Scanning my computer every week with two different softwares, always being very cautious and having never ever been hacked on anything in my life I am surprised as hell when i got an E-mail saying my account has been locked. I won't go into too many details but the only thing I could possibly think that did this would be me misclicking on one of the phising e-mails i get everyday which fortunately for me was blocked by my browser (IE8). Now since my browser already blocked the website, would it still have put a trojan or whatever on my computer considering I actually never even landed on the website?

Originally posted by Gabby-air

Scanning my computer every week with two different softwares, always being very cautious and having never ever been hacked on anything in my life I am surprised as hell when i got an E-mail saying my account has been locked. I won't go into too many details but the only thing I could possibly think that did this would be me misclicking on one of the phising e-mails i get everyday which fortunately for me was blocked by my browser (IE8). Now since my browser already blocked the website, would it still have put a trojan or whatever on my computer considering I actually never even landed on the website?

Scammers have become very good at sending Blizzard replicated emails about your account being locked, closed, cancelled, etc. Your case sounds like purely a false replication by someone trying to get you to click on a link and login. If the email had a link anywhere in it, don't trust it. I've seen a few dozen of these that were brilliant replicas, but when I went to Blizzard's main site on my own, nothing was changed at all. The only time I would ever trust an email from Blizzard is if there are no links in the body of the message (defeating the purpose of the email, if it's a scam) and even then, never reply to it. Consequently, every time I cancelled or changed my account settings with Blizzard, the confirmation email they send has no links in it and doesn't ask me to do anything. I think those are the only emails you can trust at this point.

Another easy sign it is a fake email is when it says your account is under investigation,  could be, or will be banned.  They never send a warning letting you know what will happen, they will just investigate on there side, next thing you know your banned with an email to that effect.  No warning at all.  Then you can dispute it.

Originally posted by ZenNature

Originally posted by Gabby-air

Scanning my computer every week with two different softwares, always being very cautious and having never ever been hacked on anything in my life I am surprised as hell when i got an E-mail saying my account has been locked. I won't go into too many details but the only thing I could possibly think that did this would be me misclicking on one of the phising e-mails i get everyday which fortunately for me was blocked by my browser (IE8). Now since my browser already blocked the website, would it still have put a trojan or whatever on my computer considering I actually never even landed on the website?

 

Scammers have become very good at sending Blizzard replicated emails about your account being locked, closed, cancelled, etc. Your case sounds like purely a false replication by someone trying to get you to click on a link and login. If the email had a link anywhere in it, don't trust it. I've seen a few dozen of these that were brilliant replicas, but when I went to Blizzard's main site on my own, nothing was changed at all. The only time I would ever trust an email from Blizzard is if there are no links in the body of the message (defeating the purpose of the email, if it's a scam) and even then, never reply to it. Consequently, every time I cancelled or changed my account settings with Blizzard, the confirmation email they send has no links in it and doesn't ask me to do anything. I think those are the only emails you can trust at this point.

Yes, I log into my battle.net account from the official website when I get a E-mail that seems real just to make sure and this time i did exactly this when i indeed was hacked as once I changed my password as suggested i went to the armory to see what had changed ot find out my leatherworking was exachanged with mining and already at lvl 409. Also as you said, the official e-mail did indeed have no hyperlinks but actual link so i followed that.

Pretty unbelievable how bad it is getting. I have a junk folder filled with spam, over 120 emails, and there's about 5 emails every page of 20 that is a fake email acting as Blizzard from gold spammers. There is everything from IP warnings, to account warnings, to Cataclysm beta invitations, to cancellation notices, to purchase confirmations, etc. etc. This is why I say NEVER believe any email that says it is Blizzard or WoW. I'm starting to realize you can't even trust the ones without any links. You know he even funnier thing about this? I never used the email account receiving all this spam. My account has always been under a different email address, but I use the one targeted for most forum accounts. Pretty funny stuff, especially since I haven't played WoW in awhile. Checked my account just today by going to the main website (never click on ANY link anywhere else), and of course everything is fine. Crazy gold sellers are flooding the wrong email addresses even.

Originally posted by Gabby-air

 

Yes, I log into my battle.net account from the official website when I get a E-mail that seems real just to make sure and this time i did exactly this when i indeed was hacked as once I changed my password as suggested i went to the armory to see what had changed ot find out my leatherworking was exachanged with mining and already at lvl 409. Also as you said, the official e-mail did indeed have no hyperlinks but actual link so i followed that.

