Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsPopular scams and how to avoid them
by Robin Torres 
Jun 12th 2009 at 5:00PM
What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.
His con works for 3 reasons:
- He seems respectable. He is a well-dressed, articulate, minor celebrity. With this veneer of respectability, he is able to get the initial information and subsequently convince the victim, Nancy, that the forgotten nerd sitting next to her at school has sprouted into a catch.
- The victim sees value in what the con artist is offering. Nancy wants to date a celebrity or at least a successful man and is therefore both available as a victim and incautious with her information and actions.
- The victim is unaware that the information has been stolen. In the case of this movie, she cannot remember any previous iterations of the day.
Your WoW account is under investigation
An email gets sent to one of your email addresses (not necessarily the one you have attached to your WoW account) that says something like: "An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded." The email either asks you to email them your account information or it includes a link to an official looking phishing site designed to steal your info. This is essentially the same scam that has been going on for a while. It comes from what looks like a respectable source, though the only valid email would be wowaccountadmin@blizzard.com without any double "v"s or misspellings. You value protecting your account, so you give your info to this supposedly trusted source. They then use your info to steal your account.
Avoid by: Calling Blizzard directly. If your account is really under investigation, Blizzard will tell you on the phone. For more details, please see this post from Blizzard about fake emails.
In-game mail from a misspelled guildie
You receive mail from a player whose name is spelled very similarly to a guildie or friend -- perhaps with a special character or off by one letter. The mail includes a website to go to for a special deal or to look at a picture or something similar. The site either contains a keylogger or it is a phishing site. Again, when this con works, it is because it is from a source you trust (a guildie), it contains value for you (guildies often send you to interesting websites) and, if you are incautious, you are unaware that your information has been stolen until after it is. This one grabs a lot of active guildmembers because guildies often have hard to spell character names or even alts that are just misspelled versions of their mains.
Avoid by: Verify any in-game mail you get that contain external links by checking your guild roster. Also, you should have an in-guild policy that limits external links to the member restricted area of your guild forums only. In all cases, don't enter your account information unless you go to the Blizzard website directly and scan your computer daily/nightly using any of the freely available virus/malware scans.
Invite/promote request from a misspelled guildie
This one targets your guildbank and not your account. You receive a whisper, from someone who is again spelled very similar to a guildie, to have his alt invited and promoted. The imposter then cleans out your guildbank. You are basically being punished for being a considerate guildie in this situation.
Avoid by: Make sure that all invite requests come from someone in your guild roster. A quick look at your online list will show you if that person is online and will allow you to compare the names. Also, keep a category in your guild hierarchy specifically for alts that does not have access to the valuable tabs in your guildbank. It is only a mild inconvenience for main members to mail their alts anything they need.
Spectral Tiger Mount for sale in tradechat
A high level, server-known player offers up a Spectral Tiger Mount (or any other highly valuable, tradeable in-game loot) for sale at a price that is high enough to be believable, but low enough to be tempting. When contacted, the seller only asks to verify you have the gold before agreeing to send you the code via out of game email. The email contains a code and a link to a phishing site. Your account is then hacked, cleaned out and used to scam the next person. This scam gains a lot of credibility by using hacked accounts that are high level to conduct the transaction. A lot of otherwise careful players are taken in because the excitement of a great deal causes them to be incautious. For further information on this scam, read an interview with one of the actual scammers.
Avoid by: Always be extra careful when a deal seems too good. While there are legitimate sellers of these valuable items at good deals, they will usually conduct the transaction in-game. Again, only go to the Blizzard account sites directly -- never click a link in an email.
Helpful links in the comments and forums
Some of the links in the official forums and the comments here at WoW.com have been put there specifically by shady social engineers to lure unsuspecting readers into a trap. The links go to sites that contain keyloggers that download while you are loading the site. Or they are phishing sites designed to steal your information. We delete the comments that contain them when we catch them, but we don't always catch them.
Avoid by: It is safest to never click on a link in the comments or forums. But if you think it is to a trusted site, then type in the address manually, just to be safe.
