Hello there! Please forgive the ludicrously long domain, it’s temporary. So, welcome to a series of articles dealing with account security. I hope you will find the information helpful, and as ever if you have suggestions feel free to contact me.
There is nothing worse than logging into your World of Warcraft account and discovering all your items missing and characters deleted. It’s not just the item loss which is a major headache; your account could have been used to scam other players & guilds (including your own guild bank!), spam gold messages and execute illegal software to cheat (teleport, speed-hacking & botting etc). A hacked account may result in a permanent ban being imposed by Blizzard, if they suspect the account has been used to cheat. You have probably seen players in-game speeding around at incredible speeds whilst mining – they are most likely using a hacked account.
The gangs perpetrating the hacking are “incredibly active, and it’s a good exploit,” said Roger Thompson, Chief technology officer of Exploit Prevention Labs. “It’s probably a conservative estimate to say that there’s tens of thousands of victims.”
The title of this article is a little misleading because World of Warcraft accounts are already “secure” so to speak; account data (relating to characters and items etc) is stored in highly secure datacentres installed with various state-of-the-art backup and failsafe systems. Therefore you should not assume, if you do get hacked, it’s all Blizzard’s fault. It’s not.
Making sure your Battle.net and World of Warcraft account details are safe at all times is your responsibility.
You should be aware that Blizzard is in the process of merging World of Warcraft accounts with Battle.net. It’s a cool way of centralizing everything into one simple log-in. For example, you can merge two World of Warcraft accounts into one Battle.net account so the next time you log into World of Warcraft, you would get a drop-down box requesting which account you would like to play with. Nice. There are lots and lots of great benefits to the all new Battle.net account system.
I am including an excerpt from the official Battle.net F.A.Q below, with a link to the full version.
Battle.net
Blizz.net
As part of our ongoing improvements to Battle.net, we are introducing a centralized account system that will let players manage all of their Blizzard Entertainment games, including World of Warcraft and future games, in one place without having to remember multiple sets of login information.
The new Battle.net Account allows you to log in to World of Warcraft, manage purchases at the online Blizzard Store, keep track of CD keys for your Blizzard Entertainment games, access our websites (such as the World of Warcraft Armory), opt in to upcoming beta tests, and more using a single login — just your email address and a password. In the future, we plan to add more features, including tools to make it easier for friends to communicate between games and to help bring our community of players closer together.The new Battle.net Account allows you to log in to World of Warcraft, manage purchases at the online Blizzard Store, keep track of CD keys for your Blizzard Entertainment games, access our websites (such as the World of Warcraft Armory), opt in to upcoming beta tests, and more using a single login — just your email address and a password. In the future, we plan to add more features, including tools to make it easier for friends to communicate between games and to help bring our community of players closer together.
Source: Battle.net Account FAQ
As I said before, it’s not Blizzard’s servers at fault; it is you playing into the hands of the hacker that is the cause of the problem. I am not trying to be mean, but we have to get that straight before we can resolve the issues at hand. Hackers and scammers can use some very sophisticated methods to gain control of your account, while other methods are down to naivity, ignorance and innocence of the victim.
Common Sense
Account Sharing
You share your account details with someone you “trust”. Not only is this against the World of Warcraft Terms of Use, it is also very risky. Your friend could pass on your log-in details to one of his friends, who you do not know, and so forth. Before you know it, everyone knows your account details. But that is not the only risk; you have no idea if the guy you shared with has a secure PC. So even if your PC is highly secure, and you feel he can be trusted with your details, his PC might be infected which represents a huge security risk. If your guildmate, friend or brother has your log-in details, and gets keylogged, you are screwed my friend. No more Ding for you.
You hand over your username and password to a complete stranger and pay for a powerlevel. Powerlevelling services are usually bought with real money from a website. It’s another scam to get your log-in details and hard earned cash. Once you hand over the cash and log-in details they will most likely use the account to clear your guild bank, teleport, speedhack and bot. Your characters will be stripped and all valuebles shipped off to other accounts.
Finally, they will delete all your characters so they know when you have the account back, to do it all over again. Woot?
You sell your account online and hand over the username and password expecting payment from a complete stranger because you came to an “agreement” on MSN. You might also receive and offer in-game for an account trade – I will give you mine if you give me yours, so to speak. It doesn’t matter, once you hand over your details you can kiss your account goodbye. You even may buy a stolen account, not knowing it is stolen, and when the original owner claims it back, you might complain “your” account has been hacked because you can no longer log into it.