Not entirely sure you understood me right. I'm not making any distinction between a 'hyperlink' or an 'actual link' in an email from Blizzard. Don't use either one. Never go to a website by clicking on something in an email. I don't care if you think it's the US government saying you will be shot dead if you don't click on the 'actual' link to the white house. Don't believe it. That's how people get hacked by believing it's an 'actual' link because of how it looks. The only way to check your account is search for (google, yahoo, etc.) "world of warcraft" and go to the main webpage, or use a bookmark in your browser directly pointing to http://www.worldofwarcraft.com or http://www.blizzard.com. Never go to it any other way, or use any other website address, because anything within an email or alternate website can appear to be one of those two main websites but it will send you somewhere else instead i.e. an exact replica of the main website asking you for your account name and password. I keep getting the feeling this is what people keep doing and thinking they aren't doing anything wrong, when it's the #1 reason accounts get hacked.

Originally posted by Palebane

[Mod Edit]

Although I am completely with you that Activision-Blizzard is really only about money anymore, I am sorry to inform you that stopping hackers is actually quite a bit harder than simply throwing money at the problem.  The authenticators were actually a good idea, but the keylogger / auto login virus is really rather neatly done and effective.  The hack is considered a man-in-the-middle attack at the end-users computer...therein lies the primary problem with any of the security efforts (even the best companies that truly focus on security)...the end-users computer is not under Blizzard's control and can be compromised.

To some of the more interesting posts claiming that no hacker will spend their time trying to hack into the authenticator, I have a rather simple question...why has it been done already?  The first confirmed report of the hack was back in March and it is still happening.  It is real because the hacker spent a few dozen hours to write something that hacks into a process most people think is so secure, they become lazy about the rest of their security.  Now the hacker sits back and waits for his program to tell him that he can log in (probably logs into the game for him...giving him plenty of time before the login times out).  Sell everything, send money to his toon, delete all characters in the matter of a few minutes.  Rinse and repeat.  Now he has plenty of gold to sell for real cash.  Total initial time was probably 40-80 hours, and he's probably getting an equivalent of $100-$200 an hour thereafter.  Probably spend 100 hours or so before Blizzard figures out how to interfere with his virus...time well spent on his part...

Originally posted by Dysanweb

Originally posted by DLangley

Please use this thread to discuss account compromise issues. This can include phishing emails, account hack stories, scams, ETC. This is being done in an effort to consolidate the new posts being created daily on the same topic. Thanks.

 

Also, please remember our Rules of Conduct when posting.

 i receive like 3 email every 2 or 3 day's about my account of wow, they always use a different kind of email and they try to get my password...what is strange is that i get those email only after i "resub" to the game for 1 month...

 

 I stop playing WOW a couple of years back. I very rarely recieve any of these types of emails, let alone ones targetting WOW. However, about two months ago I started to play again and the day after I created my account on battle.net I started to recieve these emails. Since then I've been getting about two or three a day (99.9% of then targetting WoW).

As such it's obivous to me that there may be way for people to see what email address are been used to sign into battle.net. I still cannot see any reason why they changed to signing in using your email address. To me, all it did was removed one level of security.

Originally posted by nAAtimus

I get e-mails that are obviously phishing attempts, and out of curiosity and for grins, follow the links.  Then my browser goes HOLY SHIT WTF THIS IS SITE IS A FORGERY (paraphrasing of course).  Anyone else get this?

 You better have your compter very secury before you follow these links for grins.

My co-worker also clicked such a link from email and closed the browser as soon as he got the forgery warning.

However, his characters were stripped the next day. Aparently just visiting the site was enough for malware to be installed on his computer.

Just remember that any leaks in browsers are usually fixed only some days after someone has fallen victem to them.

Originally posted by ZenNature

Originally posted by Gabby-air

 

Yes, I log into my battle.net account from the official website when I get a E-mail that seems real just to make sure and this time i did exactly this when i indeed was hacked as once I changed my password as suggested i went to the armory to see what had changed ot find out my leatherworking was exachanged with mining and already at lvl 409. Also as you said, the official e-mail did indeed have no hyperlinks but actual link so i followed that.