Goldsellers and leveling services
Captain Obvious laughs at players who are surprised to learn that the underhanded companies offering services that are against the ToS are the same ones who are hacking accounts. Where else do you think the gold is coming from? The easiest marks for these companies are the people who use their own services, since they are voluntarily giving their information and Blizzard won't protect them.
Avoid by: Don't buy gold! Seriously. Earning gold and leveling your characters get easier with each patch. And if you think that goldbuying is a victimless activity, just scroll up and re-read. These scams wouldn't exist if there weren't a market for their stolen goods.
WoW scammers (and the most common real world criminals) need your cooperation to get your account info, so the biggest hole in your account security is you. Protect your personal data at all times. And use safety nets for when you make mistakes, like regular virus scanning and the Authenticator.
Play Safe!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Account Security
Reader Comments (Page 2 of 6)
jjcoola998 Jun 12th 2009 5:22PM
Sorry for the post but had to show this shirt :D
http://ecx.images-amazon.com/images/I/41YwXX2V-vL._SS500_.jpg
Kage Jun 12th 2009 5:24PM
Lol is that a phishing site >_>
Matthew Rossi Jun 12th 2009 5:36PM
See, I had no idea a Spectral Tiger sells for $900.00 and I have no idea how much gold sells for. 5k gold seems like a lot to me. I wouldn't fall for the scam because I don't care about vanity mounts, but you're mistaking intelligence and common sense for available information, not everyone will know everything you do. I don't care enough about mounts and gold prices to look for the information you have, as an example.
Robin Torres Jun 12th 2009 5:24PM
I'll stop writing about scams when people like you stop scamming. I promise.
tatsumasa Jun 12th 2009 5:26PM
did it ever occur to you to simply quit being dishonest? you can justify it all you want, but just because someone leaves their front door unlocked doesn't mean the robber who comes in the middle of the night isn't to blame. it's still YOUR fault. you hurt people, real people. and no amount of naivety on the victim's part makes them deserve what you do to them.
Superthrust Jun 12th 2009 5:27PM
Well, just saying. I myself, not a scammer. I deal with them. Most are good people feeding off people's stupidity.
But you have to admit i make a point. Like the guy's post below with the link to the shirt that said "There is no patch for human stupidity", its right. Some people, no matter how many times they are told, are just too "stupid" to pay attention to the signs.
Matthew Rossi Jun 12th 2009 5:34PM
"Well, just saying. I myself, not a scammer. I deal with them. Most are good people feeding off people's stupidity."
They sound like thieves to me. It's not okay to steal from people just because they're not as smart as you are.
Newchron Jun 12th 2009 5:40PM
Good people don't take advantage of stupid people.
Superthrust Jun 12th 2009 5:44PM
Well, like i said. Don't shoot the messenger. And down voting my post won't help much. If people can't see the warning im trying to provide to people, then your helping the scammers by not allowing a voice of warning to be heard.
And there is honor among thieves. Some only take gold and what not. Others take accounts, resell, and etc.
And should be ok for people who aren't smart enough to keep their common sense and all that straight. If they cannot keep their account's in their control through the NUMEROUS emails, in game mails, MOTD's, "Breaking News", waves of hackings, etc. that are brought to their attention BY THE GAME'S MAKER, then what makes you think they will listen to you here?
Don't get me wrong, admirable attempt, but i think its going overlooked and people wont pay attention to it. Sure, you have your "lambs" following you in these comments, but ill guarantee that if someone worked on them long enough, they would fall like the rest. You look look into the EvE Online social engineering plan that brought down the LARGEST corp in the game...it took about 2 years and tore it apart. That is the extent some are willing to go.
If you won't take the advice of someone who is trying to help and has degrees for security and all that, then you are setting yourself up for disaster.
Magresda Jun 12th 2009 6:14PM
I like how you speak of yourselves as if you actually were something - not just a group of script kiddies scamming people for VIRTUAL money and selling it to make marginal profit.
