Recently we've had several posts about being hacked, guild banks assaulted, and Blizzard's typical response. The Customer Service Forum is filled with threads started by desperate World of Warcraft players seeking the return of their accounts and belongings as a gesture of goodwill. It is our responsibility to keep our accounts safe from hackers.
I speak from experience when I say that being hacked is just dreadful. Although it is usually possible to have your account returned, there is usually significant damage done in the process. In the past, even Blizzard employees have had their accounts compromised. This post is designed to help you do the best you can to protect your World of Warcraft investment.
The key used to create your account is essential in the event of a compromised account. Blizzard will ask for this along with a copy of your photo ID. You must use your legal name for your World of Warcraft account. Keep your authentication key with other important documents, or some other safe place. Though it may seem that you're done with your account key once you enter Azeroth, you never know when you may need it.Password Protection
- Make sure your password does not contain words from ANY dictionary (forwards or backwards)
- Use letters, numbers, AND symbols - Simply adding a string of numbers at the end of the password is typically not enough to guarantee security.
- Make your password at least 8 characters long - The longer the password, the more tries it takes to guess the password. Keeping your password over 8 characters will increase the difficulty in guessing your password.
- Avoid common number/letter replacements. (i.e. 1 and I, 3 and e)
- Do not use any keyboard sequences (i.e. qwerty
- Do not use your own account name - Using your own account name in your password, even if it is followed by other words or numbers, increases the chance that a hacker can guess your password.
- Avoid repeating small sequences of characters (i.e. abcabc)
Social engineering is when hackers gather information about someone in order to help narrow down their potential passwords. For this reason you should also avoid using your name or names of people close to you as part of your password. Using any information about you that is easily obtainable, such as your birth date or nickname, is like inviting a socially-engineering hacker to access your account. Remember to change your password often.
That being said, most WoW account attacks come from a special breed of hackers known as keyloggers. Keyloggers traditionally use spyware to record the strokes of your keyboard and store them for their own personal use. The spyware is often installed on your computer by clicking on links or visiting URLs that often appear to be WoW-related. Eyonix reminded us on the public forums to be particularly wary of URLs ending in ".jpg.html" and ".scr." Those are often linked to keylogging programs.
Keylogging programs generally operate as java scripts. A good way to avoid getting keyloggers is to run a Mozilla based browser with the NoScript plugin. NoScript adds extra security by allowing the user to select which scripts will be run. You may chose to run scripts from only trusted sites, just don't get in the habit of always accepting a script. For this measure to be successful, all users on your computer must remain diligent and use a secure browser when surfing the internet.
The bad news is that many believe that the keyloggers we face in WoW are non-traditional. Rather than collecting keystrokes, they gather your information as it is submitted to Blizzard for authentication. At this time I can find no reliable source for this theory. I will be happy to update this post if someone can find a good source for this information.
Blizzard recommends that you keep your operating system up to date. You should perform regular Windows updates (or Software updates for Mac users). It is also imperative to maintain up-to-date anti-malware software on your computer. Malware is a general term for any program that harms a computer or its data. I will leave it to the comments to post their preferences for programs. Just pick a good one and use it.
There are some other ways to protect your account from intrusion. If you can, avoid logging into your WoW account or the World of Warcraft official site from foreign computers. You don't know where they've been. Be smart about spoof emails and phishing attempts. If it doesn't come from worldofwarcraft.com it is probably not legit.
Addons are frequently used in the game and many are accepted by Blizzard. Be sure to use reputable ones. Blizzard suggests that you always use the default launcher to start the program.
Many believe that Macs are more secure than PCs. My understanding is that fewer malware programs are created for Max OS's than for Windows, which makes them somewhat less vulnerable to attacks. Whichever the case, Mac users do get attacked, and there is no excuse to be lax with security.
What to do if you suspect you've been keylogged:
- Don't panic and try your password again
- Use official means to retrieve your password
- Assess the damage, make a list of what you've lost
- Make a copy of your account key and picture ID
- Contact Blizzard's account services department
- Scrub your computer for malware
- Wait for a response
If you receive a negative response, don't give up hope, and contact account services again
Rest assured that there's a special place in Hell for keyloggers. I like to believe it's an eternal bubblegum-rock concert featuring four Goblins and Ashlee Simpson.