 

Not entirely sure you understood me right. I'm not making any distinction between a 'hyperlink' or an 'actual link' in an email from Blizzard. Don't use either one. Never go to a website by clicking on something in an email. I don't care if you think it's the US government saying you will be shot dead if you don't click on the 'actual' link to the white house. Don't believe it. That's how people get hacked by believing it's an 'actual' link because of how it looks. The only way to check your account is search for (google, yahoo, etc.) "world of warcraft" and go to the main webpage, or use a bookmark in your browser directly pointing to http://www.worldofwarcraft.com or http://www.blizzard.com. Never go to it any other way, or use any other website address, because anything within an email or alternate website can appear to be one of those two main websites but it will send you somewhere else instead i.e. an exact replica of the main website asking you for your account name and password. I keep getting the feeling this is what people keep doing and thinking they aren't doing anything wrong, when it's the #1 reason accounts get hacked.

No, I understand what you saying and like stated I only log on using the official website to see if my account is actually in jeopardy but when your hacked you HAVE to use the link blizzard sends you as its one of those specially made links like verification ones websites send you. Also, the link I went on was indeed Blizzard's as my account was restored after doing what that E-mail told me to. It's been a couple of days and I still haven't found how I was hacked aswell, but like other people said it seems when I clicked on the phising link that was enough to compromise my account. But how exactly it got my information without putting anything on my computer is beyond me.

How to keep your wow account from getting Hacked, Kelogged, OR Stolen.

1. Buy a blizzard Authinticator, its like $5, or $10 dont remember but its cheap, and saves you trouble.

2. Use a Registered account different from all games if you wish.

3. Never Reply, or Click on any Links in wow suspension emails, You can tell if its a scam if you put mouse over, and the link has over codes in the link, or goes to another website, for example World OF Warcraft Scam Example This link takes you to msn, except theirs takes you to a fake website, most emails say you have been suspended,banned, or warned, ect.

If you have questions about banned/suspension go to www.worldofwarcraft.com Dont click them, simply delete them.

Also placing your mouse over these fake links will show the website at the bottom of your internet explorer page, and there are other ways to tell too.

Also check the spelling of the weblink.

Never type your password in on these sites, or user name.

4. Dont login from public Computers.

5. dont use Remember account name, and remember password. Why? MD5 Encryption sucks, and anyone can login to your account if they get your files.

6. Dont use addons from curse gaming, without Blizzard Authinticator, this is the way my account was compromised twice from their addons, I am 100% sure of this because Until I got one I keep getting keylogged, none of my dozens of other games were compromised, and it was one of their addons not sure which, but once i got this my account compromise was over, or any addons on general, nothing is 100% safe if it did not come from blizzard.com

7. Get a good Anti Virus, Over the years, I recommend AVG Internet Security, Vista, Windows 7, And or Zone Alarm for Firewall. McAfee, Norton I hate them, they also have NOD32/Eset Anti Virus never tried it but I hear its good.

There are free programs called HiJack This, Comm View, and Adaware Free edition to check for spyware, and such. Comm View checks for spyware which is relaying data without consent but requires a little experience to use it, and monitor packets, although it costs for that one.

8. Get a Router Seriously, Get one that Blocks pings from your Computer/Network, and DDOS attacks, Update its firm ware, turn off wireless mode unless your using it, and if you are enable encryption, and disable public.

9. Clear your Cookies, Dont Disable UAC, Clear History, Clear Temporary Files, Run Disk Cleanup, Clean Registry.

Spyware, and spyware sites can use Cookies, and simple Java Script, or Tool Bars to send Data, Keylogg passwords, and such. An experienced or some what experienced programmer can do this realy easy.

10. programs like Bonzi Buddy, Commet, Smiley Central, Tool Bars, like MSN Tool Bar, yahoo ToolBar, ASK.com ToolBar, and such slow down your browsing, and some of these can compromise security MSN is good, it just slows down browser experience about 00.5 Seconds maybe a bit more, and If you dont mind that its fine, but all the toolbars are not needed, if you want to use a search engine just go to that site, and google is the best IMO.

Watch what you install, Read the Agreements, TOS, EULA, Dont use Punk Buster, although people will say its okay it can lead to computer compromise, and there are alternatives like Steam, which I have used since 2005.

Commands For Run Menu, to improve performance Windows Vista, some work with XP.

Msconfig, Startup, disable what you dont use, Services as well hide all microsoft services, dont mess with what you dont know.

%TEMP% Vista, might work on XP, delete all your Temporary Files, where spyware might hide often.

Vista, Command Prompt SFC/scannow This checks system for errors, and attempts to fix them.

Defrag Often, and Use ScanDisk at least once a month most recommend some every week, but if your really careful you dont have to do any of this often. I recommend Perfect Disk for such, it costs money, but its a tiral, and its the best I have ever used personally.
 

Keyloggers do not always show up on Anti Virus, or spyware scans, and if I still played wow, I could easily find out which addon did this to me, and I would have that person.

