MOGS

Is your MMO Account safe?

While this article applies more to World of Warcraft players more than any other game, mostly because there are so many WoW players out there, most of this advice applies to any game, or even web service you use. EVE, Aion, Paypal, your Bank Account, Facebook… these days scammers can target pretty much anything and everything. The scary part is how easy it is to run these scams, and how easy it is for you to fall for it if your not diligent.

Since working here at MOGS, I’ve seen and heard about hundreds and thousands of people who have lost access to their accounts, people who had to watch helplessly or be informed by guild members as someone accessed their account and stripped it of every piece of gear and gold they have ever acquired.

There are two primary types of scams and system compromises that can be used by hackers and scammers to gain access to your account; Phishing and Keylogging. Today I’m going to take a few moment’s to talk about the origins of these terms, and some methods you can use to protect yourself.

Way Back Then

Once upon a time, in the dawn on the internet, when getting online required listening to your modem screach for 10 seconds and hogging your phone line, there was an internet provider that connected a majority of people to the World Wide Wide, a service called America Online. In the 90′s something like 9 out of 10 people online were using this service to connect.

In some of the “private” chat rooms, people would trade pirated software, MP3′s, and other illegal or frown upon content. Some of the more technical savvy members of this community would use a method of gaining access to other peoples accounts in order to get online for free or to keep their real accounts from getting suspended, by running a scam called “Phishing”, and collecting hundreds and thousands of user accounts, called “Phish”.

A phisher would pose as an AOL staff member, often creating screen names to make it look like they were employed by AOL, and scan through public chat rooms harvesting account names. Once they had a suitable list they would use programs to send hand crafted instant messages to their potential victims intended to get them to reveal passwords or credit card numbers. By using terms like “verify your account” or “confirm billing information”, and messaging so many different people, users not aware of the scam would literally just hand over their information.

Over time that method, while it still worked, was starting to catch on in the general internet communities and wasn’t as affective as it used to be. So what these hackers did was move one step forward by implementing a technique that is now the bane of many Warcrafters today; Keyloggers.

With little more effort than mass-mailing a keylogger to thousands of people with a simple message like “Hey here’s that document you requested”, or “Naked Picture of Britney Spears”, they no longer had to rely on people responding in instant messages. All that had to happen is some unsuspecting person downloading the application and clicking on it, at which point the next time they tried to log into AOL their account username and password would be sent to the hackers email address and harvested at any time they needed it later on.

Between these two methods, a number of hackers had access to hundreds and thousands of AOL Accounts and credit card numbers. Back then it was mostly just a bunch of teenage boys “goofing around” and playing internet “war games” with each other, seeing who could get more of their rivals accounts suspended, sending refrigerators and other large appliances to each other after hacking their personal addresses, or trading people’s accounts for other services like hacks, programs, or just for the “lawls”.

Here and Now

Today these methods are still in use, and while the basic premise and methods are the same, as all technology does it has become more advanced, more widespread, and more malicious than ever.

Now you don’t have to just open an unsuspecting email and download some application to get Keylogged, all you have to do is visit the wrong web page and the file will be transferred to your computer transparently, immediately starting to harvest information to send to the hacker. They can then log into your account whenever they feel like it and strip it of everything they can get their hands on, using the gold to sell on cheap gold seller websites, or using your bank and paypal information to use your hard earned money for pretty much anything they want.

Phishers no longer have to directly message hundreds of users and hope someone will respond with their account information. Today they use programs to scape popular Warcraft and gaming sites for email addresses, and send custom crafted (very official looking) emails that will redirect you to their bogus website that look exactly like Battle.net. These emails say things like “World of Warcraft Subscription Reminder”, “Cataclysm Beta Opt-In”, “Account Password Verification”, “Battle.net Account Locked – Issue #47592458″.

In the screenshot above you can see the inbox of my personal Gmail account. Keep in mind, I don’t actually have a Warcraft/Battle.net account tied to this address, so obviously any emails pertaining to Warcraft I get on this address are bogus. I actually have about 10 different email addresses I use for a number of different things, and each and every one of them gets these type of emails on a regular basis. In fact, the only address I don’t get these scammer emails on is the one actually tied to my battle.net account. The reason for this is because that email was setup specifically for battle.net and has never been used for anything else, published anywhere, or given to anyone. The ONLY email I get on that particular address is actually directly related to my Warcraft account, that’s it.

