It looks like you're new here. If you want to get involved, click one of these buttons!
Please use this thread to discuss account compromise issues. This can include phishing emails, account hack stories, scams, ETC. This is being done in an effort to consolidate the new posts being created daily on the same topic. Thanks.
Also, please remember our Rules of Conduct when posting.
Comments
I got one today for a Cataclysm beta opt in. It was well written and believable. A quick look at the link though and you knew it was a fake. Another quick look at the sender, hotmail.com, and it's delete time. The hackers are getting better at writing I see, but they still can't hide their BS links or the fact that they send it hotmail.
I get e-mails that are obviously phishing attempts, and out of curiosity and for grins, follow the links. Then my browser goes HOLY SHIT WTF THIS IS SITE IS A FORGERY (paraphrasing of course). Anyone else get this?
I'm not here to complete my forum PVP dailies.
Yes.. I got a couple. Funny thing is, I closed my accounts in July. It's my annual WoW break time, July through September too busy at work then vacations.. etc to play. Anyway, so they are really phishing but in a pond with no fish. hehe
There are people WITH authenticators still getting hacked. The whole "KEYLOGGER!/Get an authenticator" dead horse/escape is getting tired. Yes, most people are dumb and think blizzard will give them FREE GOLDZ! by clicking the below link and logging in, but the last few months have been particularly bad and its time to stop passing the buck and actually look into the fact that accounts may be being compromised due to a security issue on Blizzards end, or a security hole in the login process itself. (Before anyone goes "hurfderf but they need to report security breaches by law blahblah /internet lawyer* here, they need to report KNOWN security breaches, and within a timely manner. Not to mention they can play the "oh well we know about it but want to be ABSOLUTELY SURE" thing for a while as well before reporting jack) The "They're making tons of money!" conspiracy is bullshit, but the people spouting canned responses sound equally silly right now.
The only currently-known way of hacking in to an account with an authenticator is a virus that intercepts the authenticator code, giving a person only a few minutes to login. You have to find a person with an authenticator, and without a decent virus/spyware program for that to work. That doesn't make it easy, or worth most people's while when there are still millions of other people that can get hacked with a simple email or keylogger. It's just a determent, like any anti-virus or spyware program. Nothing is full proof, but it helps a LOT.
i receive like 3 email every 2 or 3 day's about my account of wow, they always use a different kind of email and they try to get my password...what is strange is that i get those email only after i "resub" to the game for 1 month...
Yeah! i know i need to practice my english!!
The fact is there is enough information out there for people to see for themselves why and how Blizzard implemented the Authenticator idea, and I've said all I need to say. I couldn't care less what people think about me or my opinions, and I have done enough research to know my statements are true so it doesn't matter to me if anyone believes it. If people want to say I'm wrong, it's their loss for making false assumptions and not researching it. I haven't even given much of a personal opinion on the issue because I don't play WoW anymore nor do I play any Blizzard game. I would just say play a better MMO if my posts were only about my personal opinion lol Nonetheless, I still found good value in protecting my account with an authenticator considering what I know about how they work and how inexpensive that solution is for the player.
I also think that even if I never play it again, $6.50 is a pretty ridiculously small amount to argue about. To me, it was worth the extra security even if SecurID was paying Blizzard to promote their security devices (completely unfounded rumor, but certainly a viable idea). I didn't find any such information, and only found a lot of information to the contrary, but in the end I might've bought it anyway because I can afford to try something out for $6.50. People drop a lot more money each week on lottery tickets with a much lower chance of getting anything in return. I wouldn't have been bent out of shape about it if it turned out to be a huge scam and not work at all. I also got a cool pet for almost half the price of their two other pets in the store. Kind of irrelevant since I don't know if I'll ever play again, but it was a pretty good deal any way you look at it. If you don't like the game enough to pay $6.50, then you definitely shouldn't be paying $15/month. Ditch the game completely, then it doesn't matter if anyone hacks your account.
