In connection to the account security segment from ATA 195, I am coming to you now, my dearest listeners, to bring you some more detailed points about account security. I will answer a few key points in this article:
- What happens
- Why it happens
- How to protect yourself from being compromised
- What to do if your account is compromised
- How to prevent it from reoccurring
I hope this helps you learn how to protect and secure your WoW and other MMO accounts.
What happens
Ok, so first we take care of the what. What have you, Joe or Jane the
player, done to lose control of your WoW account? Well, Joe, you know
that email you got? The one that said you’d been a bad boy and that you
had been selling gold or something equally unpleasant? Well when you
entered that information at that official and real looking site, it was
what is called a Phishing attack. Jane, you know that Google search you
did for your favorite addon? When you downloaded and executed that
update.exe file you installed something called a backdoor or a Trojan
into your computer.
That Trojan horse is now letting the person who now possesses all your
gold and items spy on your every click and keystroke, not to mention
logging into your account, steal from your friends and guildmates, and
overall hurt you in game. There have been a few times when a rogue ad,
inserted by a malicious person, has caused those visiting popular sites
in the community to get compromised, but these are fairly uncommon now. I
will get into preventing these things in a moment, but first, why is
your account so valuable?
Why it happens
There was an article awhile back, maybe a year or so ago, that compared
the black market value of a WoW account to that of a high limit credit
card. The funny thing is that the WoW account, due to protections in
place by the credit card companies, is actually more valuable than the
credit card company. Why doesn’t Blizzard do the same thing now as the
credit card companies do? Let me lay out the scenario on applying the
credit card security measures to a WoW account. First, you would need an
authenticator to login. There would be no question on this.
No authenticator, no login. Second, if you logged on to transfer items
or money around, there would be a chance you’d have your account frozen
until you cleared it up with Blizzard. Want to buy that Battered Hilt
for 12,000 gold? Ha! Best call ahead to give authorization, it would be
highly unpleasant to make that seller wait with trade window open while
you tried to call Blizzard to clear things up. Going on a trip? Well,
you better hope that your logins don’t toss up a flag that needs you to
call a long distance number to unlock your account every time some minor
thing about your login changed!
In the end, those protections are good for a Credit card, but not really
practical for an online game where you want to login and play quickly.
How to protect yourself
First, and foremost, Authenticate, Authenticate, Authenticate! Be it on a
device like an iPhone or Blackberry, or using a keyfob, you need an
authenticator. You do not have to have one, but it is foolish to not
have one in a time when more and more people protect their account with
one. The more who have, the more likely those who do not will get
compromised and lose access to their account for a time. When the pool
of targets gets smaller, all the fish are more easily noticed.
The next way you can protect yourself is to only log into your account
from a trusted computer. We’ll talk more about this later on.
How to recover from being compromised
Let’s be clear, while WoW is the most noticeable bulls eye around, other
games have the same issue. Think of it like the computer market.
Windows is by and large the dominant Operating System, and therefore has
the most, and the most noted problems with viruses and trojan programs.
But, there are still attacks and problems that happen on Macs and other
Operating Systems. If you play WoW and other MMOs, it is likely that
all of your games and accounts will be compromised, but not all game
makers have an authenticator like security measure available. Win one
for Blizzard!
Please note, these steps are from what I recall hearing, as my
account has never been compromised. In order to recover your
compromised account, you will need to contact Blizzard. Their Reps will
ask several questions, and may ask you to prove you are the account
owner. If you bought the account, or otherwise are not listed as the
owner, Blizzard can, and very well may, refuse to help you. Their toll
free number is 1-800-592-5499. They will verify information on the
account like any CC on file, the account info like login details, and so
on.
Next, be prepared to wait. Blizzard will restore the account to you, and
restore some items and gold, as well as replace anything that was taken
from a guild bank, though it can take some time, up to a week or two.
While this is going on, I strongly recommend investing in some form of
the authenticator. This will, it is hoped, keep you from being
compromised again.
How to prevent it from reoccurring
First, let me say, that if you have not had a compromised account, do
not wait until your account does get compromised before you take
measures to protect yourself. Getting your own authenticator attached to
your account will, we hope, prevent you from ever needing the rest of
this article! No, the authenticator that belongs to your buddy halfway
around the world is not good enough. Yes, you need your own
authenticator, that you can hold in your hand.
The next thing you should do is find and download a spyware detection
application, and an Anti Virus. Good options on these are Spybot Search
and Destroy, and AVG Antivirus. These are both free apps, and work quite
well at detecting problems and removing them. These are not 100%
protection though, so you should definitely keep a few things in mind.
1. Do not click on any links in any emails that are from Blizzard, or in
any emails that are claiming to be from Blizzard. Always go to
worldofwarcraft.com or battle.net yourself by typing them into your
browser and logging into your account there. If you got an email about
it, you’ll have the same info in your account. If you got one but not
the other, something is up.
2. Only download addons from trusted sites, like Curse and WoWInterface.
I personally have my concerns about the auto updaters like WoW Matrix
and so on, but they have been without issues for a fair time, so they
can be considered a warily trusted source.
3. If it’s too good to be true, it is likely to cost you it’s worth. If
you find a program that will get you lots of gold, lots of loot, or
otherwise gain things without much work, it is likely to do one of two
things: Give your stuff to the writer, or cost you your account for
violations of the Terms of Use. It is not worth your account to do these
things, I can assure you!
Looking ahead
Now that this huge chunk of info is done, I hope that it either helped
ease your way through the account recovery process, (and made it
unlikely that you will need it again), or that it helped prevent you
from needing this information at all. If you have any questions, please
do not hesitate to contact me via email or twitter. Comments on this blog are
also a good way to get the conversation about account security started,
which can help even more folks.