People, stop speaking of these scammers as if they were anything at all - they are the scum of the earth, you really can't sink any lower.
Take a look at this thread; (link edited out)(don't have to click, see below)
The website is home to one of the largest scamming communities in WoW, it's where the lowlifes gather to discuss their recent scamming methods. It's also where you can find information on just about any scam. See where I'm going with this?
What is the safest way of assuring you will never get scammed? Learn all the scam methods yourself, naturally! Not "learn" as in using them, but reading this forum just once a month. Not only will you be immune to almost every scam out there, but you will also get a disturbing look into the lives of these losers.
Due to the very nature of this post, I'll save you from having to click that link (mods, feel free to remove it if you do not wish to have it here). In "Superthrust"s very own words:
"Can't we target them or something and screw them over? They are not only getting out of hand but annoying as well"
Another user replies, seemingly interested and Superthrust replies with:
"...I am talking of a full scale operation, to attack / scam / hack / phish these tools at WoWinsider. They think they can just spread their cheeks and let their rays of sunshine flow into people's minds allowing them to be immune to scamming, yet they have no idea how stuff is done and what they are getting into."
You see? How low can you sink?! "omg guys thez pplz are talking crap about scamming LETS PHISH THEM!!!"
Okay that's enough - mods feel free to remove any and all references to websites here, I just wanted to share my methods of not getting scammed. I do NOT condone scamming, I despise anyone who does it. Visiting that site is merely a precaution I take as to avoid being scammed myself, and it's something I recommend everyone do.
TEJ Jun 12th 2009 6:13PM
I've no idea why the peanut gallery decided to downvote this post since it's infinitely more informative than the article itself.
Gonna remind myself that 50% of people are dumber than the average person who is dumb enough as it is.
Matthew Rossi Jun 12th 2009 6:18PM
"And should be ok for people who aren't smart enough to keep their common sense and all that straight. If they cannot keep their account's in their control through the NUMEROUS emails, in game mails, MOTD's, "Breaking News", waves of hackings, etc. that are brought to their attention BY THE GAME'S MAKER, then what makes you think they will listen to you here?"
Better to light a candle than curse the darkness. People are, by and large, human. They get tired, they get frazzled, they are often occupied with more than one issue. It never hurts to remind them that there are unscrupulous thieves, the kind of people who would break into homes and steal money and items if they thought they could get away with it, out there setting up scams.
"And there is honor among thieves. Some only take gold and what not. Others take accounts, resell, and etc."
Doesn't matter. Theft is theft. Saying "I only steal gold from your account" to justify stealing from people would be like me smacking you upside the head and taking your wallet. "Hey, I COULD have KILLED you." Just because there are worse things than theft, it doesn't excuse theft.
Frankly, the 'stupid people deserve it' line amuses me. It's a justification offered for a morally reprehensible behavior. Preying on people because they didn't know better is like stealing from children.
cynmoon Jun 12th 2009 6:31PM
@Superthrust re:EVE
That's not so much long term scamming as it is the fact that Goons are asshats. I should know, I'm marrying one. :-P
Comparing scamming to EVE doesn't quite work. In that scenario those were two corps actively trying to bring EACH OTHER down.
A fool and his money may soon be parted, but does that mean he deserves it? No. Good people don't scam random people. Messing with your friends for kicks? Sure. Messing with a corp that's messing with you? Sure. Hacking the account of somebody you've never had contact with before? No, "good" people don't do that.
Not all hacks are obvious. I'm still not sure how it happened to me. I don't follow links people give me (Rick Roll me once, shame on me...) I don't d/l anything from sites I don't know (didn't even use Curse until recently), I virus check everything before I open it, and I don't give my password out to anybody, nor would I enter my password into anything that wasn't actually the game (I haven't had a need to check the official WoW site in... nearly forever? Last time was a paid character transfer over a year ago, and before that who knows?). All I know is I logged my tailor character out in Shatt, and logged back in the next morning to find my password changed, and then my character in Nagrand, a miner with a hearth that had been used within the last 10 minutes. And they got rid of everything but what I was wearing. Even my Twill set! :'( And despite immediately opening up a ticket, and the fact that I was wearing items I had crafted myself, they couldn't restore my tailoring for me, I had to re-level it.
