Friday, June 11, 2010

OMG HAX!

Account security is a very real and very serious topic that many people don't seem to pay enough attention to. Many people seem to think that World of Warcraft is just a game and they don't care if their accounts are hacked and shredded to pieces, or that they lose all of their gold, items, characters, and everything else that they have worked so hard for. I used to be one of those people too! Until I realized that there was more at stake than just my in game items.

If a smart hacker (i.e. NOT a bot or Gold Farmer) got access to my account, they would be able to see my email address and other personal information. What about my credit card information? What about my Real ID information when the system becomes active next patch? There's a lot more than just pixels that is at stake. But how do we protect ourselves from these theives? Well that is what this column is going to be about: General Account Security tips and tricks. This week we are going to talk about email security.

I have two email accounts that I check on a regular basis. One is for my spam/junk mail and the other is one that I keep private. The private email is the one that I have associated with my World of Warcraft game account. I protect this account at all costs by not signing up for newsletters or giving it out all willy nilly. That is what my spam email account is for. Imagine my surprise when I got an email inviting me to the World of Warcraft Cataclysm Alpha Test. The from email address was noreply@blizzard.com. So what tipped me off to this being not legitimate?

Using common sense (which is hard for some people, I know) I knew that the Alpha Test is for Blizzard employees and their family and friends. I only know ONE person who works at Blizzard, and that is only through Twitter. I KNOW he didn't invite me. So how did Blizzard know to invite me? They didn't. It's a scam. I found it kind of funny so instead of immediately deleting it, I opened the email and checked it out.

First thing first, let's see who this email goes to if I hit reply. So it goes to noreply at blizzard.com huh? But... who gets the email if it says noreply? Clue number one! Canceling the reply, lets take a look at the body of the email. The formatting of the email looks good. There's styles and headings, text is both bolded and italicized. It looks really good and professional. None of the text is misspelled, which is usually the first indication that the email is a hoax. So let's look at the links next.

So the first link in the email asks me to go to http://alpha.worldofwarcraft.com and follow the step by step instructions. They even gave me a serial key. Ok, looks good so far. Lets check to see where the link actually goes. If I hover my mouse pointer over the link and look at the notifications section at the bottom of your browser you can see what the link really is. Even if they match, it's not guarenteed to be 100% safe. So lets see where this one goes to. Hmm... http://www.cataclysm-signups.com doesn't sound very Blizzard-like to me. Various other links in the email point to the same website, which I did NOT visit. I don't suggest you do either.

So what is the best way to protect your account? Well first, and probably most important, GET A BLIZZARD AUTHENTICATOR! Did you understand that? You can order one from the Blizzard store for around $5, or if you have an iPhone or Droid mobile phoen, you can download their app for FREE! Either way, get the Authenticator. You'll also get an in-game pet, which looks pretty cool. It's a two headed red/orange core hound pup.



There are other ways to protect your account. Don't open any links directly from the email. Hover your mouse cursor over them and see where they really go and search for them on Google. Also, look for proper spelling and grammar in the emails. Most valid emails will contain little to no errors within the body of the message. Also, and this is a BIG indicator, the name you have on file with Blizzard will appear in the email. Most emails will start off with Greetings, but never include your name. Official email from Blizzard will ALWAYS include the name that you have on file with them.

Blizzard employees will NEVER ask you for your password. EVER! If someone claims to be a Blizzard employee and they ask for your password, run away very fast. Never give out ANY account information, even to your friends. Your friends may be trust worthy, but they may not be as knowledgable as you are when it comes to hacking attempts and inadvertantly get your account hacked.

And that's about it. Just use common sense when dealing with your account information and emails inviting you to participate in Alpha/Beta tests. Did you remember what the number one way to protect yourself is? That's right, get yourself a Blizzard Authenticator and you should be well protected.

Take care all and be safe!

1 comment:

  1. I set up the Authenticator on my i-phone for the cool pet, and then I got rid of the service... so they took my pet!! Fair??? I will let you decide

    ReplyDelete