You receive an email, or a weblink, directing you to a website that resembles an official Blizzard/World of Warcraft site. Thinking it is legit, you log into some page using your World of Warcraft account details, and that’s when your username and password is emailed to a 3rd party (scammer). The hacker is now on your account stealing your epics and you can no longer log-in. Yay.
You download a file that contains a trojan/keylogger. Now whenever you press a key, on your keyboard of course, the keystrokes of your username and password are recorded, and automatically sent to the hacker to have his wicked way with your World of Warcraft account. Grats, your account has been hacked.
“No problem. I will just retrieve my password!”, I hear you say. Wrong!
If you are keylogged you should expect the scammer has the ability to also log into to your email accounts (since he knows all usernames & passwords entered since the computer became infected). All he has to do now is log
Trojan
into the World of Warcraft Account Management, change the registered email on the account, and finally log into your email account to verify the email change. Now your account has a new registered email you have no access to, rendering Password Retrievel utterly useless.
You see a weblink, posted on a forum for example, and you click it without thinking. The link sends you to a web page which has some kind of invisible script designed to keylog your computer. This can be a real problem on popular forums, including the official World of Warcraft forums. Beware of clicking links!
Ensuring sure you have a secure computer, and therefore a secure account, is not difficult. Follow these simples steps and you can log into your Battle.net/World of Warcraft account with confidence.
The Blizzard Authenticator is a great way to secure your Battle.net account. It’s a little device which you attach to your account through Account Management. Once attached, whenever you log into your Battle.net/World of Warcraft account you will be asked for your username, password and a digitally generated code which you get by pressing the little button on the Blizzard Authenticator. Without that code you cannot log into your account.
The cost of the Authenticator is $6.50/€6.00 and you can buy it from the online Blizzard Store.
Blizzard Authenticator
Blizzard Authenticator
Protect your World of Warcraft account with industry leading account security – introducing the Blizzard Authenticator!
The Blizzard Authenticator is designed as a supplemental authentication method for your World of Warcraft account, giving you the security of Two-Factor authentication. Each time you log in using the Blizzard Authenticator you are provided with a unique, one-time use password to use in addition to your regular password. Log in with both and you can rest easy knowing that your account is now even more secure from malicious attacks such as keyloggers and trojans.
You should have good anti-virus software installed on your computer. Anti-virus software protects against infected files that might contain a trojan or keylogger. I personally use ESET NOD32 which has always done the job, but there are many good alternatives on the market. If you don’t have the cash to invest in anti-virus software have a look at AVG Anti-Virus Free which is very good anti-virus software.
Once you have installed your new anti-virus software, and updated the virus definitions, go ahead and run a full system scan. You should also set the software to automatically run at least one full system scan per week (I prefer nightly), preferably when you know you will not be using your computer. Most anti-virus software have options to automate system scans – I have mine setup to run a full system scan every night at 04:00am.
Anti-Virus
ESET Nod32
Antivirus protection is spelled “NOD32.” Built on the award-winning ThreatSense® engine, ESET NOD32 Antivirus software proactively detects and eliminates more viruses, trojans, worms, adware, spyware, phishing, rootkits and other Internet threats than any program available.
It’s the ideal antivirus for Windows XP, and also runs smoothly on Windows legacy systems, MS-DOS, file servers, mail servers, and more.
I highly recommend switching from Microsoft Internet Explorer to Mozilla Firefox with the NoScript plugin. NoScript is a really cool plug-in that cuts the risk of being infected by a keylogger.
You may have been on a forum and seen someone posting a link to something that sounds really cool. Without thinking, you click the link and get keylogged without actually knowing. This is because hackers sometimes use hidden code on web sites you visit to infect your computer.
NoScript is an extension or add-on for Fox which automatically blocks Javascript and Java from running. If you trust a website, you click the NoScript button and tell it to allow scripts either temporarily or peranently for that specific site. It’s great.
Battle.net: http://www.battle.net
Blizzard Online Store: http://www.blizzard.com/store
Mozilla Firefox: http://www.mozilla.com/firefox
NoScript: http://noscript.net
Windows Update: http://update.microsoft.com
I will be adding more content to this article when I have time, it’s nowhere near finished! I will also be writing another article on what to do if you get your account hacked.
Until then, ciao!
March 12, 2010 at 2:47 pm
felicitaciones por tu articulo y por el tiempo dedicado en el. en realidad busco la forma de ligar mi cuenta a battle.net (asi encontre tu articulo) ya q estoy bajando una version de prueva de world of warcraft. aparecio la ventana donde pido asociar mi cuenta, eleji el pais (mexico) y despues de leer el contrato debajo hice click en aceptar y al hacerlo no pasa nada. te agradeceria me dieras informacion sobre eso, gracias