Changed all my passwords, bought an authenticator and haven't had a problem since. I'm thinking I had a duplicate password somewhere, and entered it into a site that may not have been as secure as I had thought (like here, or AOL). Now I have no duplicates, and I'm constantly randomizing my passwords. Paranoid? Maybe. But I'll be damned if I have to re-level tailoring. :-P
Superthrust Jun 12th 2009 6:38PM
Cyn, the goons are awesome. I talked to them a few times, and seemed cool pack to me. Their demise wasn't cause of "scamming" it was espionage and playing both sides...from the INSIDE...thats what made that so effective...it was a perfect example of "Every man has his price".
cynmoon Jun 12th 2009 7:41PM
@Superthrust
No, seriously, Goons are asses. They'll tell you that themselves. It's the whole point of being a Goon. They're griefers, it's what they do, and they do it well.
Superthrust Jun 12th 2009 7:52PM
which is why i love talking to them in game. I know they are asses. I know they say that about themselves. I know their main point in game is give everyone else the worst time they have ever had.
Thats why i like them. They don't sugarcoat anything. The internet is a bad place for people who can't take it, and EvE just makes it that much more larger and unforgiving.
Magresda Jun 12th 2009 8:33PM
Superthrust,
I don't know what to say to you, other than that you have a very twisted view of reality. You seem paranoid, you think everything is about being "best" and not "stupid" and your ethics and morals haven't developed past the "goldfish" stage.
While my knowledge on EVE is limited, I do know enough to realize that the behavior you are describing is part of the game - you however, seem to worship it in a twisted way. Sugarcoating? What you describe has nothing at all to do with sugarcoating. The internet is only as bad as you make it, we're not in a war and there's no "every man for himself".
You seem to have inabilities to separate the real world from virtual worlds. Here's the thing: the minute you scam someone out of their WoW account, something they spent real money and time on, we step out of the virtual world and into the real one.
I've read comments and posts made by you on other sites, and they are far more disturbing than what you are talking about here. Everything you write sounds like it's coming from someone playing a game. It's only a game until you decide to bring it into the real world by scamming, and at that moment you have to grow the fuck up and realize that you're not playing a game anymore.
Killchrono Jun 13th 2009 4:21AM
Fun fact, I searched Superthrust's profile and found this quote in another article about scamming.
"People are stupid. Whoever falls for stupid ideas, tricks, etc. should be punished. I went and scammed a guild leader of the top horde guild on the Arathor server. (name not mentioned!)
This is should be voted UP to warn all people, I do not do it randomly, i target people. Some others might do the same. Keep your account safe, and be wary."
So, what was that you were saying about 'dealing' with scammers?
Killchrono Jun 13th 2009 4:26AM
Sorry, meant to say the above quote was directly from Superthrust himself. Here he is getting high-and-mighty about scammers and denying he does it, yet this quote directly contradicts what he's saying in this article.
I suggest you decide which story you wanna run with from now on before perpetuating your BS.
cynmoon Jun 13th 2009 2:05PM
@Superthrust
The difference with EVE and WoW is that there are INGAME mechanics to scam people in EVE. It's the point of the game. You're a space pirate. You're using ingame mechanics to take territory, money, ships, whatever. Goons use every in-game mechanic to scam and steal from BoB (formerly) and pubbys who don't know any better. That's the game you are playing, and that's what you're signing up for when you play.
In WoW, you're not doing that. You're scamming people who didn't sign up for it, and who aren't expecting it. And that's where the difference lies.
That's the difference between running a casino vs lifting someones wallet. Oh, it was just lying around in their back pocket so they totally had it coming, right? I mean, they should have know to keep it secured to their person with a chain and then vacuum sealed so nobody could get into it. I mean, that's the completely safe thing to do, so they should have done it. What rubes.