To anyone who needs to post here... get a freakin authenticator. The smart phone version works great and I use it for Starcraft 2. It adds a grand total of 3 seconds to my login time, but I NEVER need to worry about my account.
i would like to blame blizzard too, but it was mine. i allowed a keylogger to get on my system sometime and never cared about virus or spam ware. someone got my email account reset my wow and aion accounts lost all my toons in wow, but still have the account . aion well they gold spammed the area to death i guess both banned forever. atleast aion sux so no biggie there . now i have spam and virus ware up to date always and auth for both accounts.. in wow
Saying you cannot hack an account that is tied to an authenticator is like saying you can't program a virus for a mac. Or remember when Microsoft said you couldn't hack the xbox360? Or how about the news the ps3 has been hacked. The point is there's no reason to really go after the people with the authenticator at the moment because so many other still run without it. Your best bet, above and beyond anything Blizzard wants to sell you, is a little common sense...mixed with a good antivirus program. Idiots that fly around the net and get their computer infected with herpes is what gets them hacked...it's not the lack of an authenticator.
I sincerely don't understand why people who know how to package a keylogger and get it onto someone's system would first attack WoW accounts...
If I was looking to steal some property virtually...my first thought wouldnt be..."Oh boy, im going to create a keylogger and get mad golds from people's WoW accounts." Does no one who plays WoW log into an online banking website? Wouldn't that be a way more productive thing to hack with a keylogger?
Except a bank account transaction is usually far easier to track than some random person logging into your wow...stealing everything and selling it for real world cash before Blizzard gets around to responding. You have far more legal rammifications with real world money than virtual property.
Anything is possible. My accounts seem to only get hacked or compromised when there inactive. I don't know how there doing it, but it has happened twice. It wasn't a keylogger either. The account was hijacked after the game was uninstalled and the harddrive wiped from the computer it was on.
Anyway if you have a smartphone then download the free authenticator app. It's easy to use and adds an extra layer of protection. If you don't have a smartphone do what you need to do.
I agree. I haven't had any issues since I bought mine and $7 is totally worth it.
A witty saying proves nothing.
-Voltaire
With the recent issues, I can say this.
I havent logged into this game for nearly 2 years, even though I still have a paying account(loyalty to guild, I guess).
Last few weeks I have seen a huge increase in Spam folder of "Official Looking" emails but have deleted them all.
Got an actual Official Email a few days agl from Blizzard saying my account has been compromised and I have been banned.
You do the math, the recent account issues are an internal problem within Blizzard that they are trying to cover-up, period.
there is also a couple thats free, like last time i resubbed (no idea why played like an hour, heart just wasn't in it) i got the free one for my ipod touch from the app store.
And there's a free iphone/iPod touch/DROID app for authenticators. No reason not to do it.
_____________________________
"Ad eundum quo nemo ante iit"
Here's another tip, aside from the obvious, buying an Authenticator, using good AV and other security sortware, don't click links, etc... Get an email address specifically for your game account and don't use it for anything else, type it anywhere or give it out to anyone at all. I know I'll hear some derision for this but I use Hotmail as a dummy account for things like signing up for sites, F2P and other game accounts I don't care about, etc and it catches 99.999% of phishing emails and other spam that it gets, including the one's for WoW. Regarding WoW phishing attempt emails, on that Hotmail account, I get at least a couple a day, and I've had the account for several years and I can only remember one or two that ever got by their built in phishing/spam filter. I'm not usually one to tout MS products, but I gotta tell it like it is, and Hotmail isn't bad in that regard. In fact I'd say considering the track record I've seen it's damn good... and free.
Use Firefox with AdBlock, FlashBlock and NoScript... ditch everything else, especially Internet Exploder.
-------------------------
"Searchers after horror haunt strange, far places..." ~ H.P.Lovecraft, "From Beyond"
Member Since March 2004
Easy answer to this: International Law
Foreign citizen messes with an online game, their home nation probably doesn't care.
Foreign citizen messes with an international bank, home nation can be more apt to pressing criminal charges.
If you've got someones account info, and they've temp canceled the account, and never changed the password, and you can make a few quick bucks with a slash/burn job through their characters, thats far more profitable for less risk than going after someones bank account.
The companies that buy/sell gold aren't stateside operations, and they're also the ones who will do the most damage. Buy gold one day, 3mo later if you haven't changed your account PW, guess what, you login naked on a level 1 you never made.
Personal tips I give my friends:
If you're planning on canceling your sub, sweep your comp for spyware and change your password before the time lapses. The people stealing your stuff aren't in a rush, as long as the PW they jacked from their keylogger is current, they can just log in whenever.
