Please use this thread to discuss account compromise issues. This can include phishing emails, account hack stories, scams, ETC. This is being done in an effort to consolidate the new posts being created daily on the same topic. Thanks.

Also, please remember our Rules of Conduct when posting.

I got one today for a Cataclysm beta opt in. It was well written and believable. A quick look at the link though and you knew it was a fake. Another quick look at the sender, hotmail.com, and it's delete time. The hackers are getting better at writing I see, but they still can't hide their BS links or the fact that they send it hotmail.

I get e-mails that are obviously phishing attempts, and out of curiosity and for grins, follow the links.  Then my browser goes HOLY SHIT WTF THIS IS SITE IS A FORGERY (paraphrasing of course).  Anyone else get this?

Originally posted by nAAtimus

I get e-mails that are obviously phishing attempts, and out of curiosity and for grins, follow the links.  Then my browser goes HOLY SHIT WTF THIS IS SITE IS A FORGERY (paraphrasing of course).  Anyone else get this?

Yes.. I got a couple. Funny thing is, I closed my accounts in July. It's my annual WoW break time, July through September too busy at work then vacations.. etc to play.  Anyway, so they are really phishing but in a pond with no fish. hehe

Originally posted by ZenNature

Just buy an authenticator.

[Mod Edit]

 It solves the problem for $6.50.

 

edit: Just want to note, paranoia is different from staying informed. As others have said in the other threads, it's a good idea to stay informed on how to protect your privacy, get a good anti-virus/spyware/malware program, and never trust email links when you can just go to the website on your own and verify if anything was changed.

 

Good site for tips on privacy concerns: http://www.truste.com/privacy_seals_and_services/consumer_privacy/privacy_tips.html

There are people WITH authenticators still getting hacked. The whole "KEYLOGGER!/Get an authenticator" dead horse/escape is getting tired. Yes, most people are dumb and think blizzard will give them FREE GOLDZ! by clicking the below link and logging in, but the last few months have been particularly bad and its time to stop passing the buck and actually look into the fact that accounts may be being compromised due to a security issue on Blizzards end, or a security hole in the login process itself.  (Before anyone goes "hurfderf but they need to report security breaches by law blahblah /internet lawyer* here, they need to report KNOWN security breaches, and within a timely manner. Not to mention they can play the "oh well we know about it but want to be ABSOLUTELY SURE" thing for a while as well before reporting jack) The "They're making tons of money!" conspiracy is bullshit, but the people spouting canned responses sound equally silly right now.

Originally posted by testmyluck

Good site for tips on privacy concerns: http://www.truste.com/privacy_seals_and_services/consumer_privacy/privacy_tips.html

There are people WITH authenticators still getting hacked. The whole "KEYLOGGER!/Get an authenticator" dead horse/escape is getting tired. Yes, most people are dumb and think blizzard will give them FREE GOLDZ! by clicking the below link and logging in, but the last few months have been particularly bad and its time to stop passing the buck and actually look into the fact that accounts may be being compromised due to a security issue on Blizzards end, or a security hole in the login process itself.  (Before anyone goes "hurfderf but they need to report security breaches by law blahblah /internet lawyer* here, they need to report KNOWN security breaches, and within a timely manner. Not to mention they can play the "oh well we know about it but want to be ABSOLUTELY SURE" thing for a while as well before reporting jack) The "They're making tons of money!" conspiracy is bullshit, but the people spouting canned responses sound equally silly right now.

The only currently-known way of hacking in to an account with an authenticator is a virus that intercepts the authenticator code, giving a person only a few minutes to login. You have to find a person with an authenticator, and without a decent virus/spyware program for that to work. That doesn't make it easy, or worth most people's while when there are still millions of other people that can get hacked with a simple email or keylogger. It's just a determent, like any anti-virus or spyware program. Nothing is full proof, but it helps a LOT.

Originally posted by DLangley

Please use this thread to discuss account compromise issues. This can include phishing emails, account hack stories, scams, ETC. This is being done in an effort to consolidate the new posts being created daily on the same topic. Thanks.

 

Also, please remember our Rules of Conduct when posting.

 i receive like 3 email every 2 or 3 day's about my account of wow, they always use a different kind of email and they try to get my password...what is strange is that i get those email only after i "resub" to the game for 1 month...

