Security, WoW and You

In light of more than a few phishing emails going out lately concerning the Cataclysm alpha (and more than a few people in game getting hacked), now would be a good time to talk about computer security and WoW.  Read on for some tips on how to prevent your account from being a victim.

The best offense is a good defense: Let us put the sentries to work.

Antivirus:

The first line of defense is a good antivirus, I highly recommend Avast – its free, the resident protection is amazing, and it updates itself automatically on a daily basis. Blizzard themselves recommend AVG. Either way – get a good antivirus, and make sure it’s always running and updated.

Anti-Malware:

A excellent compliment to the antivirus is a spyware and malware scanner. I highly recommend MalwareBytes – again, its free (there is a premium version), its heuristics (how it detects threats) engine is amazing and its constantly updated. I believe this is another utility that Blizzard stands behind.

Firefox/NoScript:

I recommend using firefox as a web browser. The most important reason is the availability of plugins. The most important one here is a plugin called “NoScript“. NoScript works just like it sounds – it blocks the execution of flash, javascript and vbscript unless specifically aloud by you. This means you can allow all your favorite sites without letting “untrusted” sites execute possibly malicious code without you noticing.

Authenticator:

Get an authenticator. Seriously, they cost six dollars and maybe 10 extra seconds when logging in. They are even free if you already own a iPhone or iPod Touch. (Note: As Blizzard says in the app – a jailbroken iphone/ipod is not a reliable authenticator.) I know a lot of the above may not seem convenient, but think of it this way: Would you rather spend a little more effort and time now when your character (and all your other personal data!) are fine, or a lot of effort and time later when you have to clean up the mess?

Not being the weak link in the security chain: A few words about social engineering and biting the worm.

Humans are the weakest link in security, its a known fact. Were susceptible to our own emotions and social conditioning. So lets say for the sake of argument you really like wow (not a far stretch here im assuming). Blizzard just sent you an ingame mailtelling you that you got a beta invite! AWESOME! –WAIT–. You almost got caught in a phishing mail.

Lets explain Phishing a bit. Its exactly like it sounds – the phisher puts a worm (say…a beta key or a star pony) on a virtual hook and waits for you (being the good fishy you are – you want that beta key right?) to bite. Now the account hack comes into play here in that – you will go to a website and enter your login credentials to claim your free key, pony, gold, or whatever was promised. IF YOU HAVE AN AUTHENTICATOR IT MAY PROMPT YOU FOR THAT TOO. Usually these sites look just like battle.net or worldofwarcraft.com enough to fool the average person. You log in, you get redirected to the real site, and your credentials are logged to a database somewhere. If you needed an authenticator to get in, the hacker may login with your code in real time and replace it with a new one. So now that you know the how and why, here is a handy list of what to watch for:

• Is this too good to be true? (Did I opt in for a beta? Are they REALLY giving away a $25 mount? Am I really going to get full T10.5 for free?)
• Is this an ingame whisper or mail? (Blizzard will NEVER ask you for credentials or communicate with you in this way for account related matters.
• Is this website a part of “Worldofwarcraft.com” or “battle.net”? (If its not, DO NOT enter any information.) A trick a lot of phishers use is to append the name to something else such as wwwworldofwarcraft.com, eu-battle.net, battlenet.net or something similar. MAKE SURE it is a blizzard official site. Pay attention to the address.

Tying up the loose ends:

Other helpful tips regarding security.

• Use different passwords for different things – if someone hacks your email, and its the same as your wow – or even your bank – you just handed them the keys to the castle.
• Change your passwords after a certain amount of time.
• If you logged into wow on someone elses computer – change your password when you get back to yours.
• Do not share account information with other people – if one person is easy to hack, two is easier.
• Do not buy gold and/or power leveling services. Not only is it a good way to get banned if your caught – it also gives the gold selling company a reason to hack more accounts. And power leveling hands over your account info as is, thats just stupid.
• Do not download pirated material. Besides the fact that its illegal, downloading pirated software, music or movies is a good way to get keyloggers on your system.
• Make sure your operating system and protection above are always up to date.

Thinking beyond WoW:

Besides the prospect of logging in one day to find your character naked in dalaran with not even a heroism badge left on him, keyloggers can capture other important personal data and open your computer to identity thieves. So, you may find yourself waking up one morning to ten credit cards worth of debt and an empty bank account. Protect yourself, its worth the extra effort.