While some people may disagree with some of these things, it is what I do, and the only time I have ever been compromised is by my own mistakes, such as installing addons, not having an authinticator, or being stupid with programs like Emerald Viewer which is spyware developed by Emerald Team/Skills Hak, and Second Life, which has hacking on a daily basis there. If you do what is said here to prevent your own compromise, you shouldn't have a problem, as never has a game account besides my wow account ever been compromised before due to addons, which work and send data when wow loads only.

And Last, if your account has been compromised for sure follow the steps here.

http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20460

 Here is an example of a scam email and what to look for.

Also I forgot to say, dont Put your email public profiles, or on the internet, Spam bots will get your email, and you will get these type of spams as well. 10minutemail.com for temporary email accounts, and or create a new email you dont mind getting spam for myspace and such public sharing. To see if your email is on the spam bot list google.com search for your email there. Often people have done these type of things, also buying from gold sellers.

 Here is an example of how gold farmers find you, and attempt to compromise your account. Also 1 compromised account can mean more than one banned account from  wow if someone buys that gold off a website, and Blizzard tracks it to them.

Last Im not going to say its impossible to hack a wow account still even with all these steps, Knowing your basic RL Info, I could gain access with a simple phone call to Blizzard/Troll, and a dumb person on the other end. Also its not impossible that authinticators will work forever,  someone could crack the one time use codes some how, and that is one reason you never give out your Code for your authinticator in the back of it, but if someone working for them did some illegal stuff, or  gave the knowledge of how these worked out, or their database some how got hacked, this could still happen, although if no type of compromise happens at the players end, it is highly unlikely that this would happen from Blizzards Servers, but not 100% Impossible, as anything can be hacked. I have seen some really good troll calls to companies RL, and seen people get banned,suspended over such, or compromised in the past.

This should be renamed to "I`m retarded and click each and every link I get in the mail without checking the actual URL" Thread.

one addon from curse that I KNOW for sure is truble is called "Ignoremore".

with an authenticator I had an attempted attack when I enabled it, a week later i enable it again, another attack within hours.

I'm copying and pasting this from a locked thread since it will just get buried, but hopefully not this one.  I've browsed through most of this post and haven't seen anyone mention using a sandbox so I just wanted to let people who go through this type of inconvenience know what alternatives they have beyond a virus protection suite so I recopied my post in the locked thread here.

Originally posted by Slovenc

dont want to pay for a authenticator and the guy got my password because of a keylogger if u know what that is... so ye i scanned the comp found the keylogger yadayadayada and now im palying my free month yepi lol

If you are going this route you better make sure to have better security on your end. I suggest running or even installing your pirated stuff,  if you're into that sort of thing... along with your browser in a sandbox via Sandboxie. And make sure you are running the NoScript Add-on through Firefox.  If you have an iPhone or an Android you can get the mobile authenticator software for free I believe I don't know for sure because I don't have an Android, an iPhone, or the Authenticator.  But beyond using an Authenticator, Sandboxie or sandboxing (chroot for unix/linux) in general will always be a very integral part of computer security and should be used even when not playing games.  Becoming exposed to any sort of keyloggers is a serious issue, and doesn't need to be taken lightly by just using an authenticator for a quick fix.  Once you get going with Sandboxie for awhile, and start to experiment with it you'll learn some very helpful tricks that you'll find are better than almost any other protection out their beyond CPU hogging live virus scan software (if you're on an older machine that's what it will do) or unplugging your line.

Sandboxie 3 Part YouTube Review 1,2,3

Mobile Authenticator Location

Login to your account via Battle.net then you'll see this link click it, then it will bring you to another screen where you click this first.

Then this second.

You could also look into KeyScrambler:

Taken from QFX Software Website

How KeyScrambler works

KeyScrambler encrypts your keystrokes deep in the kernel, as they enter the computer.

It then decrypts the keystrokes in the destination application, so you see exactly the keys you've typed.

Whatever keylogger might be waiting along the crucial path in the operating system has only the encrypted keys - "scrambled" and indecipherable - to record.

http://www.qfxsoftware.com/

But the fact is I've never tried it, and don't have a license for the more advanced portion of the software.  It almost sounds to good to be true, but again I don't have any experience with it.

first off it's BS the 2 threads accusing blizzard of being behind the hacking are locked.  They were different topics than this one.