The fact is there is enough information out there for people to see for themselves why and how Blizzard implemented the Authenticator idea, and I've said all I need to say. I couldn't care less what people think about me or my opinions, and I have done enough research to know my statements are true so it doesn't matter to me if anyone believes it. If people want to say I'm wrong, it's their loss for making false assumptions and not researching it. I haven't even given much of a personal opinion on the issue because I don't play WoW anymore nor do I play any Blizzard game. I would just say play a better MMO if my posts were only about my personal opinion lol Nonetheless, I still found good value in protecting my account with an authenticator considering what I know about how they work and how inexpensive that solution is for the player.

I also think that even if I never play it again, $6.50 is a pretty ridiculously small amount to argue about. To me, it was worth the extra security even if SecurID was paying Blizzard to promote their security devices (completely unfounded rumor, but certainly a viable idea). I didn't find any such information, and only found a lot of information to the contrary, but in the end I might've bought it anyway because I can afford to try something out for $6.50. People drop a lot more money each week on lottery tickets with a much lower chance of getting anything in return. I wouldn't have been bent out of shape about it if it turned out to be a huge scam and not work at all. I also got a cool pet for almost half the price of their two other pets in the store. Kind of irrelevant since I don't know if I'll ever play again, but it was a pretty good deal any way you look at it. If you don't like the game enough to pay $6.50, then you definitely shouldn't be paying $15/month. Ditch the game completely, then it doesn't matter if anyone hacks your account.

To anyone who needs to post here... get a freakin authenticator. The smart phone version works great and I use it for Starcraft 2. It adds a grand total of 3 seconds to my login time, but I NEVER need to worry about my account.

i would like to blame blizzard too, but it was mine. i allowed a keylogger to get on my system sometime and never cared about virus or spam ware. someone got my email account reset my wow and aion accounts lost all my toons in wow, but still have the account . aion well they gold spammed the area to death i guess both banned forever. atleast aion sux so no biggie there . now i have spam and virus ware up to date always and auth for both accounts..  in wow

Saying you cannot hack an account that is tied to an authenticator is like saying you can't program a virus for a mac.  Or  remember when Microsoft said you couldn't hack the xbox360?  Or how about the news the ps3 has been hacked.  The point is there's no reason to really go after the people with the authenticator at the moment because so many other still run without it.  Your best bet, above and beyond anything Blizzard wants to sell you, is a little common sense...mixed with a good antivirus program.  Idiots that fly around the net and get their computer infected with herpes is what gets them hacked...it's not the lack of an authenticator.

I sincerely don't understand why people who know how to package a keylogger and get it onto someone's system would first attack WoW accounts...

If I was looking to steal some property virtually...my first thought wouldnt be..."Oh boy, im going to create a keylogger and get mad golds from people's WoW accounts." Does no one who plays WoW log into an online banking website? Wouldn't that be a way more productive thing to hack with a keylogger?

Except a bank account transaction is usually far easier to track than some random person logging into your wow...stealing everything and selling it for real world cash before Blizzard gets around to responding.  You have far more legal rammifications with real world money than virtual property.

Anything is possible. My accounts seem to only get hacked or compromised  when there inactive. I don't know how there doing it, but it has happened twice. It wasn't a keylogger either. The account was hijacked after the game was uninstalled and the harddrive wiped from the computer it was on.

Anyway if you have a smartphone then download the free authenticator app. It's easy to use and adds an extra layer of protection. If you don't have a smartphone do what you need to do. 

Originally posted by ZenNature

Just buy an authenticator. It solves the problem for $6.50.

[Mod Edit]

 

edit: Just want to note, paranoia is different from staying informed. As others have said in the other threads, it's a good idea to stay informed on how to protect your privacy, get a good anti-virus/spyware/malware program, and never trust email links when you can just go to the website on your own and verify if anything was changed.

 

Good site for tips on privacy concerns: http://www.truste.com/privacy_seals_and_services/consumer_privacy/privacy_tips.html

I agree. I haven't had any issues since I bought mine and $7 is totally worth it.

With the recent issues, I can say this.

I havent logged into this game for nearly 2 years, even though I still have a paying account(loyalty to guild, I guess).

Last few weeks I have seen a huge increase in Spam folder of "Official Looking" emails but have deleted them all.

