25.2.11

Let's Be Careful Out There: Account Security - Guest Post by Aoife

While I am neck deep in diapers, baby powder, hyper-aggressive mutant cold germs and a zombie-like wife suffering from sleep deprivation, I have called out to the Blogosphere for help in the form of Guest Posts.  Aoife was kind enough to take pity on this tired ol' dwarf, and responded with a post about account security.

LET'S BE CAREFUL OUT THERE

Hi folks! Aoife of Mok'Nathal here, filling in for Fannon while he tends to Dwarfling Battle Poop (his words, not mine). As way of introduction, Aoife (Gaelic, pronounced 'Eee-fah'), my main, is a lvl 85 Hunter (BM/MM) and the first toon I created back in late 2006. I'm guild leader of the Divine Alliance of Mok’Nathal (we'll celebrate our 4th anniversary on 9th March this year). I have 9 other toons on Mok, 5 of whom are lvl 85, and numerous toons on other realms. No, I don't have a life.

The directive I received from Fannon was to write about any WoW-related topic that I wished. Well, there are oodles of WoW-related topics near and dear to my heart and I couldn't decide on which one. So I sent a message to my guildies requesting ideas for topics. I started to write from the perspective of my lvl 85 healer, Ca├Âimhe (also Gaelic, pronounced ‘Kee-vah’), but things conspired against her ranting about DPS refusing to heal themselves in instances and raids even though they are capable. Plus there were other blog posts that week that shared her views and she just didn't feel the need to be heard. So that post was shelved (deleted) and what took its place was my personal ranting about account and internet security and safety, plus some useful (I hope) tips to keep your account safe.

I'm a webmaster for our guild website and forums, and several non-WoW-related websites and forums as well. I do battle daily with hack attacks and attempts to break into our sites and forums mostly for no other reason than to spew garbage and wreak havoc. About a week ago Sunday, our guild forums came under attack by hackbots that were out to crack the passwords of members. This caused a huge headache and many moments of terror and panic but the attempts were thwarted at the beginning by our tight security which has been made even tighter since the initial attacks. Account security and safety for forum members is utmost in my mind at all times. I can appreciate fully the concerns and efforts Blizzard has on these topics as well.

As a guild leader, I’ve had to deal with guildies who've had their accounts hacked, oftentimes being the one who discovers that hack and opening the first ticket to nail the thief. More than once I’ve even had the opportunity to 'chat' with the thieves who try unsuccessfully to convince me they were the owner of the account. One of them even said to me, "Excuse me, I'm busy – my account has been hacked." <sigh>

In our guild, we talk daily in guild chat and on vent about account security. I post information on our forums under our 'Account Security' board and send out information to our email list. And yet friends and guildies still get hacked. And this past week, one of our own officers received a whisper ingame from a hacker pretending to be from Blizzard. The officer's account was hacked the next morning, and our guild bank was stripped of gold and items. I discovered the hack about 2 hours after it had happened and opened a ticket and notified the officer immediately. We got the items back within a few hours of my reporting the hack to Blizz – they were right on top of it and got the account secured and items returned in record time! As I said, I've had to deal with Blizz folks several times concerning guildies' hacked accounts and I just cannot praise those Blizz folks enough for their efforts.

Anyway, enough of my rambling. Let's go over some ways to prevent these hacks from occurring. I will say that attempts will occur. There is no way to stop the attempts. Not with people being paid to do the attempts and being paid to create ways to do the attempts. Not gonna stop the attempts. Nope. Not gonna happen. So, what can we do? There a number of steps we can take that, when combined, will set up an nearly impenetrable defense. And I will state this over and over:

GET AN AUTHENTICATOR! Going without an authenticator on your account is like leaving your car running with the doors wide open and a 'Please Steal Me' sign on the dash. With an authenticator, combined with all the other measures below, you're protecting your credit card and bank account information as well.

A lot of the following information comes from Blizzard’s updated Account Security and You (Yes, You) - World of Warcraft (http://us.battle.net/wow/en/blog/2299938).


· Create an email address and password that are ONLY for your Battle.net account and be sure to use that email address and password ONLY for that account. If you get a phishing email to some other email address, you'll know it’s a hack attempt.

