of Warcraft Subscription Reminder”, “Cataclysm Beta Opt-In”, “Account Password Verification”, “Battle.net Account Locked – Issue #47592458″.

In the screenshot above you can see the inbox of my personal Gmail account. Keep in mind, I don’t actually have a Warcraft/Battle.net account tied to this address, so obviously any emails pertaining to Warcraft I get on this address are bogus. I actually have about 10 different email addresses I use for a number of different things, and each and every one of them gets these type of emails on a regular basis. In fact, the only address I don’t get these scammer emails on is the one actually tied to my battle.net account. The reason for this is because that email was setup specifically for battle.net and has never been used for anything else, published anywhere, or given to anyone. The ONLY email I get on that particular address is actually directly related to my Warcraft account, that’s it.

If you open one of these emails and read through them, they all look very real. Often times they will contain multiple links to the real Warcraft site that actually provide more information about how to keep from getting scammed (ironic eh?). But if you pay very close attention and use a web based email client, you can hover over these links and see that one of them (or all of them), will lead to a completely bogus website that is designed to look exactly like the real battle.net site you use to manage your account.

The link in the email might look like this:
– > https://us.battle.net/login

Which is in fact the legitimate login address for World of Warcraft. However, if you hover over that link, your address bar will show something like this in the bottom left hand corner:

– > http://www.worldofwarcraft-fake-accountauthorization.com
– > http://www.wrldofwarcft-accnt-authatication

Obviously neither of these sites are battle.net, but most people don’t bother checking the URL that is in their address bar when clicking a link, and as long as a site looks like what they have come to expect when managing their account, they will be happy to follow the emails instructions and use this site to sign into “their account” in order to verify the account settings, or gain that elusive battle.net opt in. And once they do that, their account is compromised.

So how can I protect myself?

The problem with these sites is that they look so incredibly realistic. It’s not very hard to mask a URL and make someone believe they’ve reached worldofwarcraft.com when they’ve really reached worldofwarcraft-scamsite.com. Before you know it, you’ve attempted to login, found that nothing happened and have your login information logged away neatly in some scammers database. It’s all too easy to fall victim to.

You need to know Blizzard’s website is a very carefully constructed site and, though scammers can replicate it, copying it completely is very hard. However, the best way to bypass having to keep an eagle eye glued to their website is to simply never click on links directly out of your inbox. You might have missed the fake email address or the fake use of “Blizzard E” as a company name, but if you simply manually visit WorldofWarcraft.com instead of clicking on that link, you will guarantee that your login is legitimate (assuming you haven’t downloaded a program that modify’s your windows HOSTS file and transparently redirects you to a scammer site anyway, but that’s a bit beyond the depth of most people, so I’m just not even going to get into that).

Secondly, you need to stay safe and be careful where you order gold and powerleveling from if you decide to go that route. Do your home-work, read reviews. There is a reason that gold your buying from XYZ site is so much cheaper than it is here at MOGS. In the end you honestly get what you paid for. We offer a guaranteed service, using un-flagged accounts on US IP addresses. All of our gold comes to us legitimately from suppliers and actual players selling extra gold, not from botting programs and keylogging customer accounts to turn a quick buck. Unlike a majority of the companies in this industry we actually care about you as a customer and your account. Your continued business with us is more important than making a quick sale.

Ultimately, the best thing you can do is to pay close attention to the sites you visit and never click through a link that doesn’t look right. Never fall victim to an automatic login or send off information requested through an email. They’re all scams and the scammers are all to happy to take that account information from you in a flash.

I highly recommend anyone serious about keeping their Warcraft account secure spends the $6.50 and picks up a Battle.net Authenticator to keep their account secure.

- Jason@MOGS

Recent World of Warcraft Scam

Over the past few weeks I have noticed a pattern of scam activities between our customers and delivery in World of Warcraft, I’ve spoken with many of you via MSN, Email, Live Chat, etc pouring through screen shots and delivery logs to try and find out what the real cause of this problem is.

Unlike other companies in the RMT industry we do not shift blame, we do not refuse to take action or fail to investigate the situation. Any and all complaints made to us are handled ASAP and we always respond with an (accurate as possible) response. Here at Mogs we do not have a “Customer is always right” mentality. That died out in the 90′s. We are however all gamers, and we understand more than most where a customer is coming from and we look into every situation like we were looking into a problem with our own accounts.

Any trades that resulted in the customer getting scammed were reset and placed back into queue. We did this at a loss of revenue to us, someone still had to pay for that gold. But the point is, we support you just the same as you support us, and we very much value your continued business with us here at mogs.

IMPORTANT:
Under no circumstances, at any time, should you ever trade back your gold after the initial trade. If someone says they need the gold back so they can screenshot, please come immediately to live support located at the top right hand corner of our website so we can verify that is indeed the fact. Without getting into any detail as to how this scam is done, just remember, never ever ever give the gold back to anyone unless someone in Live Chat or on the Telephone asks you to.

Again, thanks for the support and appreciation, we definately appreciate you.
Jason / MOGS

Aion VS Spam

Aion released a patch silently this morning thats targeting a few minor bugs currently existing in the game. One of the biggest problems that can be seen in the game currently is the massive amount of in-game spam that is prevalent from the moment you create your character until you sign out.

The new patch will limit any character under level five from sending whispers, similar to general chat which also maintains this restriction.

While this is a step in the right direction, I have to say I’m not super impressed with this solution and am surprised that this kind of problem wasn’t anticipated pre-launch. That might be confusing for some of you, considering I am a “gold seller”, but truth be told that’s just not how we roll around here. We are all gamers, we play the same games you guys do and have to deal with many of the same in-game issues that you do (except for currency, haha!).

So far, as far as I can tell, this has had very little to zero effect. I still find myself getting whispers 2-3 times per minute and even if you use /anon you will still see tons of spam on the LFG and other channels.

Considering it takes about 30 minutes to reach level 5 this really won’t be very much of a limitation. A majority of spamming is done through Trial Accounts, which then raises the question, why not implement a system where Trial accounts can’t whisper anyone they aren’t befriended with? Or a privacy setting in the users account page that enables similar functionality on an opt-in basis.

While it is nice that they are actually recognizing there is a problem with spam in game, I just don’t think they have made a big enough leap yet on really curbing this practice.