Got an actual Official Email a few days agl from Blizzard saying my account has been compromised and I have been banned.

You do the math, the recent account issues are an internal problem within Blizzard that they are trying to cover-up, period.

Originally posted by ZenNature

Just buy an authenticator. It solves the problem for $6.50.

[Mod Edit]

 

edit: Just want to note, paranoia is different from staying informed. As others have said in the other threads, it's a good idea to stay informed on how to protect your privacy, get a good anti-virus/spyware/malware program, and never trust email links when you can just go to the website on your own and verify if anything was changed.

 

Good site for tips on privacy concerns: http://www.truste.com/privacy_seals_and_services/consumer_privacy/privacy_tips.html

 there is also a couple thats free, like last time i resubbed (no idea why played like an hour, heart just wasn't in it) i got the free one for my ipod touch from the app store.

Originally posted by Astralglide

Originally posted by ZenNature

Just buy an authenticator. It solves the problem for $6.50. Asshats and retards that think it's some conpiracy from Blizzard to make more money off the players haven't done their homework and just need to STFU. I don't give a damn about defending Blizzard, but people that get a kick out of making people paranoid for no reason really piss me off.

 

edit: Just want to note, paranoia is different from staying informed. As others have said in the other threads, it's a good idea to stay informed on how to protect your privacy, get a good anti-virus/spyware/malware program, and never trust email links when you can just go to the website on your own and verify if anything was changed.

 

Good site for tips on privacy concerns: http://www.truste.com/privacy_seals_and_services/consumer_privacy/privacy_tips.html

 

 

I agree. I haven't had any issues since I bought mine and $7 is totally worth it.

And there's a free iphone/iPod touch/DROID app for authenticators.  No reason not to do it.

Here's another tip, aside from the obvious, buying an Authenticator, using good AV and other security sortware, don't click links, etc... Get an email address specifically for your game account and don't use it for anything else, type it anywhere or give it out to anyone at all. I know I'll hear some derision for this but I use Hotmail as a dummy account for things like signing up for sites, F2P and other game accounts I don't care about, etc and it catches 99.999% of phishing emails and other spam that it gets, including the one's for WoW. Regarding WoW phishing attempt emails, on that Hotmail account, I get at least a couple a day, and I've had the account for several years and I can only remember one or two that ever got by their built in phishing/spam filter. I'm not usually one to tout MS products, but I gotta tell it like it is, and Hotmail isn't bad in that regard. In fact I'd say considering the track record I've seen it's damn good... and free.

Use Firefox with AdBlock, FlashBlock and NoScript... ditch everything else, especially Internet Exploder.

Originally posted by Kleos7

I sincerely don't understand why people who know how to package a keylogger and get it onto someone's system would first attack WoW accounts...

If I was looking to steal some property virtually...my first thought wouldnt be..."Oh boy, im going to create a keylogger and get mad golds from people's WoW accounts." Does no one who plays WoW log into an online banking website? Wouldn't that be a way more productive thing to hack with a keylogger?

Easy answer to this: International Law

Foreign citizen messes with an online game, their home nation probably doesn't care.

Foreign citizen messes with an international bank, home nation can be more apt to pressing criminal charges.

If you've got someones account info, and they've temp canceled the account, and never changed the password, and you can make a few quick bucks with a slash/burn job through their characters, thats far more profitable for less risk than going after someones bank account.

The companies that buy/sell gold aren't stateside operations, and they're also the ones who will do the most damage. Buy gold one day, 3mo later if you haven't changed your account PW, guess what, you login naked on a level 1 you never made.

Personal tips I give my friends:

• If you're planning on canceling your sub, sweep your comp for spyware and change your password before the time lapses. The people stealing your stuff aren't in a rush, as long as the PW they jacked from their keylogger is current, they can just log in whenever.
• Authenticators are the best option, because the code is only good for 1min, which means if your comp does have the man-in-middle virus on it to steal your code as you enter it, they are under a much stricter time-line than your average phishing attempt.
• Account sharing is not supported for a reason. It doesn't have to be your computer that gets compromised if you share your info with people. Your box may be lockdown secure with a 26 digit pw for windows. Your guildie who convinced you to let him log onto your account doesn't have a windows password and has more spyware active than people who bought the sparkle pony mount.