· Never give out your account information. Sharing account information with ANYONE is an easy way to lose control of your account and have your account compromised. Allowing someone else to access your account can definitely put it at risk because you can't control how that person will make use of your account information, or how secure their own system might be.

· Be mindful of phishing scams. Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of emails or in-game messages that appear to be sent by Blizzard employees. Sometimes these messages encourage you to visit a malicious website, which might contain a web form, or even software that can steal your login information. In other cases, you may be asked to reply with your account name and password. NOTE: Some of these emails can look surprisingly legitimate, and even the links will lead to websites/pages that look authentic. DO NOT BE FOOLED! Suspect every email and whisper! (puts on tinfoil hat) Blizzard will NOT whisper you ingame about potential account violations and threats of closing your account. AND Blizzard will NOT ask for your password in any correspondence.

· Don't use gold selling or power-leveling services. Supporting these types of illicit services is not only against the Terms of Use, but it promotes botting, spamming, and other forms of exploitation -- as well as account theft. And that gold you're buying is commonly stolen from compromised accounts and turned around to be sold back to other players.

· Get an Authenticator. The Battle.net Authenticator and Mobile Authenticator are easy ways to add an additional level of security to your account. They work by providing a secure authentication code on command that's unique to your Battle.net account. After an Authenticator is associated with your Battle.net account, the authentication code will be necessary for each client and Account Management login, increasing your protection against account compromising attacks.

· Install antivirus and anti-spyware software. There are a number of programs that can help you identify and remove any viruses, Trojans, and/or keyloggers that may sneak onto your computer. KEEP THIS SOFTWARE UPDATED!

· Keep your operating system up-to-date. If you're using Windows, you can check for the most current updates at any time by visiting the Microsoft Windows Update page, or by clicking Windows Update in the Start menu. If you're a Mac user, you can check for software updates at Apple.com; Apple security updates are also available there.

· Keep your browser and browser plug-ins up-to-date. Browser updates can include new security definitions and more comprehensive phishing filters.



WHAT TO DO IF YOU DO GET HACKED

Help, I got hacked! - Account Security - Battle.net http://us.battle.net/en/security/help

If you suspect that someone else may have gained access to your account:

1. Don’t panic. Our in-game customer service representatives are available around the clock to assist you with all your account needs. Our in-game, billing, and technical support representatives will work with you to get your account and all associated data safely restored to you.

2. Change your password immediately if you can still log into your account. Also check whether the personal information on your account has been changed, as this could be a sign that someone else did indeed gain access to your account. Click here to change your password.

3. Recover your account access using our automated Account Recovery web form. After you answer a series of questions, we will reset your password and restore your access to this Battle.net account and the Blizzard games you play – including World of Warcraft characters and items.

4. Check the list of common thefts. Do any of these scenarios sound likely? If so, you will have a better idea of how your account was stolen. This kind of information can be very useful for our support staff. You can email your findings to hacks@blizzard.com.

5. Use appropriate countermeasures. Once you know how your account was stolen, you can take steps to prevent any further damage. Follow the “Solution” tips listed under Types of Account Thefts.

6. Be patient. Although they are dedicated and efficient, our support staff will need time to schedule and carefully review your case. Please be patient while they follow up on your request, and rest assured that they will contact you as soon as possible.


4 comments:

  1. 3 cheers for Authenticators and Core Hound puppies!

    ReplyDelete
  2. I've been hacked once - got an authenticator and got all my items and gold back and since then have had no problems. If you have a iPhone; there's no reason not to get a mobile authenticator as it's free :)

    ReplyDelete
  3. Very good post! For both new and experienced players.

    I've been hacked before and even now that I knew most of the above, after reading up on it after it happened, it's still good to remind and reiterate it for yourself. 

    When you put so much time into something you want to do all you can to prow g it right? You wouldn't leave your bank account open would you.

    I get numerous phishing e-mails every day. But marking them as phishing scams in your E-mail will eventually reduce them severly.

    Just be alert.

    -Jamin  

    ReplyDelete
  4. I get TONS of phishing e-mails to all three of my email addresses. I have a special one for WoW only, but my other 2 get hardcore spammed, too XD

    ReplyDelete