If you open one of these emails and read through them, they all look very real. Often times they will contain multiple links to the real Warcraft site that actually provide more information about how to keep from getting scammed (ironic eh?). But if you pay very close attention and use a web based email client, you can hover over these links and see that one of them (or all of them), will lead to a completely bogus website that is designed to look exactly like the real battle.net site you use to manage your account.

The link in the email might look like this:
– > https://us.battle.net/login

Which is in fact the legitimate login address for World of Warcraft. However, if you hover over that link, your address bar will show something like this in the bottom left hand corner:

– > http://www.worldofwarcraft-fake-accountauthorization.com
– > http://www.wrldofwarcft-accnt-authatication

Obviously neither of these sites are battle.net, but most people don’t bother checking the URL that is in their address bar when clicking a link, and as long as a site looks like what they have come to expect when managing their account, they will be happy to follow the emails instructions and use this site to sign into “their account” in order to verify the account settings, or gain that elusive battle.net opt in. And once they do that, their account is compromised.

So how can I protect myself?

The problem with these sites is that they look so incredibly realistic. It’s not very hard to mask a URL and make someone believe they’ve reached worldofwarcraft.com when they’ve really reached worldofwarcraft-scamsite.com. Before you know it, you’ve attempted to login, found that nothing happened and have your login information logged away neatly in some scammers database. It’s all too easy to fall victim to.

You need to know Blizzard’s website is a very carefully constructed site and, though scammers can replicate it, copying it completely is very hard. However, the best way to bypass having to keep an eagle eye glued to their website is to simply never click on links directly out of your inbox. You might have missed the fake email address or the fake use of “Blizzard E” as a company name, but if you simply manually visit WorldofWarcraft.com instead of clicking on that link, you will guarantee that your login is legitimate (assuming you haven’t downloaded a program that modify’s your windows HOSTS file and transparently redirects you to a scammer site anyway, but that’s a bit beyond the depth of most people, so I’m just not even going to get into that).

Secondly, you need to stay safe and be careful where you order gold and powerleveling from if you decide to go that route. Do your home-work, read reviews. There is a reason that gold your buying from XYZ site is so much cheaper than it is here at MOGS. In the end you honestly get what you paid for. We offer a guaranteed service, using un-flagged accounts on US IP addresses. All of our gold comes to us legitimately from suppliers and actual players selling extra gold, not from botting programs and keylogging customer accounts to turn a quick buck. Unlike a majority of the companies in this industry we actually care about you as a customer and your account. Your continued business with us is more important than making a quick sale.

Ultimately, the best thing you can do is to pay close attention to the sites you visit and never click through a link that doesn’t look right. Never fall victim to an automatic login or send off information requested through an email. They’re all scams and the scammers are all to happy to take that account information from you in a flash.

I highly recommend anyone serious about keeping their Warcraft account secure spends the $6.50 and picks up a Battle.net Authenticator to keep their account secure.

- Jason@MOGS

“Real ID” on Forums Cancelled

It looks as though the people have spoken. As quickly as Blizzard announced the new “Real ID” system that they’d like to implement, the amount of dirt it stired has caused Blizzard to decide to not implement the system into the online forums. Nethaera came back and explained that the Real ID will still be used in game for the cross-game communication.

Personally, I think this is a very nice step towards cross-gaming communication. Although I feel there should be various settings that each player can manage that controls what ID you are known by cross game. Whether it be your real name to some individuals while your player ID to the rest of the group. I’m sure the Real ID system is going to go through a plethora of changes, and hopefully it is streamlined to allow the best cross-game communication while keeping privacy and security settings strong.

- Jon@MOGS

Blizzard’s New “Real ID”

Recently announced by Nethaera on the WOW forums, it looks like all posts and replies on official Blizzard forums will now display the first and last name on each user’s battle.net account. This will go into effect before the Launch of the new Starcraft II community site, which is set to launch before July 27th. This new change is being dubbed “Real ID”.

