Let's explore the common hacking methods of the bad guys and introduce some simple and easy steps on how to help prevent character loss and down time.
How do WoW accounts get hacked?
Keyloggers or keystroke loggers are covert pieces of software that sit in memory, logging your keystrokes when you enter the game or when you enter the Blizzard account or forum web sites. The keylogger then sends this information out to the bad guys. Many people wrongly believe that keyloggers only look for your password when you enter the game, but more commonly than not, they intercept it when you enter the Blizzard forums or account pages on the official web site.
Keyloggers are often included in the functionality of malware called "Trojans". Trojans are pieces of software that are designed to look like legitimate software but have backdoors for malicious functions.
Reputable antivirus software will detect keyloggers as soon as they attempt to install themselves and will often identify them as trojans. There are plenty of good, free antivirus products out there but if you sometimes get what you pay for. In fact, there are many scam products out there that appear to be antivirus products which are actually keyloggers themselves. I recommend sticking with the major commercial antivirus vendors such as Symantec, McAfee, Trend Micro, Sophos, AVG and Kaspersky. If you think you might have a keylogger then most of these vendors have a free online scan that you can use to check your system - in fact, it is best to try a couple of these free scans to be sure.
Also note that some newly developed keyloggers may not be detected by antivirus software so don't rely on it 100%.
But how did you get the keylogger in the first place? There are several ways that you can pick one of these up:
- You opened an email attachment that launched this software on your machine.
- You downloaded and launched the software thinking it was something else. For example, you may have been browsing a web site that prompted you to download a "codec" to watch a video. You excitedly clicked on the download and then the "run" button, only to find that the video still did not play. In the background, you just installed a keylogger.
- Your browser or some browser application such as Flash was not patched for a certain vulnerability and you browsed a page that automatically launched and installed the keylogger.
- You downloaded what you thought was an addon, that strangely asked you to run some installation package.
Don't think you are perfectly safe if you have a Mac either. While the Microsoft operating systems have traditionally been the target of most malware, Macs are beginning to increase in popularity for malware writers.
The Blizzard authentication token is a great way to protect against a keylogger. The authenticator helps provide two-factor authentication. Two-factor authentication is far more effective since it requires two pieces of information from two different sources - in this case, something that you know (your regular account password) and something that you have (the authenticator generated password). The added security comes from the fact that the authenticator changes its password every 60 seconds - so even if the keylogger captures the authenticator password it is only valid for a very short time.
If you have a iPhone then you can pick up the free Blizzard Battlenet Authenticator application from the iStore.
The phishing site
Phishing is the process of using deceptive methods to acquire sensitive information, in this case your game account details.
For example, you saw a notice in trade chat or received a whisper saying that you have won a competition to win a spectral tiger mount. All you have to do is visit a web site and type in a special redemption code. You go to the site, it looks legitimate, you enter the code and it then asks you for your account name and password so that the tiger mount can be mailed to your character. STOP! This is a phishing site with one aim - to get you to type in your username and password so they can log in to your game account.
A similar ploy is the email that reads "Official email from Blizzard. Your account has been suspended. Click here to confirm your details and unlock your account". Again, you click on the link in the email and it looks like a legitimate Blizzard site... but it is nothing but a scam.
It often takes a trained eye to spot a fake web site. Be extra cautious when any site asks you for your account details. I know of only three sites that should ever require your game password - worldofwarcraft.com, blizzard.com and battle.net. If the URL is anything other than these then it is highly likely to be a phishing site that you are visiting.
Again, the Blizzard authenticator provides great protection here since phished authenticator passwords are only valid for a very, very short time.
You have shared your account password with a friend or a leveling service. You never changed your password and now your friend is no longer a friend or the leveling service had other intentions. The solution here is - don't share your username/password with anyone. Choose a password that can't be easily guessed by your friends and enemies.
Also, be sure to use a different login/password combination when you subscribe to Blizzard fan sites. There are hundreds of fan sites and not all are reputable. Even reputable fan sites with username/password databases are a gold mine for successful hackers.
The Ten Steps - Don't become a statistic
Here are ten simple steps you can do to reduce the chance of your account being compromised:
- Don't share your game password with anyone and pick a password that is not easily guessed
- Don't use the same password for subscribing to fan sites
- Keep your operating system, browser and other software fully patched - start with Windows Update
- Run a reputable antivirus product, preferably a full internet security suite with a firewall and keystroke encryption
- Don't click on email attachments, especially when you don't know the sender
- Don't download and run executable files from web pages
- Don't enter your game password into any web site other than the official game sites
- Don't enter your game password to a legitimate Blizzard web site from a PC that may be compromised
- Be very suspicious if an addon requires some form of install package to be run
- Invest in a Blizzard authenticator or install the Battlenet Authenticator application on your iPhone
Update: You can also purchase this as an application for many mobile phones at mobile.blizzard.com.