Authenticators are the best option, because the code is only good for 1min, which means if your comp does have the man-in-middle virus on it to steal your code as you enter it, they are under a much stricter time-line than your average phishing attempt.
Account sharing is not supported for a reason. It doesn't have to be your computer that gets compromised if you share your info with people. Your box may be lockdown secure with a 26 digit pw for windows. Your guildie who convinced you to let him log onto your account doesn't have a windows password and has more spyware active than people who bought the sparkle pony mount.
And aside from the authenticator, the other two are universal with anything you have an account for.
And if you do find yourself on the recieving end of a hack, learn from it, find where your comp got infected, and take more proactive steps to preventing becoming a victim in the first place.
Lets Push Things Forward
I knew I would live to design games at age 7, issue 5 of Nintendo Power.
Support games with subs when you believe in their potential, even in spite of their flaws.
Scanning my computer every week with two different softwares, always being very cautious and having never ever been hacked on anything in my life I am surprised as hell when i got an E-mail saying my account has been locked. I won't go into too many details but the only thing I could possibly think that did this would be me misclicking on one of the phising e-mails i get everyday which fortunately for me was blocked by my browser (IE8). Now since my browser already blocked the website, would it still have put a trojan or whatever on my computer considering I actually never even landed on the website?
Scammers have become very good at sending Blizzard replicated emails about your account being locked, closed, cancelled, etc. Your case sounds like purely a false replication by someone trying to get you to click on a link and login. If the email had a link anywhere in it, don't trust it. I've seen a few dozen of these that were brilliant replicas, but when I went to Blizzard's main site on my own, nothing was changed at all. The only time I would ever trust an email from Blizzard is if there are no links in the body of the message (defeating the purpose of the email, if it's a scam) and even then, never reply to it. Consequently, every time I cancelled or changed my account settings with Blizzard, the confirmation email they send has no links in it and doesn't ask me to do anything. I think those are the only emails you can trust at this point.
Another easy sign it is a fake email is when it says your account is under investigation, could be, or will be banned. They never send a warning letting you know what will happen, they will just investigate on there side, next thing you know your banned with an email to that effect. No warning at all. Then you can dispute it.
Yes, I log into my battle.net account from the official website when I get a E-mail that seems real just to make sure and this time i did exactly this when i indeed was hacked as once I changed my password as suggested i went to the armory to see what had changed ot find out my leatherworking was exachanged with mining and already at lvl 409. Also as you said, the official e-mail did indeed have no hyperlinks but actual link so i followed that.
Pretty unbelievable how bad it is getting. I have a junk folder filled with spam, over 120 emails, and there's about 5 emails every page of 20 that is a fake email acting as Blizzard from gold spammers. There is everything from IP warnings, to account warnings, to Cataclysm beta invitations, to cancellation notices, to purchase confirmations, etc. etc. This is why I say NEVER believe any email that says it is Blizzard or WoW. I'm starting to realize you can't even trust the ones without any links. You know he even funnier thing about this? I never used the email account receiving all this spam. My account has always been under a different email address, but I use the one targeted for most forum accounts. Pretty funny stuff, especially since I haven't played WoW in awhile. Checked my account just today by going to the main website (never click on ANY link anywhere else), and of course everything is fine. Crazy gold sellers are flooding the wrong email addresses even.
Not entirely sure you understood me right. I'm not making any distinction between a 'hyperlink' or an 'actual link' in an email from Blizzard. Don't use either one. Never go to a website by clicking on something in an email. I don't care if you think it's the US government saying you will be shot dead if you don't click on the 'actual' link to the white house. Don't believe it. That's how people get hacked by believing it's an 'actual' link because of how it looks. The only way to check your account is search for (google, yahoo, etc.) "world of warcraft" and go to the main webpage, or use a bookmark in your browser directly pointing to http://www.worldofwarcraft.com or http://www.blizzard.com. Never go to it any other way, or use any other website address, because anything within an email or alternate website can appear to be one of those two main websites but it will send you somewhere else instead i.e. an exact replica of the main website asking you for your account name and password. I keep getting the feeling this is what people keep doing and thinking they aren't doing anything wrong, when it's the #1 reason accounts get hacked.