What do you guys think the result of removing this veil of anonymity will be? Will this help reduce flame wars and trolling, and result in more positive and constructive feedback? Or, will this result in increased trolling? With Facebook having over 400 million users, it will be easy to find WOW players on there, which could in turn, move the trolling to a more personal section of the gamers life. Interestingly, Blizzard’s employees will also have their real first and last on on the forums too.

Being a former active participant of the forums, this intrigues me. I would guess that having the accountability of your name next to your avatar, would result in posters acting closer to their actual real life selves. However, I also could see this being a problem, because trolls are likely to dig up real life dirt on players now, and bring that into the forums. Nevertheless, it will be interesting when this goes live around July 27th.

Jake@MOGS

Microsft Bans Modded XBox 360 Units

A big launch can lead to big piracy, especially with the console version of Modern Warfare 2, which was available online for modded Xbox 360 systems for a week or more before launch. Microsoft knows you shouldn’t be playing the game before its official release, and activity on Xbox Live gives them an easy target. Consequently, an unknown number of consoles have been permanently banned from Xbox Live.

The techniques Microsoft uses to separate those who have wrangled early copies of the game from retailers and pirates remain nebulous, but once a console has been banned from Xbox Live, the system is useless to anyone who wishes to play online. That’s a problem—or an opportunity— for the second-hand market, as waves of banned consoles are now up for sale on eBay and craigslist.

No online play, but free games!

The banned consoles come preloaded with hacks and, in many cases, copies of popular games. The problem isn’t with gamers who knowingly buy a banned system in order to play copies of software or to simply enjoy offline, the issue is that there is no easy way to check if a console has been banned or not aside from logging into Xbox Live.

Microsoft’s Major Nelson put it bluntly “This would also be a good time to remind you that the warranty on an Xbox 360 console is not transferrable and if you purchase a used console that has been previously banned, you will not be able to connect to Xbox Live,” he explained. If you’re in the market for a used system, in other words, this is a large risk with the seemingly high number of banned consoles hitting the secondary market.
The problem is that when a retailer like GameStop takes a system in, it at the very most will plug the unit into a television to make sure it works. No one is going to connect the system to an Internet connection to check and see if the console has been banned. You can’t tell by looking at it, and if you find yourself in possession of a banned console, Microsoft is going to be unsympathetic to your plight.

There is no magic bullet. Many systems that have been banned are being sold with the caveat that online play has been disabled on the unit, but it’s impossible to tell how many Xbox 360 systems are being put on eBay or traded in to GameStop that can no longer go online. If you’re buying a system on the secondary market, this is a good question to ask.  If you’re buying at a store, be sure to check out the return or exchange policy if it turns out the system has been banned.

“As part of our ongoing efforts to keep Xbox LIVE safe and secure for the more than 8 million members of our community, it is our policy to ban modified consoles from the Xbox LIVE service. We have found that a small percentage of gamers are playing with modded boxes which would potentially compromise the gameplay experience for other gamers on the service. We believe that even one modded console on the system is one too many. That said, if one of our customers feels like his or her console was wrongly banned from the service, he or she can contact 1-880-4my-xbox.”

The downside to modded consoles

A pirated game is copyright infringement, not theft, and it’s doubtful that the cops are going to bust in your door simply for buying an inexpensive modded system loaded with burned games. If you’re not modding systems for profit or putting your tools online, it’s a civil, not criminal, infraction of the law. Having a modded console may put you on the wrong side of the DMCA, but the authorities have much bigger fish to fry when it comes to criminal action and lawsuits.

That being said, you’ll never be able to update your system to the newest firmware. You won’t be able to play against your friends online. So many of the features that make the Xbox 360 worth owning are tied into Xbox Live; permanently banned systems are crippled in a very tangible way. With systems available new for as low as $200 and used, non-banned systems available for less if you do some digging, it’s not worth giving up so much just to save a few bucks.

Releases of huge titles like Modern Warfare 2 lead to spikes in piracy, which is a good excuse for Microsoft to bust out the Xbox Live ban hammer. It’s doubtful that this deters pirates in any real way, but it’s an inconvenience, and may work to discourage gamers who may be tempted by piracy. So be aware of what you’re buying if you’re in the market, and be sure you understand just how much you’re giving up by buying a modded system, no matter how many games it comes with.