Recently a fellow businessman's account has been hacked on my realm. Now that is nothing out of the ordinary, we all know that these things happen every day. However I have to point out something. On my realm there are thousands of regular players, but only a handful who have money like he did. That got me thinking. What are the chances of this, that the hackers accidently hit the jackpot? Then I figured that anybody on the realm who has been on the AH knows his characters name, because he is kind of a big trader, much like I am. So what if the hackers targeted him, because they know he has a lot of gold? It wouldn't be rocket science to figure out who are the "big dogs" moneywise, since 80% of the realms trading is done by 6-7 players, so it is pretty obvious.
I don't know if it is true, but I thought I had to share it with you guys. I attached an authenticator to my account right away, and right now I'm trying to improve my account's security further. I advise you to do the same.
You can buy an authenticator which doesn't cost that much, but if you have a smartphone, you can also download an application, that functions as an authenticator. The app is available for iOS, Android, Blackberries, and Win7 phones too. The app is free, so if you have a smartphone, I think you should use this option, since it doesn't cost anything.
Another thing to do is to change your password from your cat's name to something like J7dfh5OI34mff93S. It might be harder to remember but, even harder to guess for someone who doesn't know it.
Also, regular virus and malware-scans are advised. There can be keyloggers on your computer logging everything you type, even your password.
Finally, don't give your password to a lot of people. Remember, you not only have to trust him/her not to steal your stuff, but you have to trust his/her computer not to have any keyloggers and what-not. Besides, with an authenticator (which I very much advise you to have) you can't even give your password to anyone.
14 comments: on "Account Safety"
Anonymous said... November 26, 2011 at 9:37 AM
I always keep my username and password in a Notepad document, then cut and paste into each field.
Anonymous said... November 26, 2011 at 10:32 AM
Shockkmaister, you left out one important item, the Battle.net Dial-in Authenticator. This is a great free service that anyone without a smart phone should take a look into getting. This has saved more then one guildie/goblin from reaching a similar fate.
Cold said... November 26, 2011 at 1:56 PM
I like to use a Virtual Keyboard for any logins / passwords, so they aren't logable keystrokes. Instead of typing on the keyboard, you click the virtual keys with your mouse.
Safe, Easy, And Effective.
Dan said... November 26, 2011 at 2:33 PM
Hey! That's my password
Anonymous said... November 26, 2011 at 8:18 PM
Would be nice to have some suggestions on free antivirus/antispyware for those who many not be as informed as others on these things.
J.E. Douglas said... November 27, 2011 at 2:00 AM
Account security is 95% intelligence and 5% technology.
A good set of security tools is mandatory anymore for a secure system. From a virus/trojan horse protector. To just not letting people that you don't trust use your system.
One thing I would add to your list, is that many people get their passwords taken not from their system, but form their friends system. They log onto their buddies computer to "check their game mail" and then poof, the keylogger catches their password and their account is busted wide open.
Undermine journal is a pretty good tool for knowing who is posting what, where it's a feature to search the most popular posting on a server, it's also dangerous information for those that want to see who to target.
Anonymous said... November 27, 2011 at 3:42 AM
Long time reader of JMTC, first time responding. I think you are spot on with this article. I have been playing WoW for many years, and only recently have I ever been hacked. Oddly enough, I was hacked twice within one month. Even after making all the changes to security etc. after the first attack. This never happened to me before. The difference I truly believe is me being targeted. I never had over 30k gold before, however I have recently been consistently over 200,000g and that is about when the attacks began. Each attack I would log back into nearly 0 gold. So I think there is absolutely a direct connection between having great wealth and being targeted by hackers. Blizzard needs to be doing much more to combat gold sellers/hackers imho. ~Theo
Nin said... November 27, 2011 at 11:38 AM
Instead of random babble, I'd recommend using a sentence - you'll remember it better and also it will nice and long and not in any dictionary to avoid bruteforce hacking. Ofc, with authenticator WoW password does not really matter, but it's something to consider with other sites.
Dàchéng said... November 28, 2011 at 6:09 AM
Nin, people with authenticators have also been hacked. Search google for "authenticator hacked" to see how. I am with first anonymous: I never type in my username and password. I always copy and paste them from another document.
Shockkmaister said... November 28, 2011 at 9:15 AM
Just now I recieved a possible account phishing e-mail, the most puzzling one I've seen. I honestly don't know if it is something real or phishing, the sender is noreply@blizzard.com but it has a link I need to click on and login. Anyways I'm contacting a GM about this.
I think the best thing to do when you don't know what to do is ask a GM.
BTW I only recieved one account phishing e-mail(couple of years back) in my 5 years of playing WoW. This is the second, and I only started the business in february. I don't think this is a coincidance.
Shockkmaister said... November 28, 2011 at 9:18 AM
The GM responded (killer response time BTW), and it was a phishing mail. I have no idea how they made it look like it were coming from a blizzard e-mail address.
Ding said... November 28, 2011 at 12:22 PM
Several steps help out.
1: Authenticator - it's not even expensive!
2: A good, solid password
3: Look at the mails you get! Do not only look at the sender of the mail, but mouseover (do not click!) link. In most browsers and mailprograms the adress will be possible to read somewhere on page (browser firefox and ie7 bottom left corner). It is often obvious it's not a legit mail.
4: The easiest way around most of the phishing: Have two seperate mailaccounts. One for your Battle.net and one you use for all the mailsubscriptions etc. That way you can split up things neat and fine. And dont fall into the pit of starting to use your new mail adress to "just the important newsletters i have full confidence in". On this issue, not even your private banker can be trusted.
Alerick said... November 28, 2011 at 8:28 PM
It seems as if the gold hackers are becoming more persistent and clever in their attempts to dismount us from our thrones atop piles of gold. I have used an authenticator for quite a while now on my smartphone which also proves to be handy for posting through the mobile auction house. I strongly recommend getting an authenticator if you do not already have one. The new additions they made to the system make having one a lot less of a hassle. Although most phishing attempts will most likely be through an in-game tell from a level 1 character using broken english to convince you of something you didn't do, you need to be wary of the occasional clever character who could possibly trick you. When a GM wants to talk or get in touch with you, they don't do it in whispers. The use a separate chat window that's built into the game. Good luck all and be careful. With great gold comes great responsibility
Anonymous said... February 13, 2012 at 3:15 PM
If account security is 95% intelligence, you lot must be incredibly... you get my point. It‘s not though, nor is it about common sense. It is about knowledge.
Don't give tips on account security without reading up on it first! Instead of using random letters and symbols that you will NOT remember and probably end up writing down somewhere use something easy to rember like CatLandedInThePieThatWasALie. Very easy to remember and VERY hard to crack while at the same time being very hard to guess.
To you using a virtual keyboard, if it‘s the standard windows one or one like it, ANY keylogger picks that up as it acts just like a real keyboard. As for the ones copy+pasting, slightly better as not every keylogger picks that up but MOST do.
So stop it.
Post a Comment