Secondly now that other people mention it, i tend to agree.  I had my account hacked last year.  I hadn't been playing the game in like 4 months and they had a come back free for 7 days thing so i installed wow and logged in.  It showed my account as active under some other promotion, i thin resurrect a friend or something and i didn't think anything of it till i logged in and my characters were all naked.  I hadn't played the game in 4 months and they had just gotten around to hacking in then?  I'm an IT professional, specializing in security for the last 15 years.  I know how to check for keyloggers and i've never had one, i don't get the stupid phishing emails to the email address i actually have my wow account and yet somehow i was hacked?

Would love to have that one explained to me as to how they managed to hack my account 4 months after i had been playing when i had no keylogger and no virus.  I definately think blizzard is behind it to sell authenticators.

Originally posted by vanderghast

first off it's BS the 2 threads accusing blizzard of being behind the hacking are locked.  They were different topics than this one.

 

Secondly now that other people mention it, i tend to agree.  I had my account hacked last year.  I hadn't been playing the game in like 4 months and they had a come back free for 7 days thing so i installed wow and logged in.  It showed my account as active under some other promotion, i thin resurrect a friend or something and i didn't think anything of it till i logged in and my characters were all naked.  I hadn't played the game in 4 months and they had just gotten around to hacking in then?  I'm an IT professional, specializing in security for the last 15 years.  I know how to check for keyloggers and i've never had one, i don't get the stupid phishing emails to the email address i actually have my wow account and yet somehow i was hacked?

 

Would love to have that one explained to me as to how they managed to hack my account 4 months after i had been playing when i had no keylogger and no virus.  I definately think blizzard is behind it to sell authenticators.

But the authenticators are free. Theres an application for the authenticator for smart phones that you can just download on there. So how does that statement work? Even then they do have to pay for shipping, so the amount they make off of them wouldn't be worth it. I really doubt a company that large would risk making a small amount of money by doing something like that. 

---

Originally posted by vanderghast
 I definately think blizzard is behind it to sell authenticators.

---

Nah... that's tinfoil hat territory: unreasonably paranoid. On the other hand, I consider it highly unlikely that the magnitude of this problem can be dismissed as "user error."

Others have said it well (in the locked thread.) It is very likely that an underpaid and/or disgruntled or just plain greedy "insider" is feeding some info to spammers for profit.

I recently reactivated my account after a one year absence. During the time I was away I received zero (0) WOW phishing emails but within 2 days of reactivating I started receiving the obvious "there has bean a complain about youse" scam emails at the email address I use for WOW... how did this happen so quickly? I use no add-ons, have never bought gold and am pretty careful with AV software, use a secure router, etc.

The simplest explanation I can come up with is that someone at Blizz/Battlenet sold my email address and the fact I had just activated to the scammers and/or is responsible for the scams him/herself.

I'm not accusing Blizzard itself of doing a calculated money grab. I find that premise ridiculous if for no other reason than the potential rewards (a buck or 2) just don't justify the risks of permanent damage to their reputation.

But every organization of any size--and Blizz is rather large--has liars, thieves and other scum....

So summing it up, imho...

Blizzard itself doing it: zero chance
Nothing but user error: zero chance
Some user error: yes
Some insider selling info: yes

my account got hacked, could not get ahold of blizzard by phone for a week, finally sent emails, they replied to me saying that the email address on the account does not match mine therefore there is nothing they can do for me.  So the hacker changed the email address, blizzard wouldn't do anything, so i am officially done with that company.

Originally posted by Panther2103

But the authenticators are free. Theres an application for the authenticator for smart phones that you can just download on there. So how does that statement work? Even then they do have to pay for shipping, so the amount they make off of them wouldn't be worth it. I really doubt a company that large would risk making a small amount of money by doing something like that. 

Not everyone has a smart phone.  So for those that don't the cheaper alternative OTP device looks much better on your bottom line.  And it is a waste of money when you could put that money to other software/device purchases that deal with security as a whole instead of just one program/game.

Originally posted by vanderghast

 

Would love to have that one explained to me as to how they managed to hack my account 4 months after i had been playing when i had no keylogger and no virus.  I definately think blizzard is behind it to sell authenticators.

Simple, most people use logins across multiple services and many services are not all that secure. Website databases are breached constantly just to acquire email address lists to sell for spamming and the login info is usually sold right along with it. Not to mention simple to aggregate information such as forums and such which list metric information for other users to see.

An IT professional should realize how often people create their own security holes as well as the fact that people do not routinely update their passwords and such. Every month I have to force R&D employees to change their passwords and have it setup to reject previously used passwords to maintain a basic level of security maintenance.